Username Always stay logged in
Password:

 

Pages: [1] 2 3 ... 10
 1 
 on: February 23, 2013, 05:45:58 PM 
Started by martinc - Last post by martinc
Code:
ISO="ubuntu-12.04.2-desktop-amd64.iso"
IMG="ubuntu-12.04.2-desktop-amd64.img"
DISK=/dev/disk1

hdiutil convert -format UDRW -o "${IMG}" "${ISO}"

diskutil list

diskutil unmountDisk "${DISK}"

#ridsk instead of disk can be faster
dd if="${IMG}" of=/dev/rdisk1 bs=1m

diskutil eject "${DISK}"

 2 
 on: February 07, 2013, 11:22:13 AM 
Started by martinc - Last post by martinc
smcFanControl is just what it sounds like, a way to control your Mac's fan. However, I work on systems frequently and manually setting the speeds through gui is tedious at best so heres the "config" file, as it were, set at 200rpm intervals

Mac stores said files at ~/Library/Preferences (/Users/<your_username>/Library/Preferences)

com.eidac.smcFanControl2.plist
Code:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>AutoStart</key>
<true/>
<key>Favorites</key>
<array>
<dict>
<key>FanData</key>
<array>
<dict>
<key>Description</key>
<string>MainFan</string>
<key>Maxspeed</key>
<integer>6200</integer>
<key>Minspeed</key>
<integer>1800</integer>
<key>menu</key>
<true/>
<key>selspeed</key>
<integer>1800</integer>
</dict>
</array>
<key>Title</key>
<string>Default</string>
</dict>
<dict>
<key>FanData</key>
<array>
<dict>
<key>Description</key>
<string>MainFan</string>
<key>Maxspeed</key>
<integer>6200</integer>
<key>Minspeed</key>
<integer>1800</integer>
<key>menu</key>
<true/>
<key>selspeed</key>
<real>2000</real>
</dict>
</array>
<key>Standard</key>
<integer>0</integer>
<key>Title</key>
<string>2000</string>
</dict>
<dict>
<key>FanData</key>
<array>
<dict>
<key>Description</key>
<string>MainFan</string>
<key>Maxspeed</key>
<integer>6200</integer>
<key>Minspeed</key>
<integer>1800</integer>
<key>menu</key>
<true/>
<key>selspeed</key>
<real>2200</real>
</dict>
</array>
<key>Standard</key>
<integer>0</integer>
<key>Title</key>
<string>2200</string>
</dict>
<dict>
<key>FanData</key>
<array>
<dict>
<key>Description</key>
<string>MainFan</string>
<key>Maxspeed</key>
<integer>6200</integer>
<key>Minspeed</key>
<integer>1800</integer>
<key>menu</key>
<true/>
<key>selspeed</key>
<real>2400</real>
</dict>
</array>
<key>Standard</key>
<integer>0</integer>
<key>Title</key>
<string>2400</string>
</dict>
<dict>
<key>FanData</key>
<array>
<dict>
<key>Description</key>
<string>MainFan</string>
<key>Maxspeed</key>
<integer>6200</integer>
<key>Minspeed</key>
<integer>1800</integer>
<key>menu</key>
<true/>
<key>selspeed</key>
<real>2600</real>
</dict>
</array>
<key>Standard</key>
<integer>0</integer>
<key>Title</key>
<string>2600</string>
</dict>
<dict>
<key>FanData</key>
<array>
<dict>
<key>Description</key>
<string>MainFan</string>
<key>Maxspeed</key>
<integer>6200</integer>
<key>Minspeed</key>
<integer>1800</integer>
<key>menu</key>
<true/>
<key>selspeed</key>
<real>2800</real>
</dict>
</array>
<key>Standard</key>
<integer>0</integer>
<key>Title</key>
<string>2800</string>
</dict>
<dict>
<key>FanData</key>
<array>
<dict>
<key>Description</key>
<string>MainFan</string>
<key>Maxspeed</key>
<integer>6200</integer>
<key>Minspeed</key>
<integer>1800</integer>
<key>menu</key>
<true/>
<key>selspeed</key>
<real>3000</real>
</dict>
</array>
<key>Standard</key>
<integer>0</integer>
<key>Title</key>
<string>3000</string>
</dict>
<dict>
<key>FanData</key>
<array>
<dict>
<key>Description</key>
<string>MainFan</string>
<key>Maxspeed</key>
<integer>6200</integer>
<key>Minspeed</key>
<integer>1800</integer>
<key>menu</key>
<true/>
<key>selspeed</key>
<real>3200</real>
</dict>
</array>
<key>Standard</key>
<integer>0</integer>
<key>Title</key>
<string>3200</string>
</dict>
<dict>
<key>FanData</key>
<array>
<dict>
<key>Description</key>
<string>MainFan</string>
<key>Maxspeed</key>
<integer>6200</integer>
<key>Minspeed</key>
<integer>1800</integer>
<key>menu</key>
<true/>
<key>selspeed</key>
<real>3400</real>
</dict>
</array>
<key>Standard</key>
<integer>0</integer>
<key>Title</key>
<string>3400</string>
</dict>
<dict>
<key>FanData</key>
<array>
<dict>
<key>Description</key>
<string>MainFan</string>
<key>Maxspeed</key>
<integer>6200</integer>
<key>Minspeed</key>
<integer>1800</integer>
<key>menu</key>
<true/>
<key>selspeed</key>
<real>3600</real>
</dict>
</array>
<key>Standard</key>
<integer>0</integer>
<key>Title</key>
<string>3600</string>
</dict>
<dict>
<key>FanData</key>
<array>
<dict>
<key>Description</key>
<string>MainFan</string>
<key>Maxspeed</key>
<integer>6200</integer>
<key>Minspeed</key>
<integer>1800</integer>
<key>menu</key>
<true/>
<key>selspeed</key>
<real>3800</real>
</dict>
</array>
<key>Standard</key>
<integer>0</integer>
<key>Title</key>
<string>3800</string>
</dict>
<dict>
<key>FanData</key>
<array>
<dict>
<key>Description</key>
<string>MainFan</string>
<key>Maxspeed</key>
<integer>6200</integer>
<key>Minspeed</key>
<integer>1800</integer>
<key>menu</key>
<true/>
<key>selspeed</key>
<real>4000</real>
</dict>
</array>
<key>Standard</key>
<integer>0</integer>
<key>Title</key>
<string>4000</string>
</dict>
</array>
<key>SUCheckAtStartup</key>
<false/>
<key>SelDefault</key>
<integer>4</integer>
<key>Unit</key>
<integer>1</integer>
</dict>
</plist>

the key section is as follows, and can just be copied and pasted with the values you desire
Code:
<dict>
<key>FanData</key>
<array>
<dict>
<key>Description</key>
<string>MainFan</string>
<key>Maxspeed</key>
<integer>6200</integer>
<key>Minspeed</key>
<integer>1800</integer>
<key>menu</key>
<true/>
<key>selspeed</key>
<real>2000</real>
</dict>
</array>
<key>Standard</key>
<integer>0</integer>
<key>Title</key>
<string>2000</string>
</dict>

      <key>selspeed</key>
      <real>2000</real>
sets the speed

         <key>Title</key>
         <string>2000</string>
sets the display name

When you're all done, kill smc and restart it to see your new speed options


 3 
 on: November 25, 2012, 05:23:50 AM 
Started by martinc - Last post by martinc
Just a little batch file to
      1) Connect to a VPN
      2) Mount a network share
      3) Open folders of said network share
      4) Run a program
      5) Close said VPN and remove said network share

Code:
@echo off

ECHO.
ECHO   ####################################
ECHO  #                                    #
ECHO #  Connecting to VPN via batch script  #
ECHO  #                                    #
ECHO   ####################################
ECHO.

ECHO Wating to connect . . .
:: pinging nowhere and waiting in lieu of a sleep function
ping 1.1.1.1 -n 1 -w 1000 > nul
ECHO.

:: :: :: :: :: :: :: :: :: :: :: :: :: :: :: ::
ECHO # Initiating VPN #
set connection_name=3Dmitch
set username=martinc
set password=pimpypassword

rasdial %connection_name% %username% %password%
ECHO.

:: :: :: :: :: :: :: :: :: :: :: :: :: :: :: ::
ECHO # Mounting Shares #
set share_letter=D
set sharename="\\192.168.0.2\Data
set password=lamepassword
set username=mitch

net use %share_letter%: %sharename%" %password% /user:%username% /PERSISTENT:NO
ECHO.

:: :: :: :: :: :: :: :: :: :: :: :: :: :: :: ::
ECHO # Opening Folders #
set sharename=\\192.168.0.2\Data
set folder1=%sharename%\dirA
set folder2=\dir2

"C:\Windows\explorer.exe" %folder1%
"C:\Windows\explorer.exe" %sharename%%folder2%
ECHO.

:: :: :: :: :: :: :: :: :: :: :: :: :: :: :: ::
:: the script halts here until said program is closed
ECHO # Starting progams #
"C:\Program Files\whatever\you\want.exe"
ECHO.

:: the script continues after launching said program
::ECHO # Starting progams #
::"C:\Program Files\whatever\you\want.exe" &
::ECHO.

:: :: :: :: :: :: :: :: :: :: :: :: :: :: :: ::
ECHO - - And now we undo everything - -
ping 1.1.1.1 -n 1 -w 1000 > nul

ECHO - - Disconnecting VPN - -
rasdial %connection_name% /disconnect
ECHO.

ECHO - - Removing shares - -
net use %share_letter% /delete /y
ECHO.

ECHO # - # - # - # - # - # - #
ECHO Thank You Come Again
ECHO - # - # - # - # - # - # -
ECHO.

:: to await input
:: PAUSE


 4 
 on: November 17, 2012, 05:01:26 AM 
Started by martinc - Last post by martinc
Install
Code:
apt-get install pptpd pptp-linux -y

/etc/ppp/chap-secrets
Code:
# enter client info
[user] [server] [password] *

/etc/ppp/peers/[connection-name]
Code:
pty "pptp 123.123.123.123 --nolaunchpppd"
name [user-name]
#remotename [server-name]
require-mppe-128
file /etc/ppp/options.pptp
ipparam [connection-name]
noauth

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

iptables entry
Code:
#!/bin/sh

LAN=eth0
WAN=eth1

### Client Passthrough ###
VPN_NAME=VPN_client_example
VPN_server=123.123.123.123
#VPN_client=456.456.456.456

iptables -N $VPN_NAME

#iptables -A $VPN_NAME -j LOG --log-prefix "iptablesVPNin: "

iptables -A FORWARD --source $VPN_server -j $VPN_NAME
iptables -A FORWARD --destination $VPN_server -j $VPN_NAME

iptables -A $VPN_NAME -o $LAN -i $WAN -p tcp -m tcp --sport 1723 -m state --state ESTABLISHED -j ACCEPT
iptables -A $VPN_NAME -o $LAN -i $WAN -p 47 -m state --state ESTABLISHED -j ACCEPT

iptables -A $VPN_NAME -i $LAN -o $WAN -p tcp -m tcp --dport 1723 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A $VPN_NAME -i $LAN -o $WAN -p 47 -m state --state NEW,ESTABLISHED -j ACCEPT
### ###


### Client ###
# single nic
VPN_NAME=VPN_client
VPN_server=123.123.123.123
#VPN_client=456.456.456.456

iptables -N $VPN_NAME

#iptables -A $VPN_NAME -j LOG --log-prefix "iptablesVPNin: "

iptables -A INPUT --source $VPN_server -j $VPN_NAME
iptables -A OUTPUT --destination $VPN_server -j $VPN_NAME

iptables -A $VPN_NAME -i $WAN -p tcp -m tcp --sport 1723 -m state --state ESTABLISHED -j ACCEPT
iptables -A $VPN_NAME -i $WAN -p 47 -m state --state ESTABLISHED -j ACCEPT

iptables -A $VPN_NAME -o $WAN -p tcp -m tcp --dport 1723 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A $VPN_NAME -o $WAN -p 47 -m state --state NEW,ESTABLISHED -j ACCEPT
### ###

### Server ###
VPN_NAME=VPN_server_example
#VPN_server=123.123.123.123
VPN_client=456.456.456.456

iptables -N $VPN_NAME

#iptables -A $VPN_NAME -j LOG --log-prefix "iptablesVPNin: "

iptables -A OUTPUT --destination $VPN_client -j $VPN_NAME
iptables -A INPUT --source $VPN_client -j $VPN_NAME

iptables -A $VPN_NAME -o !$LAN -i $WAN -p tcp -m tcp --dport 1723 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A $VPN_NAME -o !$LAN -i $WAN -p 47 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A $VPN_NAME -i !$LAN -o $WAN -p tcp -m tcp --sport 1723 -m state --state ESTABLISHED -j ACCEPT
iptables -A $VPN_NAME -i !$LAN -o $WAN -p 47 -m state --state ESTABLISHED -j ACCEPT
### ###

### drop all other packets ###
#iptables -A $VPN_NAME -j LOG --log-prefix "iptablesVPNdropx`: "
iptables -A $VPN_NAME -j DROP

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

 5 
 on: November 16, 2012, 08:15:54 PM 
Started by martinc - Last post by martinc
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

Install
Code:
apt-get install boinc-client -y

Configure
# /etc/init.d/boinc-client stop
-or-
# cd /var/lib/boinc-client
# boinccmd stop

-- add accounts --
Code:
## get key ##
boinc_cmd --lookup_account http://setiathome.berkeley.edu YourUsername YourSetiPassword

## SETI ##
boinccmd --project_attach http://setiathome.berkeley.edu/ YourKey

## World Community Grid ##
boinccmd --project_attach www.worldcommunitygrid.org YourKey

start the client
Code:
/etc/init.d/boinc-client start
/etc/init.d/boinc-client restart

see what it's doing
Code:
boinccmd --get_state

# boinccmd --update_prefs

# Setting up BOINC on Debian from the command line
# Moving the BOINC working directory on Linux

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

to change the working directory

/etc/default/boinc-client
Code:
#BOINCDIR=/var/lib/boinc
BOINCDIR=/srv/htpc/boinc

/etc/init.d/boinc-client
looks to /etc/default/boinc-client for config

/etc/passwd
Code:
#boinc:x:106:111:BOINC core client,,,:/var/lib/boinc-client:/bin/false
boinc:x:106:111:BOINC core client,,,:/srv/htpc/boinc:/bin/false

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

 6 
 on: November 16, 2012, 07:24:40 PM 
Started by martinc - Last post by martinc
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# proven on debian

To get a single machine surfing the web

for my setup:
eth0 = internal network side
eth1 = WAN / modem side

/etc/network/interfaces
Code:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The internal network interface
allow-hotplug eth0
iface eth0 inet static
        address 192.168.1.1
        netmask 255.255.255.0
        network 192.168.1.0
        broadcast 192.168.1.255
        gateway 192.168.1.1
        dns-nameservers 8.8.8.8

# The external network interface
allow-hotplug eth1
iface eth1 inet dhcp

### optional - add to run firewall at startup
#        pre-up /etc/network/if-pre-up.d/00.firewall


to share the internet connection...
Code:
# Masquerade.
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

# Enable routing.
echo 1 > /proc/sys/net/ipv4/ip_forward

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

To act as a gateway

if you run an isc-dhcp-server
/etc/dhcp/dhcp.conf
Code:
...
subnet 192.168.1.0 netmask 255.255.255.0 {
       range 192.168.1.100 192.168.1.200;
       option routers 192.168.1.1;
       option broadcast-address 192.168.1.255;
}
...

iptables script
step by step

DNS server
generally faster page loads and less traffic
Code:
# apt-get install dnsmasq

# nano /etc/dnsmasq.conf

# The following two options make you a better netizen, since they
# tell dnsmasq to filter out queries which the public DNS cannot
# answer, and which load the servers (especially the root servers)
# uneccessarily. If you have a dial-on-demand link they also stop
# these requests from bringing up the link uneccessarily.

# Never forward plain names (without a dot or domain part)
domain-needed
# Never forward addresses in the non-routed address spaces.
bogus-priv

# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
interface=eth0

# Or which to listen on by address (remember to include 127.0.0.1 if
# you use this.)
listen-address=127.0.0.1
listen-address=192.168.1.99
## a bit redundant, but useful if using vlans

cache-size=1000
neg-ttl=3600
resolv-file=/etc/resolv.dnsmasq
no-poll

/etc/resolv.conf
Code:
# you could go with what your isp provides you or tell your system where to query from

nameserver 127.0.0.1

/etc/resolv.dnsmasq
Code:
# Allow applications on the machine hosting dnsmasq to also use it too
nameserver 127.0.0.1

# Google IPv4 DNS
nameserver 8.8.8.8
nameserver 8.8.4.4

# Google IPv6 DNS
nameserver 2001:4860:4860::8888
nameserver 2001:4860:4860::8844

Ad blocking
simplicity is king as dnsmasq queries your /etc/hosts file so adblocking is as painless as modifying that

Caching Nameserver using dnsmasq

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

To beef up security a bit with iptables you could try something like . . .
# passthrough WWW traffic only and SSH to the router
Code:
#!/bin/sh

WAN=eth1
LAN=eth0

echo "Flushing iptables rules..."
#########################
# clears out and resets #
#########################
# Delete all rules
iptables -F
iptables -t nat -F
# Delete all chains
iptables -X
iptables -t nat -X
# Mangle
iptables -t mangle -F
iptables -t mangle -X

# Set the default policy
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
# Set the default policy for the NAT table
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
#########################

# make new tables
iptables -N FIREWALL
iptables -N WAN
iptables -N LAN

#########################
echo "Applying iptables rules..."
echo "INPUT links to ..."
#########
# INPUT #
#########

iptables -A INPUT -j FIREWALL
iptables -A INPUT -j DROP

#########
# OUTPUT #
#########

iptables -A OUTPUT -j FIREWALL
iptables -A OUTPUT -j DROP

#########################
echo "FIREWALL splits to..."
############
# FIREWALL #
############

# Allow self communication
iptables -A FIREWALL -i lo -j ACCEPT
iptables -A FIREWALL -o lo -j ACCEPT

# send traffic to table based on nic
iptables -A FIREWALL -i $WAN -j WAN
iptables -A FIREWALL -o $WAN -j WAN
iptables -A FIREWALL -i $LAN -j LAN
iptables -A FIREWALL -o $LAN -j LAN

# drop all other packets
iptables -A FIREWALL -j DROP

#########################
echo "LAN and ..."
#######
# LAN #
#######

# DNS   ### only if running dns server
iptables -A LANin -i $LAN -p udp --dport 53 -m state --state NEW,ESTABLISHED  -j ACCEPT
iptables -A LANout -o $LAN -p udp --sport 53 -m state --state ESTABLISHED  -j ACCEPT

# SSH to router
iptables -A LANin -i $LAN -p tcp --dport 22 -m state --state ESTABLISHED -j ACCEPT
iptables -A LANin -i $LAN -p tcp --dport 22 -m state --state NEW -j ACCEPT
iptables -A LANout -o $LAN -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT

# icmp (ping)
iptables -A LAN -i $LAN -p icmp -m icmp -j ACCEPT
iptables -A LAN -o $LAN -p icmp -m icmp -j ACCEPT

# drop all other packets
iptables -A LAN -j DROP

#########################
echo "WAN..."
#######
# WAN #
#######

# drop all other packets
iptables -A WAN -j DROP

###########
# FORWARD #
###########

iptables -N FromLAN
iptables -N FromWAN

iptables -A FORWARD -i $LAN -j FromLAN
iptables -A FORWARD -i $WAN -j FromWAN

# drop all other packets
iptables -A FORWARD -j DROP

###########
# FromLAN

# http
iptables -A FromLAN -i $LAN -o $WAN -p tcp -m tcp --dport 80 -m state --state ESTABLISHED -j ACCEPT
iptables -A FromLAN -i $LAN -o $WAN -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT

# DNS
iptables -A FromLAN -i $LAN -o $WAN -p udp -m udp --dport 53 -m state --state ESTABLISHED -j ACCEPT
iptables -A FromLAN -i $LAN -o $WAN -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT

# icmp [ping] from inside to outside
iptables -A FromLAN -i $LAN -o $WAN -p icmp --icmp-type echo-request -j ACCEPT

# drop all other packets
iptables -A FromLAN -j DROP

############
# FromWAN

# http
iptables -A FromWAN -o $LAN -i $WAN -p tcp -m tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT

# DNS
iptables -A FromWAN -o $LAN -i $WAN -p udp -m udp --sport 53 -m state --state ESTABLISHED -j ACCEPT

# icmp [ping] from inside to outside
iptables -A FromWAN -o $LAN -i $WAN -p icmp --icmp-type echo-reply -j ACCEPT

# drop all other packets
iptables -A FromWAN -j DROP

###############
# POSTROUTING #
###############

# Masquerade
iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE

# Enable routing
echo 1 > /proc/sys/net/ipv4/ip_forward


# a little more complete
Code:
#!/bin/sh

WAN=eth1
LAN=eth0
LAN_RANGE=192.168.1.0/24
SERVER_IP=192.168.1.1
external_ip="`ifconfig $WAN | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`"

echo "Flushing iptables rules..."
#########################
# clears out and resets #
#########################
# Delete all rules
iptables -F
iptables -t nat -F
# Delete all chains
iptables -X
iptables -t nat -X
# Mangle
iptables -t mangle -F
iptables -t mangle -X

# Set the default policy
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
# Set the default policy
ip6tables -P INPUT DROP
ip6tables -P FORWARD DROP
ip6tables -P OUTPUT DROP
# Set the default policy for the NAT table
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
# Set the default policy for the NAT table
ip6tables -t nat -P PREROUTING DROP
ip6tables -t nat -P POSTROUTING DROP
ip6tables -t nat -P OUTPUT DROP
#########################

# make new tables
iptables -N FIREWALL
iptables -N WAN
iptables -N LAN
iptables -N FilterDROP

#########################
echo "Applying iptables rules..."
echo "INPUT links to ..."
#########
# INPUT #
#########

iptables -A INPUT -j FilterDROP
iptables -A INPUT -j FIREWALL
iptables -A INPUT -j DROP

#########
# OUTPUT #
#########

iptables -A OUTPUT -j FilterDROP
iptables -A OUTPUT -j FIREWALL
iptables -A OUTPUT -j DROP


#########################
echo "FilterDROP ..."
##############
# FilterDROP #
##############

# Fragment check
iptables -A FilterDROP -f -j DROP

# DROP invalid
iptables -A FilterDROP -m state --state INVALID -j DROP

# Restrict the flow to avoid ping flood attacks
iptables -A FilterDROP -p icmp -m icmp --icmp-type address-mask-request -j DROP
iptables -A FilterDROP -p icmp -m icmp --icmp-type timestamp-request -j DROP

# Drop bogus TCP packets
iptables -A FilterDROP -p tcp -m tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A FilterDROP -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP

# XMAS packets
iptables -A FilterDROP -p tcp --tcp-flags ALL ALL -j DROP

# Drop all NULL packets
iptables -A FilterDROP -p tcp --tcp-flags ALL NONE -j DROP

# Force SYN packets check
iptables -A FilterDROP -p tcp ! --syn -m state --state NEW -j DROP

# Syn-flood protection:
iptables -A FilterDROP -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP

# loopback spoof
#iptables -A FilterDROP -d 127.0.0.0/8 -j REJECT

# Bad packets chk
iptables -A FilterDROP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "Bad tcp packets"
iptables -A FilterDROP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
iptables -A FilterDROP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "Bad tcp packets"
iptables -A FilterDROP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
iptables -A FilterDROP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "BAD tcp"
iptables -A FilterDROP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
iptables -A FilterDROP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "Bad tcp"
iptables -A FilterDROP -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
iptables -A FilterDROP -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "Bad tcp "
iptables -A FilterDROP -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A FilterDROP -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -m limit --limit 3/min --limit-burst 3 -j LOG --log-prefix "Bad tcp "
iptables -A FilterDROP -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
iptables -A FilterDROP -p tcp -j RETURN


#########################
echo "FIREWALL splits to..."
############
# FIREWALL #
############

# Allow self communication
iptables -A FIREWALL -i lo -j ACCEPT
iptables -A FIREWALL -o lo -j ACCEPT

# send traffic to table based on nic
iptables -A FIREWALL -i $WAN -j WAN
iptables -A FIREWALL -o $WAN -j WAN
iptables -A FIREWALL -i $LAN -j LAN
iptables -A FIREWALL -o $LAN -j LAN

# drop all other packets
iptables -A FIREWALL -j DROP

#########################
echo "LAN and ..."
#######
# LAN #
#######

#iptables -A LAN -i $LAN -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
#iptables -A LAN -i $LAN -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT
#iptables -A LAN -i $LAN -m state --state ESTABLISHED,RELATED -j ACCEPT

# DNS   ### only if running dns server
iptables -A LANin -i $LAN -p udp --dport 53 -m state --state NEW,ESTABLISHED  -j ACCEPT
iptables -A LANout -o $LAN -p udp --sport 53 -m state --state ESTABLISHED  -j ACCEPT

# SSH to router
iptables -A LANin -i $LAN -p tcp --dport 22 -m state --state ESTABLISHED -j ACCEPT
iptables -A LANin -i $LAN -p tcp --dport 22 -m state --state NEW -j ACCEPT
iptables -A LANout -o $LAN -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT

# SSH from router
iptables -A LANin -i $LAN -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
iptables -A LANout -o $LAN -p tcp --dport 22 -m state --state ESTABLISHED -j ACCEPT
iptables -A LANout -o $LAN -p tcp --dport 22 -m state --state NEW -j ACCEPT

# samba
iptables -A LAN -i $LAN -p udp --dport 137:139 -j ACCEPT
iptables -A LAN -o $LAN -p udp --sport 137:139 -j ACCEPT
iptables -A LAN -i $LAN -p tcp --dport 139 -j ACCEPT
iptables -A LAN -o $LAN -p tcp --sport 139 -j ACCEPT
iptables -A LAN -i $LAN -p tcp --dport 445 -j ACCEPT
iptables -A LAN -o $LAN -p tcp --sport 445 -j ACCEPT

# icmp (ping)
iptables -A LAN -i $LAN -p icmp -m icmp -j ACCEPT
iptables -A LAN -o $LAN -p icmp -m icmp -j ACCEPT

# drop all other packets
iptables -A LAN -j DROP

#########################
echo "WAN..."
#######
# WAN #
#######

# http
iptables -A WAN -i $WAN -p tcp -m tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
iptables -A WAN -o $WAN -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT

# DNS
iptables -A WAN -i $WAN -p udp -m udp --sport 53 -m state --state ESTABLISHED -j ACCEPT
iptables -A WAN -o $WAN -p udp -m udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT

# icmp [ping] from inside to outside
iptables -A WAN -o $WAN -p icmp --icmp-type echo-request -j ACCEPT
iptables -A WAN -i $WAN -p icmp --icmp-type echo-reply -j ACCEPT

# drop all other packets
iptables -A WAN -j DROP

###########
# FORWARD #
###########

iptables -N FromLAN
iptables -N FromWAN

iptables -A FORWARD -j FilterDROP
iptables -A FORWARD -i $LAN -j FromLAN
iptables -A FORWARD -i $WAN -j FromWAN

# drop all other packets
iptables -A FORWARD -j DROP

###########
# FromLAN

# http
iptables -A FromLAN -i $LAN -o $WAN -p tcp -m tcp --dport 80 -m state --state ESTABLISHED -j ACCEPT
iptables -A FromLAN -i $LAN -o $WAN -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT

# DNS
iptables -A FromLAN -i $LAN -o $WAN -p udp -m udp --dport 53 -m state --state ESTABLISHED -j ACCEPT
iptables -A FromLAN -i $LAN -o $WAN -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT

# icmp [ping] from inside to outside
iptables -A FromLAN -i $LAN -o $WAN -p icmp --icmp-type echo-request -j ACCEPT

# drop all other packets
iptables -A FromLAN -j DROP

############
# FromWAN

# http
iptables -A FromWAN -o $LAN -i $WAN -p tcp -m tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT

# DNS
iptables -A FromWAN -o $LAN -i $WAN -p udp -m udp --sport 53 -m state --state ESTABLISHED -j ACCEPT

# icmp [ping] from inside to outside
iptables -A FromWAN -o $LAN -i $WAN -p icmp --icmp-type echo-reply -j ACCEPT

# drop all other packets
iptables -A FromWAN -j DROP

###############
# POSTROUTING #
###############

# Masquerade
iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE

# Enable routing
echo 1 > /proc/sys/net/ipv4/ip_forward

# a little security
#
#---------------------------------------------------------------
# Disable routing triangulation. Respond to queries out
# the same interface, not another. Helps to maintain state
# Also protects against IP spoofing
#---------------------------------------------------------------
#
#net/ipv4/conf/all/rp_filter = 1
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
##
#---------------------------------------------------------------
# Enable logging of packets with malformed IP addresses
#---------------------------------------------------------------
#
#net/ipv4/conf/all/log_martians = 1
#
#---------------------------------------------------------------
# Disable redirects
#---------------------------------------------------------------
#
#net/ipv4/conf/all/send_redirects = 0
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
#
#---------------------------------------------------------------
# Disable source routed packets
#---------------------------------------------------------------
#
#net/ipv4/conf/all/accept_source_route = 0
#echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
#
#---------------------------------------------------------------
# Disable acceptance of ICMP redirects
#---------------------------------------------------------------
#
#net/ipv4/conf/all/accept_redirects = 0
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
#
#---------------------------------------------------------------
# Turn on protection from Denial of Service (DOS) attacks
#---------------------------------------------------------------
#
#net/ipv4/tcp_syncookies = 1
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
#
#---------------------------------------------------------------
# Disable responding to ping broadcasts
#---------------------------------------------------------------
#
#net/ipv4/icmp_echo_ignore_broadcasts = 1
#

save to /etc/network/if-pre-up.d/router
chmod u+x /etc/network/if-pre-up.d/router

 7 
 on: November 15, 2012, 11:54:02 PM 
Started by martinc - Last post by martinc
NFS
(examples based one debian squeeze)
always backup the original file
Code:
cp /file/to/edit /file/to/edit.orig

## SERVER ##
Install
Code:
apt-get install nfs-kernel-server ### (to host)

Configure
/etc/default/nfs-kernel-server
Code:
NEED_SVCGSSD=no # no is default

/etc/default/nfs-common
Code:
NEED_IDMAPD=yes
NEED_GSSD=no # no is default

/etc/idmapd.conf
Code:

# both the client and server require the /etc/idmapd.conf file to have the
# same contents with the correct domain names

[Mapping]
Nobody-User = nobody
Nobody-Group = nogroup
   
/etc/exports               (host shares)
Code:
/media/460 192.168.1.0/24*(rw,no_subtree_check,async)

export the shares and restart the nfs server
Code:
sudo exportfs -a or -ar
sudo /etc/init.d/nfs-kernel-server restart

## CLIENT ##
[i've gotten away with just installing nfs-common and adding the line to fstab]

Install
Code:
apt-get install nfs-common

Configure
/etc/default/nfs-common
Code:
NEED_IDMAPD=yes
NEED_GSSD=no # no is default

/etc/fstab                  (mount shares)
Code:
/dev/sdd1 /media/931 ext4 defaults 0 0
192.168.1.10:/media/460 /srv/460 nfs rw,hard,intr 0 0

/etc/idmapd.conf
Code:

# both the client and server require the /etc/idmapd.conf file to have the
# same contents with the correct domain names

[Mapping]
Nobody-User = nobody
Nobody-Group = nogroup


http://ubuntuforums.org/showthread.php?t=249889
https://help.ubuntu.com/community/SettingUpNFSHowTo
http://www.cyberciti.biz/faq/how-to-ubuntu-nfs-server-configuration-howto/
http://www.cyberciti.biz/tips/ubuntu-linux-nfs-client-configuration-to-mount-nfs-share.html

>Mac
http://www.cyberciti.biz/faq/apple-mac-osx-nfs-mount-command-tutorial/



Assign ports [optional]
/etc/default/nfs-common
Code:
# set statd to listen on port 4000:       [client and server]
...
STATDOPTS="--port 4000"

/etc/modprobe.d/options.conf
Code:
# Set lockd to listen on port 4001 (create the options.conf file if it doesn’t exist)     [client and server]
options lockd nlm_udpport=4001 nlm_tcpport=4001

/etc/modules
Code:
# add lockd to be loaded at boot
...
loop
lockd

/etc/default/nfs-kernel-server
Code:
# set mountd to listen on 4002     [server]
...
RPCMOUNTDOPTS="--manage-gids -p 4002"
..

Code:
# rpcinfo -p
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp   4000  status
    100024    1   tcp   4000  status
    100021    1   udp   4001  nlockmgr
    100021    3   udp   4001  nlockmgr
    100021    4   udp   4001  nlockmgr
    100021    1   tcp   4001  nlockmgr
    100021    3   tcp   4001  nlockmgr
    100021    4   tcp   4001  nlockmgr
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    4   udp   2049  nfs
    100005    1   udp   4002  mountd
    100005    1   tcp   4002  mountd
    100005    2   udp   4002  mountd
    100005    2   tcp   4002  mountd
    100005    3   udp   4002  mountd
    100005    3   tcp   4002  mountd

http://bryanw.tk/2012/specify-nfs-ports-ubuntu-linux/


# # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

SAMBA

Install
Code:
apt-get install samba smbfs

Configure
Code:
cp /etc/samba/smb.conf /etc/samba/smb.conf.orig

/etc/samba/smb.conf
Code:
...
####### Authentication #######
...
# "user" needs credentials, "share" lets anyone
security = share
...
guest account = nobody
...
# shares added arbitrarily to the bottom, in following format

[460]                    # [name of share]
comment = my 500gb hd    # comment = description of share
path = /media/460        # path = /path/to/share
read only = no           # read only = yes or no
guest ok = yes           # guest ok = yes or no
writable = yes           # writable = yes or no

Code:
/etc/init.d/samba restart

to test shares
Code:
testparm

http://www.howtoforge.com/creating-a-home-media-and-file-server-with-ubuntu
http://www.debuntu.org/guest-file-sharing-with-samba



Mount SAMBA shares
Guest share
Code:
mount -t smbfs -o username=guest,sec=none //<server>/<share> /your/mount/point
mount -t smbfs -o username=guest,sec=none //192.168.1.2/931  /media/931

Name/Password share
Code:
mount -t smbfs -o username=,password= //<server>/<share>  /your/mount/point
mount -t smbfs -o username=3dmitch,password=lamepassword //192.168.1.2/931  /media/931

/etc/fstab
Code:
//<server>/<share>      /your/mount/point      filesystem      options
//192.168.1.2/931      /media/931      smbfs      rw,hard,intr,username=guest,sec=none    0       0
//192.168.1.2/931      /media/931      smbfs      rw,hard,intr,username=3dmitch,password=lamepassword    0       0

 8 
 on: June 28, 2012, 12:14:23 PM 
Started by mitchell - Last post by mitchell


Well, good luck with that.  Roll Eyes

 9 
 on: May 15, 2012, 03:35:58 AM 
Started by martinc - Last post by martinc
Start Menu >>
  Control Panel >>
    Network and Sharing Center >>
      Change adapter settings >>
        [right click on your adapter] Properties >>
          [select] Internet Protocol Version 4 (TCP/IPv4)
            Properties >>
192.168.1.97   # whatever address you want your machine to be known as
255.255.255.0 # for your standard home IPs of 192.168.x.x (windows should autopopulate)
192.168.1.1     # your router
192.168.1.1     # DNS server - usually your router
8.8.8.8            # google DNS as backup

any problems?
disable the adapter, flush out dns from command line, and enable the adapter

ipconfig /flushdns

### Note ###
windows doesn't allow for profiles per network, just per adapter so keep in mind when laptop is taken elsewhere

http://www.howtogeek.com/howto/19249/how-to-assign-a-static-ip-address-in-xp-vista-or-windows-7/

 10 
 on: April 30, 2012, 01:38:16 AM 
Started by martinc - Last post by martinc
a little basic firewalling

Code:
#!/bin/sh

echo "Flushing iptables rules..."
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

echo " Applying rules"
# allow whats listed

# loopback
iptables -I INPUT 1 -i lo -j ACCEPT

# need or http wont work for some reason
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# http
iptables -A INPUT -p tcp --dport 80 -j ACCEPT

# ssh
iptables -A INPUT -p tcp --dport ssh -j ACCEPT

# ping
iptables -A INPUT -p icmp -j ACCEPT

# drop everything else
iptables -A INPUT -j DROP

should work fine, but if buggy then,
Code:
service iptables restart

http://www.netfilter.org/documentation/

Pages: [1] 2 3 ... 10
Powered by SMF 1.1.21 | SMF © 2015, Simple Machines
Greenday Theme Designed By [S.W.T]