If you need a PPPoE for your network or just for hacking a very poor security Ethernet network, follow this to create a PPPoE server on a Ubuntu server.
Note that:
In poor security ethernet network, when a pppoe client sends request in broadcast form, that request could reach not only genuine BRAS but also other clients. If you setup a client as pppoe server, and your reply comes to the client before that BRAS's one, the client will choose you. You will be the gateway. That's cool.
Installation
Note that:
In poor security ethernet network, when a pppoe client sends request in broadcast form, that request could reach not only genuine BRAS but also other clients. If you setup a client as pppoe server, and your reply comes to the client before that BRAS's one, the client will choose you. You will be the gateway. That's cool.
Installation
sudo apt-get install ppp
sudo apt-get install pppoe
cd /etc/ppp/
vi options
uncomment auth to enable authentication that requires users to enter password
comment noauth to disable non-authentication
uncomment +pap and +chap to enable PAP an CHAP authentication method
vi pap-secrets and chap-secrets to add new users
Start PPPoE Server
In this example, pppoed will listen on interface eth0, local IP for eth0 is 172.16.16.1, dynamic IP for clients ranges from 172.16.16.2
sudo pppoe-server -I eth0 -L 172.16.16.1 -R 172.16.16.2 -O /etc/ppp/options
Now we can create PPPoE session on our client host to connect to the server
In case you want to enable clients to connect to the internet, you must change local IP and Remote IP to public IP addresses. Or you could enable NAT on the server
Enable NAT on Ubuntu using ufw (IP Masquerading)
First, packet forwarding needs to be enabled in ufw.
Two configuration files will need to be
adjusted, in /etc/default/ufw change the DEFAULT_FORWARD_POLICY to “ACCEPT”:
Then edit /etc/ufw/sysctl.conf and uncomment: net/ipv4/ip_forward=1
(Similarly, for IPv6 forwarding uncomment: net/ipv6/conf/default/forwarding=1)
Now we will add rules to the /etc/ufw/before.rules file. The default rules only configure the
filter table, and to enable masquerading the nat table will need to be configured. Add the following
to the top of the file just after the header comments:
# nat Table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Forward traffic from eth0 through eth1.
-A POSTROUTING -s 172.16.16.0/24 -o eth1 -j MASQUERADE
# don't delete the 'COMMIT' line or these nat table rules won't be processed
COMMIT
In the above example replace eth0, eth1, and 172.16.16.0/24 with the appropriate
interfaces and IP range for your network.
Finally, disable and re-enable ufw to apply the changes:
sudo ufw disable && sudo ufw enable
IP Masquerading should now be enabled. You can also add any additional FORWARD rules to the
/etc/ufw/before.rules. It is recommended that these additional rules be added to the ufw-beforeforward
chain.
No comments:
Post a Comment