ssh tunnel / vpn

sudo ssh -L localhost:port:localhost:remote-port user@host -N

Proxy
set remote-port to the proxy port (3128 for squid) on the server
set port to any local port (e.g. 8000) on the client and configure proxy settings to localhost:port

Any port
set remote-port to the port to be tunnelled on the server
set port to any local port (e.g. 8001) on the client and use it with localhost:port

Read More

iptables

Config file (arch)

/etc/iptables/iptables.rules

Regeln speichern

iptables-save > /etc/iptables/iptables.rules

Regeln manuell laden

iptables-restore < /etc/iptables/iptables.rules

Systemd service

sudo systemctl enable iptables

Policies

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

Basic Regeln

  • Verbindungsherstellung erlauben (FORWARD-Chain nur benötigt für Routing)
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
  • Input-Accept für Local/Loopback Interface
iptables -A INPUT -i lo -j ACCEPT
  • Zugang zu FORWARD-Chain für lokales Netzwerk (192.168.0.0/24 als SOURCE -s)
iptables -A FORWARD -i eth0 -s 192.168.0.0/24 -j ACCEPT

Port öffnen

iptables -A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT

Port schließen / Regel entfernen

iptables -D INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT

NAT/Masquerading

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Read More

raspberry pi / arch linux: wifi router

wifi-driver EDIMAX The whole crux of the issue is that hostapd is not compatible with the RTL8188CUS chipset

wget http://www.daveconroy.com/wp3/wp-content/uploads/2013/07/hostapd.zip
unzip hostapd.zip 
sudo mv /usr/sbin/hostapd /usr/sbin/hostapd.bak
sudo mv hostapd /usr/sbin/hostapd.edimax 
sudo ln -sf /usr/sbin/hostapd.edimax /usr/sbin/hostapd 
sudo chown root.root /usr/sbin/hostapd 
sudo chmod 755 /usr/sbin/hostapd

hostapd (access point) dnsmasq (dhcp/dns) iptables/NAT

http://wireless.kernel.org/en/users/Documentation/hostapd#Common_Options

TBC

Read More

debug

dmesg

watch "dmesg | tail -20"

Notfications of Kernel ringbuffer

hcidump

Debug bluetooth traffic (traffic sniffer)

watch

displays output of either log or application periodically

cat /proc/partitions

if device is not listed

/var/log/Xorg.0.log

X debug output

/var/log/messages

General system messages

.. to be continued

Read More