Pages

Friday, March 11, 2011

Create VLAN on Ubuntu


First, check to see whether NIC supports 802.1Q
If yes, install VLAN support to Ubuntu:
sudo apt-get install vlan
Edit your /etc/network/interfaces file so it would contain the following:
# The loopback network interface
auto lo
iface lo inet loopback
# This is a list of hotpluggable network interfaces.
# They will be activated automatically by the hotplug subsystem.
auto vlan11
auto vlan22
# VLAN 11
iface vlan11 inet static
address x.x.x.x
netmask x.x.x.x
vlan_raw_device eth0
# VLAN 22
iface vlan5 inet static
address 172.16.0.1
netmask 255.255.255.0
vlan_raw_device eth0
Restart your network interface:
sudo /etc/init.d/networking restart


Done. If you connects that Ubuntu to a switch via trunk link, it can serve multiple VLANs same as the routers do.
Posted by at No comments:
Labels: ,

PPPoE Server on Ubuntu 10

If you need a PPPoE for your network or just for hacking a very poor security Ethernet network, follow this to create a PPPoE server on a Ubuntu server.

Note that:
In poor security ethernet network, when a pppoe client sends request in broadcast form, that request could reach not only genuine BRAS but also other clients. If you setup a client as pppoe server, and your reply comes to the client before that BRAS's one, the client will choose you. You will be the gateway. That's cool.

Installation
sudo apt-get install ppp
sudo apt-get install pppoe
cd /etc/ppp/
vi options
uncomment auth to enable authentication that requires users to enter password
comment noauth to disable non-authentication
uncomment +pap and +chap to enable PAP an CHAP authentication method
vi pap-secrets and chap-secrets to add new users
Start PPPoE Server
In this example, pppoed will listen on interface eth0, local IP for eth0 is 172.16.16.1, dynamic IP for clients ranges from 172.16.16.2
sudo pppoe-server -I eth0 -L 172.16.16.1 -R 172.16.16.2 -O /etc/ppp/options
Now we can create PPPoE session on our client host to connect to the server

In case you want to enable clients to connect to the internet, you must change local IP and Remote IP to public IP addresses. Or you could enable NAT on the server
Enable NAT on Ubuntu using ufw (IP Masquerading)

First, packet forwarding needs to be enabled in ufw. 
Two configuration files will need to be
adjusted, in /etc/default/ufw change the DEFAULT_FORWARD_POLICY to “ACCEPT”:
Then edit /etc/ufw/sysctl.conf and uncomment: net/ipv4/ip_forward=1
(Similarly, for IPv6 forwarding uncomment: net/ipv6/conf/default/forwarding=1)
Now we will add rules to the /etc/ufw/before.rules file. The default rules only configure the
filter table, and to enable masquerading the nat table will need to be configured. Add the following
to the top of the file just after the header comments:
# nat Table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Forward traffic from eth0 through eth1.
-A POSTROUTING -s 172.16.16.0/24 -o eth1 -j MASQUERADE
# don't delete the 'COMMIT' line or these nat table rules won't be processed
COMMIT
In the above example replace eth0, eth1, and 172.16.16.0/24 with the appropriate
interfaces and IP range for your network.
Finally, disable and re-enable ufw to apply the changes:
sudo ufw disable && sudo ufw enable
IP Masquerading should now be enabled. You can also add any additional FORWARD rules to the
/etc/ufw/before.rules. It is recommended that these additional rules be added to the ufw-beforeforward
chain.
Posted by at No comments:
Labels: ,

Tuesday, March 8, 2011

FreeRADIUS deployment on RedHat Enterprise Linux

OS Preparation

Installing gcc compiler tool
RHEL is not installing gcc by default, so gcc need to be installed first before configuring the source
Install gcc tools from RHEL DVD
create a folder to mount cdrom to
mkdir /cdrom
insert RHEL DVD disk 1, mount /dev/cdrom /cdrom
enter /cdrom/Packages
Install Kernal Headers first

[root@radius Packages]# rpm -Uvh kernel-headers-2.6.32-71.el6.x86_64.rpm

Looking for gcc packages
run rpm -Uvh gcc-??? (enter TAB to display all the packages that start with gcc)


[root@radius Packages]# rpm -Uvh gcc-4.4.4-13.el6.x86_64.rpm
warning: gcc-4.4.4-13.el6.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
error: Failed dependencies:
        cloog-ppl >= 0.15 is needed by gcc-4.4.4-13.el6.x86_64
        cpp = 4.4.4-13.el6 is needed by gcc-4.4.4-13.el6.x86_64
        glibc-devel >= 2.2.90-12 is needed by gcc-4.4.4-13.el6.x86_64

If the above error displayed, enter the following command
[root@radius Packages]# rpm -Uvh cloog-ppl-0.15.7-1.2.el6.x86_64.rpm cpp-4.4.4-13.el6.x86_64.rpm glibc-devel-2.12-1.7.el6.x86_64.rpm gcc-4.4.4-13.el6.x86_64.rpm

If this error message displayed, fix it first


warning: cloog-ppl-0.15.7-1.2.el6.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
error: Failed dependencies:
        libppl.so.7()(64bit) is needed by cloog-ppl-0.15.7-1.2.el6.x86_64
        libppl_c.so.2()(64bit) is needed by cloog-ppl-0.15.7-1.2.el6.x86_64
        libmpfr.so.1()(64bit) is needed by cpp-4.4.4-13.el6.x86_64
        glibc-headers is needed by glibc-devel-2.12-1.7.el6.x86_64
        glibc-headers = 2.12-1.7.el6 is needed by glibc-devel-2.12-1.7.el6.x86_64
Use the following link to find the package that contains libppl.so.7 and so on library http://rpmfind.net/linux/rpm2html/

[root@radius Packages]# rpm -Uvh ppl-0.10.2-11.el6.x86_64.rpm mpfr-2.4.1-6.el6.x86_64.rpm glibc-headers-2.12-1.7.el6.x86_64.rpm

Repeat the previous step.
[root@radius Packages]# rpm -Uvh cloog-ppl-0.15.7-1.2.el6.x86_64.rpm cpp-4.4.4-13.el6.x86_64.rpm glibc-devel-2.12-1.7.el6.x86_64.rpm gcc-4.4.4-13.el6.x86_64.rpm
Install gcc-c++
[root@radius Packages]# rpm -Uvh libstdc++-devel-4.4.4-13.el6.x86_64.rpm gcc-c++-4.4.4-13.el6.x86_64.rpm

Installing libtools
[root@radius Packages]# rpm -Uvh autoconf-2.63-5.1.el6.noarch.rpm automake-1.11.1-1.2.el6.noarch.rpm libtool-2.2.6-15.5.el6.x86_64.rpm
[root@radius Packages]# rpm -Uvh libtool-ltdl-2.2.6-15.5.el6.x86_64.rpm


If you need to config or change IP address of your server, refer to this link


Get the software
Download FreeRADIUS package to /tmp
[root@radius tmp]# wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-2.1.10.tar.gz

Prerequisites
No prerequisites required

Installation

[root@radius tmp]# tar zxvf freeradius-server-2.1.10.tar.gz
[root@radius freeradius-server-2.1.10]# ./configure
To enable LDAP authentication, use ./configure --with-modules="rlm_ldap"
[root@radius freeradius-server-2.1.10]# make
[root@radius freeradius-server-2.1.10]# make install

Default installation location on RHEL
/usr/local/etc/raddb/
config file: /usr/local/etc/raddb/radiusd.conf
Radius server daemon: /usr/local/var/run/radiusd

Configuration

Start/Stop the server

Testing server

LDAP configuration for authenticating
SQL configuration for accounting
Securing the server
Posted by at No comments:
Labels: ,

Change IP Address on RedHat Enterprise Linux

1. Open Terminal.
2. Open network configuration file. In this example, it’ll configure on interface eth0. Type
vi /etc/sysconfig/network-scripts/ifcfg-eth0
The current and default configuration is DHCP.
3. Modify the file by press ‘i’ to enter insert mode. Change BOOTPROTO to static and add IP Address and Net mask as new lines if they’re not existed yet..
BOOTPROTO=static
IPADDR=192.168.125.10
NETMASK=255.255.255.0
4. Save the configuration file by press ESC + ‘:’ and type ‘wq’ to write and quit the editor.
5. You can added these configuration to the config file. Replace [number] with your actual value.
GATEWAY=[number]
TYPE=Ethernet
NETWORK=[number]
BROADCAST=[number]
6. Restart the network interface card. Type
service network restart
7. Review the configuration. Type
ifconfig
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)