Category Archives: Operation Systems

FreeBSD Gateway

Leave a reply

FreeBSD Handbook: Setting Up the Serial Console

Boot Config

###
### rc.conf Boot Config File
### by Andreas Bachmann
###

### CONSOLE ####################################################################
font8x14="NO"
font8x16="swiss-8x16"
font8x8="swiss-8x8"
inetd_enable="NO"
keymap="swissgerman.cp850"

### NETWORK ####################################################################
hostname="gateway.lan.bachi.net"
ifconfig_vr0="DHCP"
ifconfig_vr1="10.0.0.1 255.0.0.0"
### ifconfig_vr2="10.0.0.5 255.0.0.0"
gateway_enable="YES"

### FIREWALL ###################################################################
pf_enable="YES"
pf_rules="/etc/pf.conf"
pf_flags=""
pflog_enable="YES"
pflog_logfile="/var/log/pf.log"
pflog_flags=""

### DAEMONS ####################################################################
sendmail_enable="NONE"

dhcpd_enable="YES"
dhcpd_ifaces="vr1"

sshd_enable="YES"

snmpd_enable="YES"
snmpd_flags="-a"
snmpd_pidfile="/var/run/snmpd.pid"

ntpdate_enable="YES"
ntpdate_hosts="swisstime.ethz.ch"

NTP

server 0.ch.pool.ntp.org
server 1.ch.pool.ntp.org
server 2.ch.pool.ntp.org
server 3.ch.pool.ntp.org

Kernel Config

###
### BACHI-NET Kernel Configurations File
### by Andreas Bachmann
###

machine     i386
cpu         I586_CPU
ident       GATEWAY-CF

###############################################################################
# CPU OPTIONS
options     CPU_GEODE
device      cpufreq                         # CPU frequency control
options     HZ=1000                         # Smoother scheduling
options     FLOWTABLE                       # per-cpu routing cache

###############################################################################
# SCHEDULING
options     SCHED_ULE                       # new scheduler
options     PREEMPTION                      # Preemptive Scheduler

###############################################################################
# POSIX P1003.1B
options     P1003_1B_SEMAPHORES             # POSIX-style semaphores
options     _KPOSIX_PRIORITY_SCHEDULING     # POSIX P1003_1B real-time extensions

###############################################################################
# PARTITIONING
options     GEOM_PART_GPT                   # GUID Partition Tables.
options     GEOM_LABEL                      # Provides labelization

###############################################################################
# TRUSTEDBSD MAC FRAMEWORK
options     MAC                             # TrustedBSD MAC Framework

###############################################################################
# FILE SYSTEM
options     FFS                             # Berkeley Fast Filesystem
options     PROCFS                          # Process filesystem (requires PSEUDOFS)
options     PSEUDOFS                        # Pseudo-filesystem framework
options     SOFTUPDATES                     # Enable FFS soft updates support
options     UFS_ACL                         # Support for access control lists
options     UFS_DIRHASH                     # Improve performance on big directories
options     UFS_GJOURNAL                    # Enable gjournal-based UFS journaling
options     MD_ROOT                         # MD is a potential root device

###############################################################################
# CRYPTO SUBSYSTEM
device      crypto                          # core crypto support
device      cryptodev                       # /dev/crypto for access to h/w

###############################################################################
# SECURITY POLICY PARAMETERS
options     AUDIT                           # Security event auditing

###############################################################################
# COMPATIBILITY OPTIONS
options     COMPAT_43                       # Compatible with BSD 4.3 [KEEP THIS!]
options     COMPAT_FREEBSD4                 # Compatible with FreeBSD4
options     COMPAT_FREEBSD5                 # Compatible with FreeBSD5
options     COMPAT_FREEBSD6                 # Compatible with FreeBSD6
options     COMPAT_FREEBSD7                 # Compatible with FreeBSD7

options     SYSVSHM                         # SYSV-style shared memory
options     SYSVMSG                         # SYSV-style message queues
options     SYSVSEM                         # SYSV-style semaphores

###############################################################################
# BUS TYPES
device      eisa                            # Extended Industry Standard Architecture (EISA) Bus
device      pci                             # Peripheral Computer Interface (PCI) Bus
device      uart                            # Universal Asynchronous Receiver/Transmitter (UART) Bus
device      miibus                          # Media Independent Interface (MII) Bus

###############################################################################
# SYSTEM MANAGEMENT INTERFACE DEVICES
device      pmtimer

###############################################################################
# DISK DEVICES
device      md                              # Memory "disks"

###############################################################################
# ATA DEVICES
device      ata                             #
device      atadisk                         # ATA disk drives
device      atapicam                        # emulate ATAPI devices as SCSI ditto via CAM

###############################################################################
# SCSI OPTIONS AND DEVICES
device      scbus                           # Base SCSI Code
device      ch                              # SCSI media changers
device      da                              # SCSI direct access devices (aka disks)
device      sa                              # SCSI tapes
device      cd                              # SCSI CD-ROMs
device      pass                            # CAM passthrough driver

options     SCSI_DELAY=300                  # Delay (in ms) before probing SCSI

###############################################################################
# NETWORKING OPTIONS AND DEVICES
options     INET                            # InterNETworking

options     NETGRAPH                        # netgraph(4) system

options     ALTQ                            # Alternate queuing
options     ALTQ_CBQ                        # Class Bases Queueing
options     ALTQ_RED                        # Random Early Detection
options     ALTQ_RIO                        # RED In/Out
options     ALTQ_HFSC                       # Hierarchical Packet Scheduler
options     ALTQ_CDNR                       # Traffic conditioner
options     ALTQ_PRIQ                       # Priority Queueing
options     ALTQ_NOPCC                      # Required for SMP build

device      loop                            # Network loopback
device      ether                           # Ethernet support
device      bpf                             # Berkeley packet filter
device      bridge                          # Network bridge device

device      pf                              # PF OpenBSD packet-filter firewall
device      pflog                           # logging support interface for PF

device      vr                              # VIA Rhine, Rhine II

###############################################################################
# PERIPHERAL DEVICES
device      atkbdc                          # AT keyboard controller
device      atkbd
device      kbdmux                          # keyboard multiplexer
device      psm

options     KBD_INSTALL_CDEV                # Install a CDEV entry in /dev

###############################################################################
# GRAPHIC DEVICES AND OPTIONS
device      vga                             # VGA video card driver
device      agp                             # support several AGP chipsets
device      splash                          # Splash screen and screen saver support

###############################################################################
# SYSTEM CONSOLE DEVICES AND OPTIONS
device      sc                              # syscons console driver

###############################################################################
# MISCELLANEOUS DEVICES AND OPTIONS
device      random                          # Entropy device
device      pty                             # Pseudo-ttys (telnet etc)
device      snp                             # Snoop device
device      firmware                        # firmware assist module

###############################################################################
# UBS DEVICES AND OPTIONS

device      uhci                            # UHCI controller
device      ohci                            # OHCI controller
device      ehci                            # EHCI controller
device      usb                             # General USB code (mandatory for USB)

device      udbp                            # USB Double Bulk Pipe devices
device      uhid                            # Human Interface Device
device      ukbd                            # USB keyboard
device      ums                             # USB mouse
device      ulpt                            # USB printer

Bootloader Config

console="comconsole"

TTY Config

[...]
console none                            unknown off secure
#
ttyv0   "/usr/libexec/getty Pc"         cons25  off secure
# Virtual terminals
ttyv1   "/usr/libexec/getty Pc"         cons25  off secure
ttyv2   "/usr/libexec/getty Pc"         cons25  off  secure
ttyv3   "/usr/libexec/getty Pc"         cons25  off secure
ttyv4   "/usr/libexec/getty Pc"         cons25  off secure
ttyv5   "/usr/libexec/getty Pc"         cons25  off secure
ttyv6   "/usr/libexec/getty Pc"         cons25  off secure
ttyv7   "/usr/libexec/getty Pc"         cons25  off secure
ttyv8   "/usr/local/bin/xdm -nodaemon"  xterm   off secure
# Serial terminals
# The 'dialup' keyword identifies dialin lines to login, fingerd etc.
ttyu0   "/usr/libexec/getty std.9600"   vt100   on  secure
ttyu1   "/usr/libexec/getty std.9600"   dialup  off secure
ttyu2   "/usr/libexec/getty std.9600"   dialup  off secure
ttyu3   "/usr/libexec/getty std.9600"   dialup  off secure
# Dumb console
dcons   "/usr/libexec/getty std.9600"   vt100   off secure
# Pseudo terminals
ttyp0   none                    network
[...]

fstab Config

# Device                Mountpoint      FStype  Options         Dump    Pass#
/dev/ad0s1b             none            swap    sw              0       0
/dev/ad0s1a             /               ufs     rw              1       1
/dev/ad0s1d             /tmp            ufs     rw              2       2
/dev/ad0s1f             /usr            ufs     rw              2       2
/dev/ad0s1e             /var            ufs     rw              2       2

Disk Slices

[root@gateway /home/bachi]# df
Filesystem  1K-blocks   Used   Avail Capacity  Mounted on
/dev/ad0s1a    253678  27696  205688    12%    /
devfs               1      1       0   100%    /dev
/dev/ad0s1d    253678     12  233372     0%    /tmp
/dev/ad0s1f   2358280 997176 1172442    46%    /usr
/dev/ad0s1e    507630   9778  457242     2%    /var

[root@gateway /home/bachi]# fdisk
[...]
parameters extracted from in-core disklabel are:
cylinders=7964 heads=16 sectors/track=63 (1008 blks/cyl)
Media sector size is 512
Information from DOS bootblock is:
The data for partition 1 is:
sysid 165 (0xa5),(FreeBSD/NetBSD/386BSD)
    start 63, size 8016372 (3914 Meg), flag 80 (active)
        beg: cyl 0/ head 1/ sector 1;
        end: cyl 498/ head 254/ sector 63
[...]

PF Config

if_inet="vr0"                 # Internet
if_lan="vr1"                  # Intranet
torrent_client="10.0.0.251"
net_lan="10.0.0.0/8"

users = "{
    10.0.0.251,
    10.0.0.11,
    10.0.0.249,
    10.0.0.250,
    10.0.0.17
}"

nat on $if_inet from $net_lan to any -> ($if_inet)

#rdr on $if_inet proto tcp from any to $if_inet port { 6881, 6882, 8713 } -> $torrent_client
#rdr on $if_inet proto tcp from any to $if_inet port { 4000, 4001, 4002, 4080, 4662, 4666, 9335, 53357, 14890 } -> $torrent_client
#rdr on $if_inet proto tcp from any to $if_inet port { 80, 8080, 443 } -> $torrent_client
#rdr on $if_inet proto tcp from any to $if_inet port { 6000 }  -> $torrent_client

block all

pass in on $if_inet all
pass in on $if_lan from $users to any
pass out all

DHCPD Config

###
### GATEWAY DHCP Server Configuration
### by Andreas Bachmann
###

authoritative;
ddns-update-style ad-hoc;

default-lease-time                  600;
max-lease-time                      7200;

subnet 10.0.0.0 netmask 255.0.0.0 {
    option  subnet-mask             255.0.0.0;
    option  broadcast-address       10.255.255.255;
    option  domain-name-servers     195.134.157.20;
    option  routers                 10.0.0.1;

   range 10.0.0.10 10.0.0.254;
}

Create SNMPv3 User

Leave a reply 
$ sudo net-snmp-config --create-snmpv3-user -ro -X DES -A MD5 -a "<PASSWORD>" -x "<PASSWORD>" <USERNAME>
adding the following line to /var/lib/snmp/snmpd.conf:
   createUser <USERNAME> MD5 "<PASSWORD>" DES <PASSWORD>
adding the following line to /usr/share/snmp/snmpd.conf:
   rouser <USERNAME>

SNMP Konfigurieren

Leave a reply

SNMPv3

README.snmpv3

Timeout Error

# snmpget -v 2c -c public localhost sysUpTime.0
Timeout: No Response from localhost.

# snmpget -v 3 -u USER -A PASSWORD localhost sysUpTime.0
snmpget: Timeout (Sub-id not found: (top) -> sysUpTime)

# snmpd -p /var/run/net_snmpd.pid -f -Lo -D udpbase:recv
registered debug token udpbase:recv, 1
/usr/local/share/snmp/snmpd.conf: line 18: Warning: Unknown token: agendAddress.
Turning on AgentX master support.
NET-SNMP version 5.7.2
udpbase:recv: got source addr: 127.0.0.1
Connection from UDP: [127.0.0.1]:43137->[127.0.0.1]:161

snmplib/transports/snmpUDPDomain.c
netsnmp_transport *netsnmp_udp_transport(struct sockaddr_in *addr, int local)
{
    netsnmp_transport *t = NULL;

    t->domain = netsnmpUDPDomain;
    t->domain_length = netsnmpUDPDomain_len;
    t->msgMaxSize = 0xffff - 8 - 20;
    t->f_recv     = netsnmp_udpbase_recv;
    t->f_send     = netsnmp_udpbase_send;
    t->f_close    = netsnmp_socketbase_close;
    t->f_accept   = NULL;
    t->f_fmtaddr  = netsnmp_udp_fmtaddr;
}

snmplib/transports/snmpUDPBaseDomain.c
int netsnmp_udpbase_recv(netsnmp_transport *t, void *buf, int size, void **opaque, int *olength)

snmplib/transports/snmpUDPDomain.c
int netsnmp_udp_recvfrom(int s, void *buf, int len, struct sockaddr *from, socklen_t *fromlen, struct sockaddr *dstip, socklen_t *dstlen, int *if_index)

snmplib/transports/snmpUDPIPv4BaseDomain.c
int netsnmp_udpipv4_recvfrom(int s, void *buf, int len, struct sockaddr *from, socklen_t *fromlen, struct sockaddr *dstip, socklen_t *dstlen, int *if_index)

snmplib/transports/snmpUDPBaseDomain.c
int netsnmp_udpbase_recvfrom(int s, void *buf, int len, struct sockaddr *from, socklen_t *fromlen, struct sockaddr *dstip, socklen_t *dstlen, int *if_index)

# cat /etc/pf.conf
[...]
set skip on lo
[...]

ubuntuusers.de
Wolfgang Reutz’s Blog
Walter Munguía M.

Ubuntu Networking

Leave a reply

Dynamic IP Address Assignment (DHCP Client)

auto eth0
iface eth0 inet dhcp

Static IP Address Assignment

auto eth0
iface eth0 inet static
address 10.0.0.100
netmask 255.255.255.0
gateway 10.0.0.1

Restart

sudo ifup eth0
sudo ifdown eth0

Wireshark ohne root starten

Leave a reply 
sudo chgrp wireshark /usr/bin/dumpcap
sudo chmod 754 /usr/bin/dumpcap
sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap

Reihenfolge ist zubedingt zu beachten!

oder

Q)
Keine Interfaces sichtbar

A)

sudo dpkg-reconfigure wireshark-common 
sudo usermod -a -G wireshark $USER
http://ask.wireshark.org/questions/7523/ubuntu-machine-no-interfaces-listed

Quelle:
Platform-Specific information about capture privileges
Sniffing with Wireshark as a Non-Root User