Jump to content

i.am.stack

Active Members
  • Posts

    6
  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

i.am.stack's Achievements

Newbie

Newbie (1/14)

  1. I know it has been a few weeks since I last updated this thread, but someone recommended that I check out ClearOS. I have only been testing it today, but I am really impressed so far. Resource usage is pretty low (not the lowest I have seen but it is on par with what I saw with Smoothwall). It has a ton of extra features that so far appear to work (have not tested _all_ of them yet but better luck so far then others). It also has really nice reporting tools and a easy to follow interface. After only a few hours with it, I am about 99% certain that I won't be going back to messing with ebox. There are a few things that I have to answer first before I make the final dive, claim it to 'be all that', and knock out Untangle to make ClearOS my primary firewall but I am really close to it. Anyway, just throwing that out there as it wasn't mentioned before in the other posts.
  2. Just saw this post. Guess you made it as I was typing out my monster post. :-) I like the idea of that card, but personally I would want Gigabit instead of just 10/100. I know I don't have those speeds out to the internet yet, but I would want to split up the LAN so that one port would be wireless networks, one my local LAN, one my internet, and one a DMZ. The cross networks I wouldn't want to hit the 10/100 bottleneck. Maybe that is just me. The problem is that it jumps the price up into the 300$ range which is a bit much for me.... However, a 2 port isn't too bad. If I buy my Atom build I would probably spend the 80$ to get this: http://www.newegg.com/Product/Product.aspx...N82E16833166040 I know some people don't like Rosewill, but the Intel is almost double the price: http://www.newegg.com/Product/Product.aspx...N82E16833106034
  3. Hello everybody! Thanks for the replies; sorry I wasn't around at all yesterday. I have looked at many other firewalls. Some of them were nice, but I was a bit cautious as many have not been updated in years. I wasn't a fan of Vyatta nor of IPCop (though I have not tried this one in some time). I tried Endian for a while and was _really_ impressed with how fast it was, however, it had way too many bugs. I had three nic cards (internet, lan, wireless) and they would shuffle around on reboots. DHCP would _always_ have to be started manually. Documentation and their forums were of little help to me. Of course this was with version 2.2 and having talked to someone about the May 2010 release of 2.4 supposedly the product has gotten a lot better. I have not tried 2.4 mainly because of lack of time, but I am willing to say that my problems with Endian *may* no longer exist. I don't know yet (though I do wish to find out). eBox has been fun to tinker around with, however, I am not convinced to run this as my primary firewall. Too many things don't work right and while I applaud them for having a fair amount of documentation there is still a ways to go. There are hundreds of features and extras in eBox but none of them are quite 100%. I wish they would focus in and get the basics working solidly first. Here are a few examples: fresh install of eBox and it took me hours to get file transfers to work between two local systems using the Jabber setup that comes with eBox. I have yet to get LDAP working with eBox. I got LDAP partially working on a Debian server, but never got it functional on eBox. Yet this is one of the advertised features. <_< I actually liked SME server, however, I ran into too many issues regarding older versions of packaging. Since it is based on an old version of CentOS, it is difficult to work with (in my opinion). They are working on SME version 8 which is supposed to be based on CentOS 5, but that is still dealing with old software* and getting older now that the RHEL 6 beta is fully underway and is expected to be released within the next few months. (* yes I know enterprise grade software is well tested and there is a reason to keep it there...I really don't have a problem with CentOS 5 except with python...grr...stupid python 2.4...and upgrading to 2.6 breaks things like yum...side-by-side works...sometimes....pain in the....). Untangle works and it does what I want for the most part. It is just that the resources are absurd. My old firewall was a fanless 1.2Ghz AMD GeoNode with 512MB of ram. It ran Smoothwall for a very long time with minimal usage. My current Untangle box is a P4 3Ghz with 3GB of memory and it runs constantly at a load of 1.5-2. Using the web interface is sluggish and it takes forever to run reports. A LUG member reported that was a huge problem for his company when they first started using Untangle. They really liked it but it chomped resources. So they just bought a 64bit Quad-Core 3.0Ghz Xeon with 8GB of memory. Untangle isn't slow any more...I just don't have those kinds of resources. The things about Smoothwall that I really miss are the really good reporting tools. What was attacking the firewall, who was trying to ping sweep my firewall, what virus/worm/trojan was trying to get access ect. ect. I haven't seen as good of reporting in others; sure others have them but they are not as nice. I would also LOVE to build up a new box running on something like an Atom processor. For months now I have been thinking about how cool it would be to get something like what Darren built. One of the cheep Atoms with 1-2GB of memory, an 8 GB flash drive, and a multi-port network card. It would use so little energy (also low heat) and fanless so no noise!! There is just no way I could do that with Untangle as the resource are just not there but I have no doubt that system would be a rocking Smoothwall box. Yet again, I find myself wanting Smoothwall...but I am NOT going to use a distro that backs up and restores from a technology that old. Maybe in Smoothwall 4.0 they will at least start supporting Zip disks... I had forgotten about pfsense. I messed around with it after their big fork and I have not messed with it since. I am downloading it right now and will mess with it for a while. Thanks! Thanks for the comments guys!
  4. Just watched 7x18 and since I don't see that created yet under the episodes forum (and I don't want to create it) I figured I would try posting to 'Everything Else' instead. Darren built up a Smoothwall installation and touched on the main reason why I left Smoothwall well over two years ago. Backup and Restore. Funny enough, *also* mentioned in the episode. Smoothwall uses _FLOPPY_ disks to backup and restore from. Sure Smoothwall lets you download a floppy image, but last I checked it won't restore from that image. Maybe I missed it but I didn't see a floppy connection on Darren's really cool Atom based system. Hope Darren spent another 20$-30$ on a USB floppy drive and a couple of disks. I also hope it isn't like some of the newer systems I have seen that don't have a USB floppy disk boot option.... I had Smoothwall up and running on my home connection for some time. Normally if I lose internet for a while, oh well. So what if I can't surf /. for a few hours. Whatever. However, this time I had something important going on (naturally). I was several weeks into trying to help get a friends business off the ground by hosting his website and doing the admin for it. The box was DMZ'd and I had a decently complex configuration for the network. I just needed to last the week. Except, Murphy doesn't like anyone. Power outage. Everything came back up except Smoothwall. After a couple of hours switching out parts I came to the conclusion that the box was just gone. No biggie, I always downloaded the floppy images when I made a change and I have got good backups. I grabbed a spare box and started the restore when it struck me...where the hell do I find a floppy disk?? The last computer I bought with a floppy drive in it had been tossed out long ago. I managed to dig up a few floppy disks that were forever old, but no floppy drive. None of the stores (compusa, walmart, best buy, circuit city, ect) had floppy drives. So there went 60$ overnighting a floppy drive from Newegg. Then I found that all these floppy disks I had kept since the 90's in the back of my closet had all gone bad and all threw write errors when writing the image to the floppy (probably because they baked in the summer and froze in the winter along with years of abuse and neglect). Want to guess how many stores carry floppy disks now?? So I built another firewall box and customized it for the pressing needs (with _only_ three days downtime finding replacement parts ) and I went a week without internet till he got his funding and could afford to buy hosting that wasn't on a home connection. I swore I wasn't going to deal with technologies that I can't restore to regardless of how well it backs up. I really liked Smoothwall and I have not found a good replacement. The best I have found for my needs is Untangle, but it chops resources like mad. However, I am not even going to try a Smoothwall VM until I _know_ I don't need floppies anymore. As much as backups are talked about on the show, I am sure Darren will do a backup of his Smoothwall settings. The question is, how is he planning on restoring should that jerk Murphy come knocking at his door?? Does anyone know if Smoothwall has changed in the last 2 years? It would thrill me quite a bit to find Smoothwall no longer requires a floppy, but I have not seen nor heard of another option without getting the paid for support (which I don't need as a home user).
  5. Hello everyone! I just got a pineapple v2 from the hak shop as a gift from a friend. Horay! However, I don't really know what I am doing...yet. :-D I am going back over the old episodes and reading lots of documentation. That is how I discovered this thread. Anyway, I just tried running this 0.9 script on Ubuntu 10.04 and I got a few interesting errors I thought I would share. The install generated no errors at all. When I ran 'sudo /usr/bin/pineapple.sh' I got this: $ sudo /usr/bin/pineapple.sh /usr/bin/python2.6 Python-2.6 is installed /us/bin/pineapple.sh: line 151: [: ==: unary operator expected Python Module Twisted is installed sslstrip option is enabled Two things here: 1) line 146: typo scrip -> script 2) line 151 if [ $Py26 == "N" ]; then -> if [ "$Py26" == "N" ]; then Next I tried running the script again. When it asked for a location of sslstrip output I gave it one (/tmp/ssl.out). It then asked if I was sure I said yes and got /usr/bin/pineapple.sh: line 466: [: too many arguments y path user verified Where would you like the sslstrip log file to be located? And it just repeats over and over again... Again there are a few issues I see: 1) line 462 is just a formatting issue to make the question look uniform (eg: to look like the other questions asked where the : is on the outside) read -p "So you sure?: Y/N" Verify -> read -p "So you sure? Y/N:" Verify 1B) Same appears on line 391 as well. 2) The actual error. First the multiple variables Verify and Varify. Varify /only/ appears on lines 395 and 466. It should be Verify. Second the if statement. I don't know python very well but testing each parameter by itself worked. Testing them together with the -o would never break the loop for me. So here is my fix. if [ $Verify != "Y" -o $Varify != "y" -o $Verify != "yes" ]; then -> if [ $Verify != "Y" ]; then 2B) Same appears on line 395 as well. 3) Typo on line 397 "Asking agin" -> "Asking again" 3B) Same appears on line 468 as well. 4) The while loop on 434 needs $X to _not_ equal N. The if statement has X="Y" as it should, but the else has no such statement. So down on line 474 where there is Y="Y" I added to the line below X="Y" 4B) Same appears in the while loop on line 363 as well. 5) Lastly, (I promise! For now...) a suggestion. I noticed that the script has hard path set for various versions (lines: 96, 617) even though it should be version 0.9. You may want to either remove all the version numbers in the script or set a variable at the top so that there is only one place that needs updating when you release new versions. And now the script works for me! Thanks for building out this script. I know you have put in a lot of your time and effort and I appreciate it. Now to go play with my new toy and figure out how to talk to the pineapple... [Edit] Got another set of problems and I am not having any luck solving them. First: I fired up my other laptop and was surprised that Ubuntu 8.04 with wicd auto connected to my home network in the other room when the pineapple was <2 feet away (karma was on). However, I did see pineapple in the wifi list so I connected to it. The laptop appeared on the connected clients list on 10.110.0.2:1471. I was able to connect to Google and surf. No idea why it didn't auto connect like it should have though... Second, I fired up my aim client on the laptop and fired up wireshark on the pineapple host. I was able to see the conversations between my two aim users. Horay! Then I tried the SSL stripping. I went to https://gmail.com and logged in to my spam account. I noticed that the https stayed there the whole time. I didn't think it was supposed to do that. I rushed over to the host and started digging through the wireshark logs. No sign of my password in the capture and wireshark recorded https sessions. Interesting. So I tabbed over to the python terminal the pineapple.sh script started and I found this error: http://pastebin.com/buYnuSwZ That link has a 1 month expiration, btw. After messing with it for about an hour I am tired and need a break. If anyone has any ideas please let me know. I will tackle this again later this week.
×
×
  • Create New...