Jump to content

Search the Community

Showing results for tags 'ufw'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

Found 4 results

  1. Hello all, first post here on the forms... I am having an issue with my ufw rules on routing vpn traffic to/from my LAN. I followed the “OpenVPN from scratch” and changed the server.conf to allow LAN resource sharing over my tun0 connection. I included what I added in the server.conf file. If I disable the ufw service, I can successfully share my resources over my vpn connection. My issue is that, I lack the true ufw-fu... I have looked into the wild and found some iptables rules that look solid, but I do not yet have the experience to translate them into a usable ufw format... I want to learn and know this is platform. ———————MyConfigs——————— nano server.conf dh2048.pem dev tun topology subnet 10.8.0.0 255.255.255.0 redirect-gateway DNS (change DNS addresses to google) 8.8.8.8 8.8.4.4 nobody (user and group) push "route 192.168.1.0 255.255.255.0" save nano /etc/sysctl.conf uncomment net.ipv4.ip_forward save ufw allow 1194/udp nano /etc/default/ufw change DEFAULT_FORWARD_POLICY="ACCEPT" save nano /etc/ufw/before.rules add the follow toward the top: *nat :POSTROUTING ACCEPT [0.0] -A POSTROUTING -s 10.8.0.0/8 -o ens33 -j MASQUERADE COMMIT save ufw status ufw enable y ufw status https://m.youtube.com/watch?v=XcsQdtsCS1U&autoplay=1 ———————MyConfigs——————— ———————FromTheWild——————— # Allow traffic initiated from VPN to access LAN iptables -I FORWARD -i tun0 -o eth0 -s 10.8.0.0/24 -d 192.168.1.0/24 -m conntrack --ctstate NEW -j ACCEPT # Allow traffic initiated from VPN to access "the world" iptables -I FORWARD -i tun0 -o eth1 -s 10.8.0.0/24 -m conntrack --ctstate NEW -j ACCEPT # Allow traffic initiated from LAN to access "the world" iptables -I FORWARD -i eth0 -o eth1 -s 192.168.1.0/24 -m conntrack --ctstate NEW -j ACCEPT # Allow established traffic to pass back and forth iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # Notice that -I is used, so when listing it (iptables -vxnL) it # will be reversed. This is intentional in this demonstration. # Masquerade traffic from VPN to "the world" -- done in the nat table iptables -t nat -I POSTROUTING -o eth1 -s 10.8.0.0/24 -j MASQUERADE # Masquerade traffic from LAN to "the world" iptables -t nat -I POSTROUTING -o eth1 -s 192.168.1.0/24 -j MASQUERADE https://community.openvpn.net/openvpn/wiki/BridgingAndRouting ———————FromTheWild———————
  2. Hi have anyone managed to get UFW and wp6.sh to work together?. I can't figure out how to create the UFW rules. I have litle to non experience writing ufw rules
  3. Uncomplicated Firewall (ufw) is a firewall that is designed to be easy to use. It uses a command line interface consisting of a small number of simple commands, and uses iptables for configuration. GUI for Uncomplicated Firewall (Gufw) is,as the name states, a graphical user interface for UFW (Uncomplicated Firewall). It has been designed for Ubuntu, but is also available in other Debian based distributions and in Arch Linux. Gufw is intended to be an easy, intuitive, way to manage an Debian firewall. It supports common tasks such as allowing or blocking pre-configured, common P2P, or individual ports. Gufw is powered by UFW, runs on Debian, and anywhere elsePython, GTK, and UFW are available. To install gufw open the terminal and type root@k4linux:/# apt-get install gufw see the video tutorial for manage ports : for more
  4. I'm trying to "hide" the fact that SSH + deluge are running when port scanned. I think my options are I can firewall the server, open SSH port and keep it visible, and get to the deluge by going to localhost:8112 after a ssh -D $someport. Or, I can use knockknock and hide SSH and Deluge but need to keep 1outbound+1inbound tcp port open for deluge xfers (or use knockknock-proxy). - Server(s) running Ubuntu 10.10 --> 12.04 - knockknock --> http://www.thoughtcr...are/knockknock/ - SSH - deluge-torrent.org/ 1. Has anyone on the forums attempted to setup port knocking with knockknock before? 2. Am I correct in assuming that it would be wise to NOT use UFW to configure my firewall and instead rely strictly on iptables? I believe this to be true because knockknock will need custom iptable entries to work. 3. SSH seems simple to think through. Knock on one port and connect. All Inbound+Outbound traffic flows over one port after the connection is established -- easy enough. 4. I threw in an application like Deluge because I can't get my head around the firewall logic. "deluged" runs as a local daemon on the server. Once a Torrent is added it needs two ports to operate (1 Inbound + 1 Outbound). "deluge-web --fork" is a web gui to add/remove Torrents. It runs on a separate port (8112 by default), for a total of three. My best guess is to create a knockknock rule for the web gui (8112) and leave deluge's inbound (5000) + outbound (6000) ports open and standard SSH knockknock rule. OR should I use the knockknock-proxy? Can anyone contribute/comment on how this should be setup? THANKS
×
×
  • Create New...