-
Suggestion: sharing connection
Hi to all,
I am new of Knoppix, but I am astonished!!!
I tried it and I found it incredible,,,
Now, my 1 cent tip:
why not the possibility to share a connection with other machines ? I mean enabling Knoppix to act as a gateway/proxy/router. It should be possible also to add a dhcp/nat server to integrate with the existing Samba tools.
I know some mini-distributions doing all this on a single 'enhanced' floppy. So, the total weight it should be not so terrible...
In any case, my sincere congratulations!
regards,
vanni
-
I currently have knoppix setup at my house as a router. I'm also using squid as a caching server on it too which seems to speed up my slow dialup somewhat.
I have a laptop using wireless, a desktop, and my knoppix router connected together through an SMC wireless router (router part not being used since i no longer have broadband).
I have dialup.
When knoppix detects an outgoing connection from either my desktop or my laptop (wireless) it uses the external modem and dials out to the internet.
I am using iptables to nat the connection and my wirless router to do dhcp.
You must first turn on ipforwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
Then there is one line you will need to masqurade packets (the -o is the interface your are exiting on, since i dial up it's ppp0)
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
So it is doable, but I do think it would be cool to have a graphical frontend for people who arent used to doing stuff like this. That way they could pop in knoppix, click a few boxes and share a connection.
-
Senior Member
registered user
While it might be nice to have an "all in one" toolbox on a Knoppix disc making it into a router distro is IMO overkill. There are already a multitude of distros that do this both on floppy and cd. Generally speaking a dedicated router isn't going to have the necessary RAM to boot and run a GUI. Most router distros don't have X windows but certainly do have menus that are easy to use. My router has a whopping 16M RAM and is incapable of booting from cd. Additionally every line of code you add creates another opportunity for a hole in your firewall.
Certainly it is possible and has been suggested before and I believe there are some people actively working on just such a version of Knoppix.
adamm- Using a DNS cache is a great way to speed things up because of course you no longer need to rely on your ISP's DNS for resolution. Now for the true test of your router- have you scanned all 65535 ports? Not just the most common ones but all of them. What were the results? My little floppy distro is completely invisible except for port 22 as I like to ssh in from work from time to time and that requires a signature key AND a MAC address.
-
Senior Member
registered user
Re: Suggestion: sharing connection
Originally Posted by
guarnier
Hi to all,
I am new of Knoppix, but I am astonished!!!
I tried it and I found it incredible,,,
Now, my 1 cent tip:
why not the possibility to share a connection with other machines ? I mean enabling Knoppix to act as a gateway/proxy/router. It should be possible also to add a dhcp/nat server to integrate with the existing Samba tools.
I know some mini-distributions doing all this on a single 'enhanced' floppy. So, the total weight it should be not so terrible...
In any case, my sincere congratulations!
regards,
vanni
Let's laugh its already possible!
K, Knoppix, Services, Knoppix-Terminalserver
Fire it up, and select the appropriate things and voila you have a router
cu
Fabian
-
Originally Posted by
rickenbacherus
adamm- Using a DNS cache is a great way to speed things up because of course you no longer need to rely on your ISP's DNS for resolution. Now for the true test of your router- have you scanned all 65535 ports? Not just the most common ones but all of them. What were the results? My little floppy distro is completely invisible except for port 22 as I like to ssh in from work from time to time and that requires a signature key AND a MAC address.
I'm not using a DNS cache I'm using a web cache, so I don't have to download images all the time over my 33.1 connection (living in the country is nice, but no broadband sucks). I visit a site once and it's cached, for all computers. I'm doing a transparent squid caching server.
http://www.squid-cache.org/
The ports I have open are
22 ssh
25 smtp
3128 squid
All ports are locked down using tcpwrappers and these services are configured to only be used from eth0 and not the ppp0, except ssh, and that is locked down to only be accessed from my computer at work. (I couldn't get in anyway since it's not dialed up while i'm at work, although I do have a cron job running that emails me my IP address every time it connects to the internet, that way when my wife dials up and i'm at work, i can ssh if i need)
I've been messing with linux since Red Hat 5.2 and Knoppix is probably the most fun distro I have messed with. I have learned so much from tinkering with it. I'm used to Cisco routers, but i've been having a lot of fun with iptables lately.
Now that you mention it, I might setup a caching DNS server too
BTW, which floppy distro are you using...LRP?
-
Senior Member
registered user
[quote="adamm"]
Originally Posted by
rickenbacherus
I'm not using a DNS cache I'm using a web cache, so I don't have to download images all the time over my 33.1 connection (living in the country is nice, but no broadband sucks). I visit a site once and it's cached, for all computers. I'm doing a transparent squid caching server.
http://www.squid-cache.org/
Heard of it- obviously I've never used it. :P
All ports are locked down using tcpwrappers and these services are configured to only be used from eth0 and not the ppp0, except ssh, and that is locked down to only be accessed from my computer at work.
Same here except that I just forward all ports but 22 to a non-existant machine on my network.
I'm used to Cisco routers, but i've been having a lot of fun with iptables lately.
Uh oh- you shouldn't have told me that- I must have at least a million questions about Cisco routers and iptables. I really only know ipchains and not that well.
BTW, which floppy distro are you using...LRP?
Actually..........these Linux routers are a hobby in and of themselves. I have built several. I've used Clark Connect, IPCop, Gibralter and, Devil.
Currently working on Digital DEC 486 laptop w/ 8M and a dual pcmcia card. No luck there yet w/ a few different distros. Linux router through pcmcia is killing me.
Main router is a K5 w 16M & Coyote Linux. Just started building a Bering floppy (LEAF) yesterday for same box. Considering buying a Toshiba laptop 233Mhz 160M which would boot a cd distro quite nicely. These different cd distros (floppies too) all have their little intricacies (sp?) so they're each a new challenge. Bering is quite awesomely configurable AND it uses iptables- Shorewall in fact. AAMOF- I'm off to work on it now.
-
Senior Member
registered user
Originally Posted by
rickenbacherus
Same here except that I just forward all ports but 22 to a non-existant machine on my network.
Perhaps this will expose my ignorance, but what is the advantage of doing this as opposed to closing the port? Is this simply what it takes to stealth your ports?
-
Senior Member
registered user
Originally Posted by
aay
Originally Posted by
rickenbacherus
Same here except that I just forward all ports but 22 to a non-existant machine on my network.
Perhaps this will expose my ignorance, but what is the advantage of doing this as opposed to closing the port? Is this simply what it takes to stealth your ports?
It does stealth your ports. There are other ways of doing it but I'm not really clear on how.
Suppose I'm a hacker- I do a port scan on your ip address. Port 23 comes back as closed- no you're not running telnet on that port but I know for a fact that you're there. If you forward to a non-existant machine the packets don't get sent back- there is no response. It's alot like spammers- if you 'Reply' then they just know that they have an active email account.
-
Senior Member
registered user
Is it possible then to have all ports forwarded to a non existant address (even ones you want to access) unless your incomming request meets certain requirements: for example, having a specific mac address? That would be really nice.
-
Originally Posted by
aay
Is it possible then to have all ports forwarded to a non existant address (even ones you want to access) unless your incomming request meets certain requirements: for example, having a specific mac address? That would be really nice.
You should be able to do something like that using
--mac-source [!] address
Match source MAC address. It must be of the form
XX:XX:XX:XX:XX:XX. Note that this only makes sense for packetscoming from an Ethernet device and entering the PREROUTING, FORWARD or INPUT chains.
found this in
man iptables
Similar Threads
-
By Jwizzman in forum Networking
Replies: 8
Last Post: 09-12-2004, 09:52 PM
-
By tortele in forum Networking
Replies: 1
Last Post: 06-08-2004, 08:53 AM
-
By Jeffr680J in forum Networking
Replies: 3
Last Post: 01-08-2004, 10:46 AM
-
By Yeti in forum Networking
Replies: 1
Last Post: 12-09-2003, 06:56 AM
-
By captaincourage in forum Networking
Replies: 1
Last Post: 11-29-2003, 06:01 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
SanDisk 128GB Extreme PRO USB 3.2 Solid State Flash Drive - SDCZ880-128G-A46
$36.99
SanDisk 128GB Ultra Flair USB 3.0 Flash Drive - SDCZ73-128G-G46
$12.99
512GB USB Flash Drive External Storage Memory Stick For iPhone iPad Android
$17.59
SanDisk 32GB Ultra Dual Drive USB Type-C, USB 3.1 Flash Drive - SDDDC2-032G-G46
$10.99
New TESLA OEM Model S,3,X,Y USB Flash Drive for Dashcam & Sentry Mode 128GB
$18.99
Sandisk 16GB 32GB 64GB 128GB Cruzer Blade Flash Drive Memory Stick USB Lot Pack
$4.99
Lenovo USB 16TB 3.0 USB Flash Drive Thumb Disk Silver Transfer Metal Memory
$24.99
2TB USB 3.0 Flash Drive Memory Photo Stick for iPhone Android iPad Type C 3 IN1
$13.00
USB Flash Drive Memory Stick Pendrive Thumb Drive 4GB, 8GB, 32GB, 64GB 128GB LOT
$249.37
SanDisk Cruzer Glide USB 3.0 16GB 32GB 64GB 128GB 256GB Flash Drive Memory Lot
$276.48