It's already been a week now since I've started fiddling my rules and i just ended up with having 1 client ONLY to successfully connect to an external pptp server. the openbsdmail-lists says that, it's pptp's fault. because it's old but i believe it's a challenge.
we'll see what happens next. anyways below are the 2 rules I've come up with. that will let pptp pass-through a PF/Carp box (OpenbSD 4.1 Tested): Just make sure you pass TCP and GRE Traffic.
given setup is (BLOCK in/out ALL)
#Rule Style 1
pass out quick on $ext_if inet proto gre all label "GRE out WAN"
pass in quick on $ext_if inet proto gre all label "GRE in WAN"
pass out quick on $int_if inet proto gre all label "GRE out LAN"
pass in quick on $int_if inet proto gre all label "GRE in LAN"
pass out quick on $int_if inet proto { tcp, udp } from any to any port 1723
pass in quick on $int_if inet proto { tcp, udp } from any to any port 1723
pass out quick on $ext_if inet proto { tcp, udp } from any to any port 1723
pass in quick on $ext_if inet proto { tcp, udp } from any to any port 1723
Rule Style 2
pass in quick on $int_if inet proto { tcp, udp } from any to any port 1723
pass in inet proto gre from any to any
pass out inet proto gre from any to any
frickin is not a good way to pass-pptp. i guess it can be done on the kernel justlike linux's ppt-passthrough.
Friday, November 23, 2007
Saturday, November 17, 2007
Monday, November 5, 2007
OpenBSD 4.2
It's already been 4 days since 4.2's initial release, I am currently running my firewalls on 4.1 pf has been good to me and without a doubt pf(4) simply.. rocks..
I'm gonna try out 4.2 on a practice machine i have in the office, it looks like xenocara will kick ass with openbsd. great documented OS with a modular type X.
Errata for 4.2
http://openbsd.org/errata42.html
http://openbsd.org
:) my os of choice.
I'm gonna try out 4.2 on a practice machine i have in the office, it looks like xenocara will kick ass with openbsd. great documented OS with a modular type X.
Errata for 4.2
http://openbsd.org/errata42.html
http://openbsd.org
:) my os of choice.
Friday, November 2, 2007
What's in austria anyways?
Now I have a good reason to go and visit Austria...
checkout:
http://en.wikipedia.org/wiki/Fucking,_Austria
Monday, October 29, 2007
Zebra Routing on OpenBSD
Zebra Routing for OpenBSD.
Zebra Build from source will break on OpenBSD, since codes that openbsd has are sanitized, on the other hand you can apply the following patch to your zebra code and build it.
Zebra Build from source will break on OpenBSD, since codes that openbsd has are sanitized, on the other hand you can apply the following patch to your zebra code and build it.
*** zebra/kernel_socket.c.orig Fri Jul 20 12:00:41 2007
--- zebra/kernel_socket.c Fri Jul 20 12:01:17 2007
***************
*** 58,65 ****
--- 58,69 ----
{RTM_REDIRECT, "RTM_REDIRECT"},
{RTM_MISS, "RTM_MISS"},
{RTM_LOCK, "RTM_LOCK"},
+ #ifdef RTM_OLDADD
{RTM_OLDADD, "RTM_OLDADD"},
+ #endif /* RTM_OLDADD */
+ #ifdef RTM_OLDDEL
{RTM_OLDDEL, "RTM_OLDDEL"},
+ #endif /* RTM_OLDDEL */
{RTM_RESOLVE, "RTM_RESOLVE"},
{RTM_NEWADDR, "RTM_NEWADDR"},
{RTM_DELADDR, "RTM_DELADDR"},
good luck :) if you need any help you can always check out http://www.zebra.org. this project is currently unmaintained if you want another forked version it's available as http://quagga.sourceforge.net
Sunday, October 21, 2007
links links links...
Here are some of my old security links
http://www.ktl.elf.stuba.sk/~zilka/
http://hellnet.perverz.hu/ebookz/
http://www.team509.com
http://files.nixp.ru/books/
http://www.ssuet.edu.pk/~amkhan/Linuxbooks/
http://www.ssuet.edu.pk/~amkhan/cisco/cisco.htm
http://www.flashdance.cx/books/
http://www.hackemate.com.ar/textos/
http://hoth.amu.edu.pl/~mmarciniak/books/
http://lotfree.next-touch.com/coding/
http://cebka.pp.ru/books/
http://ploug.eu.org/doc/
http://tutorials.thefuzzyone.co.uk/
http://lib.profi.net.ua/wersius/Adisson%20Wesley/
http://www.cnfreeos.org/Document/
http://mirrors.cn99.com/books/
http://www.eygle.com/orabk/Book/
http://pq.ozersk.ru/ftp/text/
http://www.itlibitum.ru/library/BOOK/ENGLISH/THEMES/CPP/
http://www.comms.scitech.susx.ac.uk/fft/
http://www.comp.leeds.ac.uk/Perl/ -- my favorite perl guide
http://www.metawire.org/~firewalker/docs/
http://www.woodmann.com/crackz/Tools.htm
http://www.l0t3k.org/programming/docs/shellcode/
http://www.infosyssec.net/infosyssec/tools2.htm
http://www.howtoforge.com/
http://www.geeklady.net/
http://milw0rm.com/
http://download.securelogix.com/
http://www.networksecurityarchive.org/
DEMO Hack
http://www.hackingdefined.com/index.php/Demos
http://www.onimoto.com/
http://www.ghacks.net/
http://www.kisp.org/elohimus/tutorials/
http://phreaknic.wilpig.org/
http://www.insecuremag.com/
some cool links that I have.
PIX Firewall packet capture procedure:
though I haven't tried this yet, it would be awesome to try this on my 515 here.
http://www.computernetworkinghelp.com/content/view/40/1/
though I haven't tried this yet, it would be awesome to try this on my 515 here.
http://www.computernetworkinghelp.com/content/view/40/1/
blink.. blink... blinkenshell.
I've been searching for free shell accounts off the internet, this helps me do initial tests of my networks from almost anywhere. This also gives me ample space to work with scripts from virtually anywhere that has an internet connection.
folks at http://www.blinkenshell.org, yes this is my new home. I have my personal page currently on the works being transfered to my new site http://pfunix.blinkenshell.org.
thanks indy for taking up a new unix bud among it's growing community.
folks at http://www.blinkenshell.org, yes this is my new home. I have my personal page currently on the works being transfered to my new site http://pfunix.blinkenshell.org.
thanks indy for taking up a new unix bud among it's growing community.
Monday, October 15, 2007
Unix-a-holic page
I got this account at rootshell.be the stuff i put there are mostly osX based builds.
http://phenix.rootshell.be/~pfunix
http://phenix.rootshell.be/~pfunix
Sunday, October 14, 2007
Tuesday, January 2, 2007
Subscribe to:
Posts (Atom)
Posts
