Jump to content

Deags

Active Members
 View Profile  See their activity

  • Posts

    424

  • Joined

  • Last visited

 Content Type 

Posts posted by Deags

    Router On A Stick

    in Everything Else

    Posted

    Can you give us a network diagram of the setup so we can see how its all laid out, topology, etc. Just want to see how you got the two WAN's coming into this whole mix and how that works.

    Not good with network diagrams.

    Works like this. Feeds into it via vlans as you probably worked out. I then load balance the wans unevenly with one taking all the load and the other taking none (I need to do this as you can only have one default route). I then manually route some hosts over the one that takes none using route tables/iptables marking packets...

    I can swap the balance the other way if I wish I have variables in my script I can set. If one fails the other just because the default route and all traffic goes over it despite the manual routes that have been put in place?

    The wireless and lan are one two different networks which have routes to each other. Their internet traffic is not distinguished by any firewall rules at this time.

    Does that explain it?

    Router On A Stick

    in Everything Else

    Posted

    So I decided to start saving some power. SheevaPlug plugged into a HP ProCurve Switch 1700-8.

    img1625p.jpg

    Runs Arch Linux is connected to 2 wan's, 2 lans, 1 vpn and 1 ipv6 tunnel.

    routing and firewall is all manual aside from a failover script i've written in PHP.

    Runs LDAP, FTP, HTTP, SMB, RADIUS, NS, SMTP/MAIL, PXE, DHCP and DHCPv6 services to serv both the local network and internet.

    Pros: Quite, smaller, less power consumption more processing power and ram than the p3.

    Cons: Don't know how long the SD card will last.

    I see hak5 is still going. Forums have more ads... show must not be as lucrative as it once was.

    Episode 8x12

    in Hak5

    Posted

    Hey guys. For all those with linux routers. I assume you can read a guide on setting it up. For those who might be running pfsense and what to let the tunnel traffic pass their firewall the simple way is to forward all data from the tunnel server to your internal box. Rather than fiddling around with protocol 41.

    Any how simple firewalling from the router for hosts behind. Slightly different from NAT. This is an example. Security lovers i'm sure will tear it to shreds.

    Basic explanation. he-ipv6 is my tunnel endpoint and br0 is another interface with an ipv6 address (it's my lan. however, it's a public address). I've also allow my 48 in from my lan interface. So anyone on the lan can access this server. I've also allowed DHCPv6 on the lan. however, I don't think it matters. As dhcp server I believe works outside where iptables can get it (I have to use ebtables on it if i want to block it).

    ip6tables -t filter -P INPUT DROP
ip6tables -A INPUT -i br0 -m state --state ESTABLISHED,RELATED -j ACCEPT
ip6tables -A INPUT -i he-ipv6 -m state --state ESTABLISHED,RELATED -j ACCEPT
ip6tables -A INPUT -i br0 -s 2001:470:80fc::/48 -j ACCEPT
ip6tables -A INPUT -i br0 -p tcp --dport 80 -j ACCEPT
ip6tables -A INPUT -i he-ipv6 -p tcp --dport 80 -j ACCEPT
ip6tables -A INPUT -i br0 -p tcp --dport 22 -j ACCEPT
ip6tables -A INPUT -i he-ipv6 -p tcp --dport 22 -j ACCEPT
ip6tables -A INPUT -i he-ipv6 -p tcp --dport 25 -j ACCEPT
ip6tables -A INPUT -i br0 -p tcp --dport 25 -j ACCEPT
ip6tables -A INPUT -i he-ipv6 -p udp --dport 53 -j ACCEPT
ip6tables -A INPUT -i br0 -p udp --dport 53 -j ACCEPT
ip6tables -A INPUT -i he-ipv6 -p tcp --dport 53 -j ACCEPT
ip6tables -A INPUT -i br0 -p tcp --dport 53 -j ACCEPT
ip6tables -A INPUT -i br0 -p tcp --dport 546 -j ACCEPT
ip6tables -A INPUT -i br0 -p tcp --dport 547 -j ACCEPT
ip6tables -A INPUT -i br0 -p udp --dport 546 -j ACCEPT
ip6tables -A INPUT -i br0 -p udp --dport 547 -j ACCEPT
ip6tables -A INPUT -i br0 -p ipv6-icmp -j ACCEPT
ip6tables -A INPUT -i he-ipv6 -p ipv6-icmp -j ACCEPT

    The first line isn't really needed. It's because i load balance ipv4/failover pppoe and cable.

    I'm allow all ipv6-icmp to pass through. Also allowing ident. Then I've allowed ports specific to a host (this is the alternative to NAT as security).

    ip6tables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
ip6tables -t filter -P FORWARD DROP
ip6tables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
ip6tables -A FORWARD -s 2001:470:80fc::/48 -j ACCEPT
ip6tables -A FORWARD -p ipv6-icmp -j ACCEPT
ip6tables -A FORWARD -p tcp --dport 113 -j ACCEPT
ip6tables -A FORWARD -d 2001:470:80fc:57::myserver -p tcp --dport 53 -j ACCEPT
ip6tables -A FORWARD -d 2001:470:80fc:57::myserver -p udp --dport 53 -j ACCEPT
ip6tables -A FORWARD -d 2001:470:80fc:57::myserver -p tcp --dport 25 -j ACCEPT
ip6tables -A FORWARD -d 2001:470:80fc:57::myserver -p udp --dport 25 -j ACCEPT
ip6tables -A FORWARD -d 2001:470:80fc:57::myserver -p tcp --dport 80 -j ACCEPT

    Aussie ISP that sucks because its users suck has ipv6: http://ipv6.internode.on.net/

    I'd suggest not using their recommend dhcpd/dhclient as it's not really the one to be using. http://www.isc.org/software/dhcp as it now support PD.

    helpful punch on #ipv6 at freenode or efnet.

    Worth Going To Uni?

    in Everything Else

    Posted

    sup bro!

    I'm 20 almost 21 and live in Queensland. I'm currently studying IT (coming up to end of 2nd year). I do 5 subjects (uni 2 days) and work 3 days (help desk for a software company). IT is pretty straight forward shit. I don't rate the degree. Mind you I have little interest in continuing down the path of IT or any job that'll bind me the living in IQ40 heartland, the cities. I'm just getting a degree and getting gone. I'm also doing a ccna as some of my uni subjects as electives. I guess one needs to choose a path. I'm not sure how uni applications work down there. However, I'd look for a job and if that fails goto uni. In my work place the two youngest guys (aside form me) seem to be the most ahead in the IT team aside as they started right out of school and the company trusts them from the manager and 2ic. However, having little formal qualifications binds you to a company. As it can be hard for your next employer to rate your skills. Then again lots of iq40's at uni. I wouldn't write off tafe either. If anything tafe students are forced to learn so you end up at least knowing things. Rather than just knowing how to BS your way to a pass (4's open doors).

    If anything you need to find out where you want to go. you did mention somewhere in IT. However, that aint almost good enough otherwise you'll just float around on the bottom and likely join a union or something silly. I wouldn't worry about hecs/help you'd probably never earn over the amount needed haha. Pick a path and try it if it fails try something else. Keep in mind the IT is very broad so a guess don't just think of it as a computer screen a blob in front of it battling away.

    I've spent a fair amount of time doing alot of not much however I guess it helps me choose my path. However, this is essentially time wasted.

    finished year 12 in 2006 just turned 17.

    6 months IT at uni (passed) and part time labouring

    6 months full-time labourer

    6 months Town planning at uni (passed 3 out of 4 (being an easy class but I was too slack to showup)) and part time labouring

    6 months of working (labouring, boxing software for a company and helping on a harvest)

    6 months of a plumbing apprenticeship (got a mod 1)

    6 months which consisted of 1 month holiday in the usa, a few months helping dad on his new farm and another harvest

    6 months at uni doing IT/IT work (got credit for my 3 from town planning and my previous IT subjects and studied 5 this semester)

    I'm currently studying another lot of 5 IT subjects and intend on finishing my degree next year with two lots of 4 subjects. I'm doing a 5th subject this semester which is CCNA which is an out of interest thing. I'm also still working, they offered me a full-time job but I had to turn it down as finishing my degree is priority one.

    Anyhow, why have opted to finish an IT degree with all the nerds at uni. Well after 3 years with nothing to show another 2 to complete a degree which will show some sort of commitment is probably not the worst deal. There is also a few things I need to get done in this city before I part. At the end of the day it is probably worthwhile going to uni as it gives you more options so if you are unsure more options is probably what you want.

    I have shit writing and what not. Hell, my brain compartment is pretty fucked. I work uni like this. I walk into the exam with as close to 50% as i can get and anything i get on the exam is a bonus. It doesn't matter if I know the content, I need to be articulate it onto paper and well that's something that needs to happen in the life. a PC is no saviour to that. As I have grown older the uni work has gotten significantly easier.

    Then again i'm only a few months older than you.

    The Uk Has A New Goverment

    in Everything Else

    Posted

    Yep more multiculturalism that's what we need! I'm happy to allow people to move around this world. However, this ain't your part of the world. Respect it or leave it!

    VaKo:

    Don't hate those who don't lack the character to stand up and speak for the spineless silent majority.

    "We should be better than that!" - Dale Peterson

    I read something the other day which summed thing up quite well. http://bit.ly/avmhUE

    The Uk Has A New Goverment

    in Everything Else

    Posted

    BRING IT ON. Still in the EU like the suckers you are though! I think the Lib Dems were better off by doing this. Labour was a sinking ship (even with the lib dems, no majority). At least with the conservatives they'll get a few of their policies out there. They will never win a government on their own so this is by far the best move.

    AV vote system will be a big win for Labour (all the little socialist and shit parties preference labour). No doubt the Lib Dems will preference them after 1 term out of government.

    PR voting would have been a big win for UKIP and BNP though. No UKIP seats. Sad to see. Would have been nice to see Mr. Griffin get a seat and cause uproar.

    Sucks to be in Britain though. If I were there I'd be looking to move in the next 4 or 5 years (probably AUS or Alberta).

    Nice to see that multiculturalism is finally working and people are integrating (i'd tack "in Europe" on the end but it's the same in every western country which has an open boarders / multiculturalism do-gooder influence).

    Rule Britannia

    in Everything Else

    Posted

    That's bullshit. Cut him down!

    Fight or don't fight. But Jesus fuck don't fight to go from British rule to Argentinean rule hahaha. Independence (you can't defend your self from SA though. They see that oil and those boys get tough!) The simple fact is if Britain was not there SA would whoop your ass. USA wouldn't give two shits if it were and independent country.

    http://www.sciencedaily.com/releases/2007/...71208150135.htm

    Britain just ordered two new diesel aircraft carriers they'll be ready to whoop some ass and spend what they've got left.

    Austraila tries too hard...again

    in Everything Else

    Posted

    Public health care should be a basic right for all citizens, taking it away would push us ever so closer to America.

    I'm sick of paying for public health workers(not all of them but you know that ones i mean, they are in every gov department just "created" jobs) who do fuck all and people who fail to look after their health. It's not like they pay higher fee's because they are dumb as fuck and drinking/smoke/eat theme selves to death. If you suggest a way to make public health fairer and useful let me know. I have private health and it'll remain that way because the public health is such a joke.

    I feel a fairer system would be make it so people can choose to have insurance or not. If they don't have insurance then they can still retrieve treatment and foot the bill afterwards as a hospital who were to let someone die or refuse to treatment then would be liable and face large fines. That way the government could subsidise important operations for everyone with out the need of unproductive government workers.

    Why is it the workers have to pay tax and pay for meds when those who don't don't pay tax or for their meds! This system needs to be fair. Too much stuff is riding on the back of workers.

    Government needs to be as small as possible. Big government is never successful and when it is it doesn't last long before someone abuses it.

×
×
  • Create New...