Networking | Databases | Miscellaneous | About Me | Email Form
/etc/dhcpd.conf
authoritative;
allow unknown-clients;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.2 192.168.1.32;
default-lease-time 43200;
option subnet-mask 255.255.255.0;
option domain-name-servers 192.168.1.1;
option routers 192.168.1.1;
}
/etc/rc.conf ... dhclient=YES dhclient_flags="ppp0"
/etc/samba/smb.conf
[global]
netbios name = LINUX
workgroup = COANLAN
server string = Linux
security = share
domain master = yes
preferred master = yes
[pub]
comment = Public Share
path = /usr/pub
public = yes
writable = yes
/usr/local/sbin/firewall.sh #!/bin/sh # # Firewall and NAT Script # # Author : Matthew W. Coan # Date : Wed Mar 30 12:59:52 EST 2005 # # clear tables iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP # flush tables iptables -F INPUT iptables -F FORWARD iptables -F -t nat # set up IPForwarding, Masqurading and NAT # FTP #iptables -A FORWARD -p tcp -i eth0 -o eth1 -j ACCEPT # winmx #iptables -A FORWARD -p tcp -i eth0 -o eth1 --source 192.168.1.32 -j ACCEPT #iptables -A FORWARD -p udp -i eth0 -o eth1 --source 192.168.1.32 -j ACCEPT # AOL IM iptables -A FORWARD -p tcp -m multiport -i eth0 -o eth1 --destination-port 5190 -j ACCEPT # forward DHCP and BOOTP iptables -A FORWARD -p udp -m multiport -i eth0 -o eth1 --destination-port 67 -j ACCEPT iptables -A FORWARD -p udp -m multiport -i eth0 -o eth1 --destination-port 68 -j ACCEPT # forward HTTP iptables -A FORWARD -p tcp -m multiport -i eth0 -o eth1 --destination-port 80 -j ACCEPT # forward HTTPS iptables -A FORWARD -p tcp -m multiport -i eth0 -o eth1 --destination-port 443 -j ACCEPT # forward SSH iptables -A FORWARD -p tcp -m multiport -i eth0 -o eth1 --destination-port 22 -j ACCEPT # forward all established and related packets to eth0 from eth1 iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT # winmx #iptables -t nat -A PREROUTING -p tcp -i eth1 -m multiport --destination-port 6699 -j DNAT --to-destination 192.168.1.32 #iptables -t nat -A PREROUTING -p udp -i eth1 -m multiport --destination-port 6257 -j DNAT --to-destination 192.168.1.32 #iptables -A FORWARD -p tcp -i eth1 -o eth0 -m multiport --destination-port 6699 -j ACCEPT #iptables -A FORWARD -p udp -i eth1 -o eth0 -m multiport --destination-port 6257 -j ACCEPT # allow astablished and related input on eth1 iptables -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT # winmx #iptables -A INPUT -p tcp -i eth1 -m multiport --destination-port 6699 -j ACCEPT #iptables -A INPUT -p udp -i eth1 -m multiport --destination-port 6257 -j ACCEPT # enable forwarding echo 1 > /proc/sys/net/ipv4/ip_forward # allow I/O on interfaces eth0 and lo iptables -A INPUT -i eth0 -s 0/0 -d 0/0 -j ACCEPT iptables -A OUTPUT -o eth0 -s 0/0 -d 0/0 -j ACCEPT iptables -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT iptables -A OUTPUT -o lo -s 0/0 -d 0/0 -j ACCEPT # MASQUERADE iptables -A POSTROUTING -t nat -o eth1 -j MASQUERADE # FTP iptables -A OUTPUT -o eth1 -s 0/0 -d 0/0 -p tcp -j ACCEPT # BOOTP DHCP iptables -A OUTPUT -o eth1 -s 0/0 -d 0/0 -p udp --destination-port 67:68 -j ACCEPT # allow DNS iptables -A OUTPUT -o eth1 -s 0/0 -d 0/0 -p udp --destination-port 53 -j ACCEPT # allow HTTP iptables -A OUTPUT -o eth1 -s 0/0 -d 0/0 -p tcp --destination-port 80 -j ACCEPT #iptables -A INPUT -i eth1 -s 0/0 -d 0/0 -p tcp --destination-port 80 -j ACCEPT # allow HTTPS iptables -A OUTPUT -o eth1 -s 0/0 -d 0/0 -p tcp --destination-port 443 -j ACCEPT # allow SSH iptables -A OUTPUT -o eth1 -s 0/0 -d 0/0 -p tcp --destination-port 22 -j ACCEPT #iptables -A INPUT -i eth1 -s 0/0 -d 0/0 -p tcp --destination-port 22 -j ACCEPT # block spoofing iptables -A INPUT -i eth1 -s 192.168.1.0/32 -d 0/0 -j DROP iptables -A INPUT -i eth1 -s 127.0.0.0/8 -d 0/0 -j DROP
/usr/local/sbin/zeroipt.sh iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -F INPUT iptables -F FORWARD iptables -F OUTPUT iptables -F -t natNetBSD Firewall – This is my IPFilter NetBSD firewall. It blocks all incoming connections. It only allows only a few outgoing connections. It is written to work with a modem that is the ppp0 network interface that is a connection to the Internet.
/etc/ipf.conf # # IPFilter configuration file. # # Author : Matthew W. Coan # Date : Sun Jan 16 13:55:23 EST 2005 # # Block all ppp0 packets block in on ppp0 all block out on ppp0 all # ICMP #pass in on ppp0 proto icmp all #pass out on ppp0 proto icmp all # DNS pass out on ppp0 proto udp from any to any port = domain keep state # WHO IS pass out on ppp0 proto tcp from any to any port = whois keep state # HTTP pass in on ppp0 proto tcp from any to any port = http keep state pass out on ppp0 proto tcp from any to any port = http keep state # HTTPS #pass in on ppp0 proto tcp from any to any port = https keep state pass out on ppp0 proto tcp from any to any port = https keep state # IRC #pass out on ppp0 proto tcp from any to any port = 6669 keep state #pass out on ppp0 proto tcp from any to any port = 6668 keep state #pass out on ppp0 proto tcp from any to any port = 6667 keep state #pass out on ppp0 proto tcp from any to any port = 6666 keep state # SSH pass in on ppp0 proto tcp/udp from any to any port = ssh keep state pass out on ppp0 proto tcp/udp from any to any port = ssh keep state # FTP #pass out on ppp0 proto tcp from any to any port = ftp keep state # Passive FTP #pass out on ppp0 proto tcp from any to any port > 1023 keep state # Active FTP #pass in on ppp0 proto tcp from any to any port = ftp-data keep state #pass in on ppp0 proto tcp from any port = ftp-data to any port > 1023 keep state # WinMX TCP #pass in on ppp0 proto tcp from any to 192.168.1.32 port = 6699 keep state #pass out on ppp0 proto tcp from 192.168.1.32 to any keep state # WinMX UDP #pass in on ppp0 proto udp from any to 192.168.1.32 port = 6257 keep state #pass out on ppp0 proto udp from 192.168.1.32 to any keep state # Block and log IP spoofing block in log on ppp0 from 192.168.1.0/32 to any block in log on ppp0 from 127.0.0.1 to any
/etc/ipnat.conf # # IPNAT configuration file. # # Author : Matthew W. Coan # Mon Jan 10 13:14:22 EST 2005 # map ppp0 192.168.1.2/24 -> 0/32 proxy port ftp ftp/tcp map ppp0 192.168.1.0/24 -> 0/32 portmap tcp/udp 40000:60000 map ppp0 192.168.1.0/24 -> 0/32PPP – These are my point-to-point protocol (PPP) scripts under NetBSD. These scripts are used to connect to the Internet under NetBSD using a modem and the user land pppd program.
/etc/ppp/ip-up #!/bin/sh # start IP NAT /etc/rc.d/ipnat forcestart /etc/ppp/ip-down #!/bin/sh /etc/rc.d/ipnat forcestop /etc/ppp/options lock modem crtscts defaultroute /dev/tty03 56000 /etc/ppp/pap-secrets "my_user_name@earthlink.net" "" mypassword /etc/ppp/peers/earthlink user 'my_user_name@earthlink.net' connect '/usr/sbin/chat -v -f /etc/ppp/peers/earthlink.chat' /etc/ppp/peers/earthlink.chat 'ABORT' 'BUSY' 'ABORT' 'ERROR' 'ABORT' 'NO CARRIER' 'ABORT' 'NO DIALTONE' 'ABORT' 'Invalid Login' 'ABORT' 'Login incorrect' '' 'ATZ' 'OK' 'ATDT 94435644078' 'CONNECT' ''