Searchisdnconfig - choose 1, ippp1 to prevent default gateway to ippp0
/etc/isdn/device.ippp1:
edit all lines marked with XXX_:
LOCALIP=
REMOTEIP=AAA.BBB.CCC.DDD
LOCALMSN=''
REMOTEMSN=XXXXX
LEADINGZERO=''
# FIREWALL RULES (start)
iptables -A OUTPUT -o $device -p tcp --dport 22 -j ACCEPT
# FIREWALL RULES (stop)
iptables -D OUTPUT -o $device -p tcp --dport 22 -j ACCEPT
only ssh should trigger a dialout
/etc/isdn/ipppd.ippp1:
-pap
+chap
name USERNAME
noccp
nolzs
noipdefault
nodefaultroute
mru 1524
mtu 1500
ipcp-accept-local
ipcp-accept-remote
useifip
/etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
USERNAME * PASSWORD
[ view entry ] ( 855 views ) | print article
apt-get install scponly
gunzip /usr/share/doc/scponly/setup_chroot/setup_chroot.sh.gz
chmod 755 /usr/share/doc/scponly/setup_chroot/setup_chroot.sh
cd /usr/share/doc/scponly/setup_chroot/
./setup_chroot.sh /home/USERNAME USERNAME RELATIVE_WRITEABLE_DIR
cp /dev/null /home/USERNAME/dev
maybe cp /etc/groups /home/USERNAME/etc
HINT: login via ssh is not possible BUT PORTFORWARDING
[ view entry ] ( 657 views ) | print article
chroot a user logging in via ssh
apt-get install libpam-chroot
less /usr/share/doc/libpam-chroot/examples/README.example
/usr/share/doc/libpam-chroot/examples/setup-chrootdir-shell.sh
/etc/security/chroot.conf:
+USERNAME /var/chroot/sshd/home/USERNAME
/etc/pam.d/login:
+session required pam_chroot.so
To copy all linked libs (but not libs loaded at runtime) of a programm to our chroot
ldd /usr/bin/pprogram | awk '{if ($3 ~ /^[^ (]/) print $3}' | \
cpio -pdvuL $CHROOTDIR[ view entry ] ( 498 views ) | print article
apt-get install pptp-linux
i got a usb networkcard - to name it adsl i use udev and made /etc/udev/rules.d/local.rules
SUBSYSTEMS=="usb", KERNEL=="eth*", ATTRS{idVendor}=="050d", \
ATTRS{idProduct}=="0121", \
NAME="adsl"
/etc/network/interfaces
auto lo adsl lan dlanusb0 ppp0
iface lo inet loopback
iface adsl inet static
address 10.0.0.140
netmask 255.255.255.0
network 10.0.0.0
broadcast 10.0.0.255
up /etc/network/firewall
iface ppp0 inet ppp
provider adsl_provider
iface lan inet static
address 192.168.0.254
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
iface dlanusb0 inet static
address 192.168.1.254
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
/etc/network/firewall defines table ppp-forward:
iptables -N ppp-forward
iptables -A FORWARD -j ppp-forward
add USERNAME to /etc/ppp/chap-secrets
/etc/ppp/peers/adsl_provider
user USERNAME@PROVIDER
noauth
noipdefault
defaultroute
debug
persist
maxfail 0
holdoff 30
connect "while ! ping -c 1 10.0.0.138>/dev/null; do sleep 5; done "
pty "/usr/sbin/pptp 10.0.0.138 --nolaunchpppd --nobuffer"
/etc/ppp/ip-up.d/firewall
#!/bin/sh
OUTSIDE_DEV=$PPP_IFACE
ADSL_DEV=adsl
INSIDE_DEV=lan
INSIDE_DEV2=dlanusb0
OUTSIDE_IP=$PPP_LOCAL
GOOD_ADDR=192.168.0.0/24
GOOD_ADDR2=192.168.1.0/24
iptables -t nat -A POSTROUTING -s $GOOD_ADDR -o $OUTSIDE_DEV -j SNAT --to $OUTSIDE_IP
iptables -t nat -A POSTROUTING -s $GOOD_ADDR2 -o $OUTSIDE_DEV -j SNAT --to $OUTSIDE_IP
iptables -A ppp-forward -s $GOOD_ADDR -i $INSIDE_DEV -o $OUTSIDE_DEV -j good-bad
iptables -A ppp-forward -s $GOOD_ADDR2 -i $INSIDE_DEV2 -o $OUTSIDE_DEV -j good-bad
iptables -A ppp-forward -i $OUTSIDE_DEV -o $INSIDE_DEV -j bad-good
/etc/ppp/ip-down.d/firewall
#!/bin/sh
OUTSIDE_DEV=$PPP_IFACE
ADSL_DEV=adsl
INSIDE_DEV=lan
INSIDE_DEV2=dlanusb0
OUTSIDE_IP=$PPP_LOCAL
GOOD_ADDR=192.168.0.0/24
iptables -t nat -D POSTROUTING -s $GOOD_ADDR -o $OUTSIDE_DEV -j SNAT --to $OUTSIDE_IP
iptables -D ppp-forward -s $GOOD_ADDR -i $INSIDE_DEV -o $OUTSIDE_DEV -j good-bad
iptables -D ppp-forward -i $OUTSIDE_DEV -o $INSIDE_DEV -j bad-good
[ view entry ] ( 487 views ) | print article
dnsmasq with more than one interface
Read More...
[ view entry ] ( 985 views ) | print article
<<First <Back | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 |