dns and iptables

| categories: software

I recently fall again over the following statement:

iptables -I INPUT -p udp --sport 53 -j ACCEPT

We all know that this is a compromise. Also working and much better is to get dns with a state match through your firewall:

iptables -I INPUT -p udp -m state --state ESTABLISHED --sport 53 -j ACCEPT

whith this little trick UDP is not so wide open as before. I would guess that you can still pass through many firewalls on UDP just by setting your source port to 53.


keyctl wtf?

| categories: code, software

2 more wtfs, this time in keyctl pse have a look:

$ keyctl list @u
1 key in keyring:
175445478: --alswrv 0 0 user: d395309aaad4de06
$ keyctl list 175445478
185 keys in keyring:
4: key inaccessible (Required key not available)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
0: key inaccessible (Invalid argument)
10: key inaccessible (Required key not available)
0: key inaccessible (Invalid argument)
64: key inaccessible (Required key not available)
2: key inaccessible (Required key not available)
90575192: key inaccessible (Required key not available)
-1289718489: key inaccessible (Invalid argument)
1226118138: key inaccessible (Required key not available)
1367941247: key inaccessible (Required key not available)
185619277: key inaccessible (Required key not available)
-395441912: key inaccessible (Invalid argument)
745876651: key inaccessible (Required key not available)
2130504598: key inaccessible (Required key not available)
-837867635: key inaccessible (Invalid argument)
-1322709961: key inaccessible (Invalid argument)
-405937745: key inaccessible (Invalid argument)
-1943943650: key inaccessible (Invalid argument)
1965794927: key inaccessible (Required key not available)
1320268544: key inaccessible (Required key not available)
-172599692: key inaccessible (Invalid argument)
-2138721474: key inaccessible (Invalid argument)
892941156: key inaccessible (Required key not available)
1631137843: key inaccessible (Required key not available)
878993761: key inaccessible (Required key not available)
909141348: key inaccessible (Required key not available)
571539456: key inaccessible (Required key not available)
1716864051: key inaccessible (Required key not available)
119: key inaccessible (Required key not available)
$

The kernel documentation makes it clear:

     Each key is issued a serial number of type key_serial_t that is unique for
the lifetime of that key. All serial numbers are positive non-zero 32-bit
integers.

Userspace programs can use a key's serial numbers as a way to gain access
to it, subject to permission checking.

So first, if I am not wrong I would have guessed that it should show the key with the ID 175445478 not all the others. And secondly it looks like the output accidently uses int instead of unsigned int.

But Wait, there is more:

$ keyctl show
Session Keyring
70665221 --alswrv 0 0 keyring: _ses
184578637 --alswrv 0 65534 \_ keyring: _uid.0
175445478 --alswrv 0 0 \_ user: d395309aaad4de06
tanja:~# man keyctl
tanja:~# keyctl add user foobar barfoo @u
545549103
$ keyctl show
Session Keyring
70665221 --alswrv 0 0 keyring: _ses
184578637 --alswrv 0 65534 \_ keyring: _uid.0
175445478 --alswrv 0 0 \_ user: d395309aaad4de06
545549103 --alswrv 0 0 \_ user: foobar

Every other tool I know tries to prevent key data from being shown in the process list by not passing cleartext passwords as commandline arguments, maybe for keyctl rules are different.

So far for this interesting experience. I still hope that I am wrong and everything is fine as soon as I dig deeper.


ecryptfs-add-passphrase returns sig [d395309aaad4de06] for test

| categories: code, software

Right now I am a bit annoyed, because I have read the installation manuals for ecryptfs. Most of them point to something like:

$ echo -n test | ecryptfs-add-passphrase 
Passphrase:
Inserted auth tok with sig [d395309aaad4de06] into the user session keyring
$ echo d395309aaad4de06 >> ~/.ecryptfs/secret.sig

basicly you later tell mount which passphrase to use via ecryptfs_fnek_sig=d395309aaad4de06,ecryptfs_sig=d395309aaad4de06

Maybe I am totally stupid, but for me, for the moment it looks as if signature actually means CHECKSUM. And it looks like this one is even worse than the one in your /etc/shadow. It may get better if your password is actually long compared with that checksum, but I would guess: most user passwords are not.

However I would be happy to learn that I was concerned for nothing.


brought nat64 to live

| categories: code, misc, software

I just brought my first ever NAT64 up and running!

64 bytes from 64:ff9b::808:808: icmp_seq=501 ttl=57 time=1.42 ms
64 bytes from 64:ff9b::808:808: icmp_seq=502 ttl=57 time=1.48 ms
64 bytes from 64:ff9b::808:808: icmp_seq=503 ttl=57 time=1.50 ms
64 bytes from 64:ff9b::808:808: icmp_seq=504 ttl=57 time=1.43 ms
64 bytes from 64:ff9b::808:808: icmp_seq=505 ttl=57 time=1.36 ms
64 bytes from 64:ff9b::808:808: icmp_seq=506 ttl=57 time=1.51 ms
64 bytes from 64:ff9b::808:808: icmp_seq=507 ttl=57 time=1.55 ms
64 bytes from 64:ff9b::808:808: icmp_seq=508 ttl=57 time=1.45 ms
64 bytes from 64:ff9b::808:808: icmp_seq=509 ttl=57 time=1.53 ms
64 bytes from 64:ff9b::808:808: icmp_seq=510 ttl=57 time=1.35 ms
64 bytes from 64:ff9b::808:808: icmp_seq=511 ttl=57 time=1.35 ms
64 bytes from 64:ff9b::808:808: icmp_seq=512 ttl=57 time=1.37 ms
64 bytes from 64:ff9b::808:808: icmp_seq=513 ttl=57 time=1.56 ms

it can ping googles nameserver now.
V6 only infrastructure is coming.


using gnupg as a privacy guard

| categories: code, misc, software

Two days ago I cleaned up my key management. I created new gnupg keys and I figured out that gnupg is able to deal with many more things than I thought of today.

You can use the Keys in you GPG storage to authenticate your ssh logins. You can use the Keys for signing and ancrypting with both PGP and S/MIME standards.

The GPG Agent keeps your keys painlessly locked away when you are not using them for a while, but I do not have to enter my passphrase every minute just to check my mail.

There is only one Option that I really miss: I want to authenticate against Facebook, Google and others via using GnuPG, it is the obvious next step. That means a Webbrowser who is aware of Gnupg and a multipart signed mime post request. There are rumors that browsers already have such a thing, but I was not able to find anything on the net.

So my private keys are now saver than before. But lets start from scratch:

  • everyone uses electronic signatures, on webpages and for your eBanking
  • most people do know nothing about electronic signatures
  • not knowing is is dangerous

If you don't know anything about Public Key and Signatures you definately watch this:

An electronic signature is the other way round, you encrypt private and decrypt public.

How easy is that? The only big issue is, that you have to keep your keys save.

So far, cu next time. Oh by the way, my new GnuPG Key is:

  • ID: 5F94E76B Keygrip: 977A0623F543190A41D7DE2A0D297B023E9868DD

Hack Attack

| categories: code, software

Security is a Bastard! Only two weeks ago, I did some major upgrades to my internet server system. I improved especially my root passwords to a 6 digit random generated one, hoping that it would take a few years to get all the combinations done with that 3 seconds delay. WRONG WRONG WRONG, but my old setup was even worse.

It took them 14 Days, on a system with only ssh open! how? Because I was a naive. The MaxSessions parameter did misslead me a bit to belive that it means connections but a session is not a connection, so hey, lets open a thousand connections, and every connection trys 3 passwords, much faster!

So what did I do to prevent this from happening again:

  • Setting the PermitRootLogin back to without password
  • creating a special user who provides me access to su so I can get root in case of key loss
  • the special user has no obvious name, you can guess it.
  • 8 character random generated passwords
  • adding the following iptables rule:
iptables -A INPUT -p tcp -m tcp --dport 22 \
--tcp-flags FIN,SYN,RST,ACK SYN \
-m connlimit --connlimit-above 10 \
--connlimit-mask 32 --connlimit-saddr \
-j REJECT --reject-with icmp-port-unreachable

And that as a default on all systems. This will work until the next one comes along.

se ya.




Very odd perl experiences

| categories: code, software

Sometimes really odd things happen:

I am still testing if this perl expression:

my $obj=eval "Some::Object->new()"; 

may be responsible for serious segmentation faults within perl for AIX. pls stay tuned.


my UnUn for vertical antennas

| categories: hardware, amateur radio

Yesterday during a few drinks after our regular CW operators meeting in Vienna I told a friend how I wind Baluns (yes I know this one is an UnUn) So here is a picture first:

theunun

I wind this by rolling some wire usually with 4 windings per coil over my Hand. I then fix that Wire ring with insulation tape. depending on how long it should last I add plugs.

I use this UnUn usually together with a 6,5 or 10 m antenna wire and some Antennatuner as near as posible to the UnUn.

UnUn1-9_circuit

Usually 1:9 transmission is good enough to get good reports even with QRP Power on the 80m band.

The UnUn you see in the first picture also has a connection for 1:4 and 1:16 transmission, as shown in the next circuit diagram:

UnUn_multi_circuit

I am using this UnUn on almost all of my mobile operations. and it seems to have a good performance, however I would not try to place it on a metal plate.


yet another key

| categories: hardware, amateur radio

This time it is from the Ukraine, I got it on a flea market in Altlengbach last weekend.

IMG_20140825_100510

I bought it because of that really HUGE antisparking filter box below that key, and really, as I thought. it is exactly 70mm x 120 mm which is happily the size of for example a small MA12 Tranceiver http://www.qrp-shop.biz/MA-12-Minimal-Art-TRX

It is as far as I have googled a Soviet TKF Key manufactured between 1988 and 1992 by Cherkassy Telegraph Equitment. I wonder what they plan to key with that. But the key has a good feeling and will surly key a MA12 as mentioned above.


picture of the cw fieldday in bruck

| categories: misc, amateur radio

Here a late picture of the CW fieldday in Bruck/Leitha where the participants of the course in which we learned CW made a fieldday in the end of July where we started using our new skills.

IMG_20140726_203956


the hard ride

| categories: ratbike, rideout

I could not let this parking in my friends shop, so here it is, my new chinese heist Bobber:

IMG_20140825_101714

Tech Specs: - 250cc - Petrol unfortunately - hardtail frame

It make a lot of fun riding it. If I would act logical I would drive a shared car, when I need one.


Aixam Engine

| categories: dieselbike, ratbike

Yesterday I bought a Kubota Engine at Willhaben.at I guess it is a Z402 from Aixam. A first test revealed, that it perfectly fits into my old Ural frame, without any modifications.

IMG_20140615_130559

IMG_20140615_130619

IMG_20140615_130627

IMG_20140615_130640

IMG_20140615_130650

So even if I don't wanted to build on a russian bike base again, because there are so many more things to do to get something relieable, than just putting the parts together,
the thing is, I have most of the Parts here now.

I also have the Front of a variomatic, to play around with.



APRS Messages going to be delivered....

| categories: software, amateur radio

...even if you sending radio is already turned off.

This is possible thanks to the Brand New APRS Gateway for QTC Net that is running in Test operation for 500 km round of vienna.

As soon as a call sends some beacon message whatever, pending messages in QTC Net the Gate tries to deliver them via APRS.

If you wand to use the other way round you have to set a QTC Net Alias.

You may set up your own QTC Net Node and Gateway in your own local area. http://www.qtc-net.org/


A Telegram Network for Ham Radio

| categories: code, software, amateur radio

A few weeks ago I launched the QTC-Net Project. Which is a Telegram Network between Ham Radio operators.

http://www.qtc-net.org/

The Idea was simply this:

  • 4 operators A, B, C and D. A has a message for D.
  • A is talking to B, telling him the message B then puts the message in the network
  • C is talking to D, C will fing the message to D in the network and tells it D

Coding such a thing is more difficult than it looks like. especially if it should be decentralized, unencrypted (ham radio requirement), and easy to use.

so we will se what the future brings... :)


Features for a Sonic Screwdriver

| categories: hardware, misc

In this post I will collect ideas what we can build into a sonic screwdriver today, to make it a really useful tool.

  • TV-B-Gone the famous TV on off switch is easy to integrate, and makes a good effect.
  • A mechanical screwdriver (nothing special)
  • A laser pointer
  • A flashlight
  • A pen
  • A USB storge
  • A small radio scanner
  • A voltagetester
  • Some capacitive buttons on the side to control screwdriver functions
  • morse code controlled embedded shell
  • a sound amplifier that you can use for various things even for finding telephone cables
  • motion sensors and blinking leds
  • screwdriver OS
  • mp3/ogg player
  • a recording and playback device
  • speed indicator
  • electronic compass
  • GPS sensor with cw output
  • infrared temperature sensor
  • crypto infrastructure (signing and encryption of data)
  • optical mouse pointer
  • a camera
  • some sort of status display or laser beamer
  • a wire cutter
  • add on interfaces....

so far, I'm sure i will get more ideas soon....


Debian Architectire Change i386 to AMD64

| categories: hardware, software

Last week I upgraded the Debian System on my Laptop from i386 to AMD64. Some people may say: "this never works" but from a technical point of view it should not be a problem in a well packaged linux environment, so I started to try it out.

Basically you have to exchange every binary on the system with the 64bit version. which means that you have to reinstall every package on the system. All of the config files user data and some databases in /var should stay as they are.

My first Problem was the Kernel. My original Kernel that I used was 32 bit only. The Debian AMD64 Kernel freezes during Hardware detection. I think there is some problem with the Firmware Loader infrastructure and 64bit. ifconfig does not return when the firmware cant be loaded. (note to myself: report that to the kernel people) The compiler suite could only produce 32 bit binarys and therefore 32 bit kernels by default. I think there is a way to let it produce 64 Bit binarys but I simply used the Kernel from a grml life system.

After I could boot a 64bit system I was able to debootstrap a new Installation to the harddisk, download a kernel source and compile a fresh 64 bit kernel.

I then installed the same packages on the bootstrapped system as there are on the original one. therefore I fetched a package list with aptitude, stripped out all automatic installed packages and did an apt-get install on the bootstrapped 64bit system. Sorry that I cant write down every command I used for this but I didn't make to many notes, but you are surely an awakened head so you may figure out the right shell commands for yourself.

I planned to use /etc and /home as well as the mountpoints in /media as they are. /var needs to be migrated for the LDAP Database Log, Cups and Mysql. /usr/src and /usr/local schould be delivered from the i386 System. All the other Files should come from the new system. In /etc the /etc/ld.so.conf.d should come from the new system, the passwd and group should come from the old one, especially the passwd is a bit tricky.

Because some of the users are installed dynamically, userids change from the old system to the new one. A good solution would have been to copy the passwd directly after bootstapping, but i missed that point, so I had to adopt all the userids of the existing (amd64) system users to the UIDs on my old system. I did that with "find -uid" by finding all filed owned by all old uids, giving them a temorary new uid. I then mapped all temporary uids to the old (i386) passwd database. With that two step process I ensured that I do not switch an existing uid to another one I have to chane later.

I later discovered that the alternatives system is also messed up a bit at the moment, I have to fix that, but it does not harm operations at the moment.

After copying all the files together all I had to do was to make the new system bootable, create a new initrd, recompile any customized packages (like wmii-hg) reboot, and experience the really fast amd64 performance.


The Vertical Dipole

| categories: hardware, amateur radio

I plan for a while to try out another vertical concept, since I figured out, that my 6.5 Meter Vertikal having some trouble coming to its full performance because my Truck roof is definately not enough for Bands below 17 Meters.

The Question of the right radials on a multiband vertical is a good question, it should be \$\frac{1}{4} \lambda\$ most of the designs simply add verticals for each band to the design. You could also use an earth tuner to match your antenna to your vehicle, note to me: schedule some experiments with earth tuners on the sidecar radio outfit.

An other way is to look how dipoles are tuned and adapt it to a groundplane antenna. So you can use some radials with exactly the same length as the antenna, and than feed it with a balancer unit. I did it with my antenna, and it worked almost well, almost because the 1:1 voltage Balun I used maybe was not the best choice, but it worked anyway. The main problem I had with the groundplane design where the radials. 6.5 Meter to every direction means lots of extra space around my truck, I can't reduce length with couls because the coilsize debends on the frequency. And the only Idea I had for the mechanic of the radials was the use of tensioned wire.

So I need a design which is playing without radials! A vertical Dipole for example. With a feed in the middle. There is a vertical \$\frac{1}{2} \lambda\$ monoband design available in Rothammels Antenna book which feeds the antenna with koax cable right through the bottom dipole element. The design is basically the same as with a normal dipole exept that it is vertical and the feed is not coming from the side. So should be capeable of multiband work by adding some sort of Balun some sort of Tuning to the feed point.

This raises to questions: How to tune, and how to do the Mechanics. The Mechanics question was solved by ordering a Havy Duty 10 M GFK Mast at dx-wire.de. the mast costs about 70 € but alows rapid development of different antenna designs with much cheaper materials than the aluminium tubing, I used since then. I can now use old RG213 Coax cable or speaker cable as antenna element for example. I also ordered the portable 10m version from dx-wire which soon will improve my portable antenna situation soon.

The next problem to solve was the matching problem. I want something which I can control from the shack. It is possible to place a symetric autotuner at the feed point i decided against to make the feedpoint simpler and lighter. If you match in the schack you have higher losses on the Koax cable. The choice which death to die was finally made by the large collection of available Unsymetric autotuners, and the time i had available. I can still add some extra antenna tuning in the next project, when I know how the whole thing plays. Ham Radio is still an experimental Service, so what.

I build an antenna with two 3,65 m long elements. This length should work from 10-15 Meters. it is a little bit to short for 17-20 and 20 Meters. At 40 meters there is still a little less than \$\frac{1}{4}\lambda\$ left, but a single element is to short. On 80 Meters such an antenna will be some sort of wet towel, but still better (longer) than my other 80m solutions.

IMG_20130801_220331

IMG_20130801_220355

I decided to use RG213 cable for the upper element. The schielding radiates the waves the inner conductor is left unconnected. The case of the Feed is made of waste pipe and sealed cable feedthroughs.

IMG_20130801_205416

The lower antenna element is a bit more tricky, I stripped 3.65 m copper schielding tube over the ecoflex feed cable and isolated it with shrinking tube:

IMG_20130801_222027

IMG_20130801_224536

The next part the (first) balun. A 1:1 Voltage balun. 8 Windings per Coil 50mm waste Pipe.

IMG_20130802_211539

IMG_20130802_211539

The whole antenna setup:

IMG_20130803_003955

IMG_20130803_114921

Now to the Problems did start:

I could match the Antenna only with a Manual MFJ T-Match not with the Autotuner I want to use.

  • With 1:1 Voltage Balun Fail 40 Meter
  • With 1:2 Voltage Balun Fail 15 and 80 Meter some bands not optimal
  • With 1:5 Voltage Balun Fail on 80 Meter and some bands not optimal

Then I tried a Current Balun:

From 10-40 Meter best match, 80 Meter is not working. So I tried out to add the Coil of the manual L-Matchbox which I build 1.5 years ago. The SWR indicator is moving, so I need more inductivity. I killed an old CB-SWR Meter (I have lots of them) and found an old Ferrit ring in my shack, and made a coil. I build in a Switch that plugs in the 80m inductivity betwen the inner conductor from the Matchbox and the inner conductor to the antenna.
With that coil and the Matchbox SWR was almost good, so I added more windings and more and more until I had 2 ferrit rings full of cable and still the manual Matchbox in the system. I did't know the \$\mu_r\$ of the ferrit rings but from my calculations I expected something about 90 windings, to much for that ring. Which after several days of experimenting, leads to a more radical solution:

IMG_20130817_094307

Match!!

IMG_20130817_101743

Because ham radio is still experimental I did not add any shielding to that gigantic coil. 80 windings on 11cm waste tube, It seems to work, and it is disabled on the higher bands. I surely will soon find out how bad/good or however this setup performs. ;-)


Next Page »