.########...######..########..######## .##.....##.##....##.##.....##.##...... .##.....##.##.......##.....##.##...... .########...######..########..######.. .##.....##.......##.##...##...##...... .##.....##.##....##.##....##..##...... .########...######..##.....##.##...... |
*** Mikkkeee sets mode: +m
<Ghost_Rider> ok..guys lecture time
<mikestevens> ok b0iler
*** mikestevens sets mode: +o nin
<Ghost_Rider> the +m will be taken at the end of each topic
*** mikestevens sets mode: -o nin
<Ghost_Rider> so you can ask questions
*** mikestevens sets mode: +o Matt
*** Joins: [T]racer[T]
*** DigitalFallout sets mode: -m
*** Mikkkeee sets mode: +m
<mikestevens> wrong person lol
<Matt> use !mod and !unmod if you wish
*** DigitalFallout sets mode: -m
<a|pha[away]> hehe
*** Mikkkeee sets mode: +o Caboom
<[T]racer[T]> matt: waza dude
<nin> !mod
<Sapient2003> Does anybody know if Intel® 2100 Pro/DSL
Linux drivers exist?
<a|pha[away]> too early
<HardW1r3> its mute time
<Mikkkeee> what we going to start?
*** mikestevens sets mode: +v b0iler
* Ghost_Rider is waiting to make ppl decide...
*** Mikkkeee sets mode: +v bomb8595
<HardW1r3> i got 5:55 here
<freeque> -m
<freeque> if we all stfu
<Mikkkeee> lets start
<nin> +m
<Matt> We've got another 8 mins or so?
<Democow> +m
<freeque> 22:52:23 GMT
<Dunceor> +m
<a|pha[away]> neh, there will be idiots to speak when not
necessary
<a|pha[away]> 5 minutes
<Mikkkeee> !mod
<[T]racer[T]> kick the fuckerz!
<Democow> !mod
<[T]racer[T]> who speak not in the right place
<[T]racer[T]> sqeez
<b0iler> [T]racer[T]: like you? heh, heya msg me :)
<darkvpx> will the people telling people not to speak please
stop speaking
*** Joins: ryph
*** Mikkkeee sets mode: +m
*** darkvpx is now known as jimi
*** Joins: Sub
*** DigitalFallout changes topic to '''Welcome
to Black Sun Research Facility, http://blacksun.box.sk | DON'T MESSAGE
THE OPS WITHOUT PERMISSION FIRST! | NO warez/serials/cracks/clones/advertisements.
LECTURE IN PROGRESS! SIT BACK AND RELAX'
*** Joins: Infini7y
*** Joins: Revocomms
<DigitalFallout> All set GR?
*** Joins: rs
<DigitalFallout> All set GR?
<Mikkkeee> k, should we voice everyone?
*** mikestevens sets mode: +v Jahlin
<DigitalFallout> Sorry
<Ghost_Rider> df: yeah
<Ghost_Rider> nope
<HardW1r3> no
<mikestevens> not yet
<Ghost_Rider> the +m
<Ghost_Rider> will be taken
<DigitalFallout> Then if we are all set
<mikestevens> only the people we need
<Ghost_Rider> at then end of each topic
<DigitalFallout> LET THE PARTY BEGIN
<DigitalFallout> <START LECTURE LOGGING>
* Mikkkeee says the room is all your rider
*** Mikkkeee sets mode: +vvv a|pha[away] bobbie
CodE4
<Ghost_Rider> thnx mike:)
*** Mikkkeee sets mode: -vvv a|pha[away] bobbie
CodE4
<Ghost_Rider> well welcome ... as you know this is a networking
lecture
<Ghost_Rider> I divided the lecture in 6 main topics
<Ghost_Rider> Ethernet card, LAN, IP masquerading, remote port
fowarding, transparent proxy and NFS
<Ghost_Rider> at the end of each topic
*** Joins: blues
<Ghost_Rider> the +m will be taken
<Ghost_Rider> so you may ask anything related to it
<Ghost_Rider> also I advide you to download or at least check
http://blacksun.box.sk/examples.txt
*** Joins: thebluegiant
*** Quits: thebluegiant (Quit: )
<Ghost_Rider> I'll use those ascii on the LAN part
<Ghost_Rider> now I think we are really ready to start
<mikestevens> after this I will follow up with a lecture
on cable hacking
*** Joins: _RooTs_
<Ghost_Rider> unless any oper or voice wanna say something
<HardW1r3> im ok
<mikestevens> you can find the outline for my lecture at
http://blacksun.box.sk/test/cablem.txt
<Matt> Ghost_Rider, the notice
*** Joins: Serial_Killer
*** rs is now known as RedShadow
<Ghost_Rider> Matt: yeah i saw it matt
*** SpiderMan sets mode: +o RedShadow
<Matt> Ghost_Rider, you could 'annouce it' :)
*** Joins: Blue^demoN
<Matt> Its nice to see the old class btw
<Ghost_Rider> ok ppl matt will be sorting questions
*** Joins: shady_harrasment_panda
*** ChanServ sets mode: +o shady_harrasment_panda
* DigitalFallout agrees with matt
<Ghost_Rider> and please guys don't start me asking prv questions
*** Mikkkeee sets mode: +v RedShadow
*** Joins: Ann0yeD
<Ghost_Rider> ok...ARE WE READY?
*** Mikkkeee sets mode: -o RedShadow
<shady_harrasment_panda> has it started
<Mikkkeee> lets begin
<Ghost_Rider> ok..
*** Joins: __052_-
<Ghost_Rider> start logging
<DigitalFallout> NEver stop :)
<Ghost_Rider> Networking Lecture
<Ghost_Rider> 1st stop Ethernet Cards
*** Mikkkeee sets mode: +v VoidIndex
*** Parts: a|pha[away]
*** Joins: a|pha[away]
<Ghost_Rider> well there is not much to tell about this, I'll
just guide you throught the detection, configuration and show you a start
up script
*** [T]racer[T] is now known as TracerT
<Ghost_Rider> nowadays most of the ethernet cards are PCI based,
still you can find some nice 10mbit/s ISA cards
<Ghost_Rider> I use ISA on my LAN@home..and I don't think I need
more speed
<Ghost_Rider> but that's up to you
*** Quits: vatefairefoutre (Quit: )
*** Parts: Ann0yeD
<Ghost_Rider> now the 1st thing you gotta make sure is that the
kernel is detecting ur hardware..(I never had problems but we never know)
<Ghost_Rider> so if you are using a ISA card you can use pnpdump
<Ghost_Rider> this will create a file that will be read by isapnp
*** Joins: Phish
<Ghost_Rider> what you gotta make sure is that the ethernet card
is being detected..just go throught the dump and check for it
<Ghost_Rider> if otherwise it's pci you can cat /proc/pci and
look for it
*** Joins: Leper
<Ghost_Rider> now what you have to find out is what kernel module
will support ur card
*** Joins: zwanderer
*** Joins: Ann0yeD
*** Quits: Revocomms (Quit: Leaving)
*** Quits: Sapient2003 (Quit: )
<Ghost_Rider> most ISA cards work with NE2000 module (ne.o) and
all the PCI cards I know (I just know a couple SMC cards) always
<Ghost_Rider> use the DECchip
<Ghost_Rider> you'll also have the module for it
*** Mikkkeee sets mode: +v zwanderer
<Ghost_Rider> thought if you have a EN2242
*** Mikkkeee sets mode: +v Leper
<Ghost_Rider> common in laptops
<Ghost_Rider> you have to download a special version of DECchip
module
*** Quits: Phish (Quit: [BX] Eat, drink and be
merry...for tomorrow we die)
<zwanderer> sorry to interrupt, how far are we ?
*** Joins: julon
<Ghost_Rider> zwanderer: just in the beginning
<zwanderer> ah cool
*** Joins: paul_GG
<Ghost_Rider> but searching on google youll find that changed
version
*** Quits: shady_harrasment_panda (Connection
reset by peer)
*** Joins: Swirly
<Ghost_Rider> after loading the module using the command modprobe
(/sbin/modprobe)
*** paul_GG is now known as shady_harrasment_panda
<Ghost_Rider> you'll start having a new interface that will be
eth0
<Ghost_Rider> you can now nicelly /sbin/ifconfig eth0 to check
it's status
*** Parts: Ann0yeD
<Ghost_Rider> you can make sure that ethernet card will be active
doing /sbin/ifconfig eth0 up
*** Joins: Ellis_D
*** shady_harrasment_panda is now known as _shady_harrasment_panda-
<Ghost_Rider> for now you have the ethernet device working but
you still can't comunicatte
<Ghost_Rider> with other computers
*** Joins: AxE
*** Quits: Crash_Gnome (Quit: we are the all
dancing all singing crap of the world)
<Ghost_Rider> so for now our startup script would be something
like ( it will be ended on the next section)
<Ghost_Rider> #!/bin/sh
<Ghost_Rider> /sbin/modprobe YOUR_ETHERNET_CARD_MODULE
*** AxE is now known as _AxE-
<Ghost_Rider> /sbin/ifconfig eth0 UP
*** Parts: Swirly
<Ghost_Rider> this might seem very basic for some of you..but
I think I had to say it
<Ghost_Rider> Matt: do we have any questions for now?
<mikestevens> one thing
<Ghost_Rider> yes mike:)
<mikestevens> you will have to make sure its in the right
dir (the module)
<Matt> Ghost_Rider, nope
<mikestevens> and depmod before you modprobe
*** Joins: mephist0
<Ghost_Rider> mikestevens: well depmode will take care of that
<Matt> If anyone has any question to ask GR, msg me and NOT
him. GR is a VIP.
<Ghost_Rider> lol
<Ghost_Rider> no matt i think i'll keep the way I thought
<Megram> GR also smells, but thats a different lecture...
<Ghost_Rider> I'll take +m and ppl will make questions
*** Ghost_Rider sets mode: -m
<Ghost_Rider> ok..so any questions?
*** Joins: vanished
<Ghost_Rider> or may I proceed?
*** Joins: Edrin
<Ghost_Rider> no?...good..continuing
*** Ghost_Rider sets mode: +m
*** Matt sets mode: +v Edrin
<DigitalFallout> Is this lecture generic to all linux/unix
systens?
<Edrin> hi Matt
<Ghost_Rider> df: mostly linux
<Mikkkeee> nice to see all the oldies here
<DigitalFallout> Ok
*** Quits: Blue^demoN (Ping timeout)
<Matt> Well, GR's doing such a generally good job, we can
continue :)
*** Quits: __052_- (Quit: Leaving)
<Ghost_Rider> so we know have working ethernet cards
*** Joins: i1der
*** Parts: _AxE-
<Ghost_Rider> it's time to setup LAN
*** Joins: Cyberwolf
*** ChanServ sets mode: +o Cyberwolf
<Cyberwolf> hi all
*** Joins: slakka
<Mikkkeee> damn cyber u missed the lecture
*** Joins: Grim_Reaper
<Mikkkeee> just kidding
<Cyberwolf> damn! its crowded in here :))
<Ghost_Rider> let's check the 1st example of the example.txt
(http://blacksun.box.sk/examples.txt)
<Ghost_Rider> I'll give you sometime to open the file...
*** Cyberwolf sets mode: +v Serial_Killer
<Ghost_Rider> ok..it's probably open
<Ghost_Rider> as you can see we have a direct ethernet-ethernet
card connection..our LAN it's just 2 computers
<Ghost_Rider> this is the very easy to setup...but let's start
from the beggining
<Ghost_Rider> since we are talking about private networks
<Ghost_Rider> we'll use the ips address that are use for private
networks
<Ghost_Rider> they are 10.0.0.0/8
<Ghost_Rider> 172.16.0.0/32
<Ghost_Rider> 172.16.0.0/16 (sorry about this typo)
<Ghost_Rider> 192.168.0.0/24
*** Quits: PhAzE (Ping timeout)
<Ghost_Rider> now since we just got 2 computers (the router and
the 2nd computer) we will use the Class C ip address
*** Quits: Megram (Connection reset by peer)
<Ghost_Rider> so we'll will put the router with ip address 192.168.0.1
and the 2nd computer with ip 192.168.0.2
*** Quits: Jahlin (Quit: Leaving)
<Ghost_Rider> you might ask why don't we give .0 and .1 or as
someone asked me before why can't we give the .255
<Ghost_Rider> well .0 and .255 and HOST ID can't be given because
these too addies are special
<Ghost_Rider> the .0 represents the intire network..and .255
is the broadcast address (When you wanna send something to every computer
on the network)
*** Quits: zwanderer (Quit: Liberae sunt nostrae
cogitationes)
<Ghost_Rider> so your HOST ID may be > 0 and < 255 but never
= to this 2 values
*** Joins: Megram
*** ChanServ sets mode: +o Megram
<Ghost_Rider> now that we have this clear (I think)
<Ghost_Rider> let's setup the ips for them
<mikestevens> actually you can use those, but you need to
do some other stuff with netmasks
*** Joins: Freezer
<mikestevens> they are special in most cases, so its better
to leave them alone
*** Megram sets mode: +v Freezer
<Ghost_Rider> now...we wanna set the following ips 192.168.0.1
and 192.168.0.2
* Freezer prods megram,ghost,mikkkeee,caboom,wolf,spiderman
and the rest in the tummy
*** Quits: VoidIndex (Quit: Shit on the Quit...)
<Ghost_Rider> we can do this using the /sbin/ifconfig
<Mikkkeee> hey freezer
<Ghost_Rider> so as root on the router to give ip 192.168.0.1
we'll do /sbin/ifconfig eth0 192.168.0.1 netmask 255.255.255.0
*** Joins: gUeSt51
*** Joins: hackbitbr
<Ghost_Rider> doing this should be add an entry to ur routing
table
<Ghost_Rider> you can check it typing /sbin/route
<Ghost_Rider> and should be shown an entry besides loopback (127.0.0.1)
*** Joins: H2-0
<Ghost_Rider> TarcerT: eth0 it's the ethernet card inteface
*** hackbitbr is now known as CoRiNgA
<Ghost_Rider> but resuming
<Ghost_Rider> you now should have a route entry for 192.168.0.0
that will have eth0 as interface
*** Quits: Dunceor (Quit: )
<Ghost_Rider> if this wan't added you have to add it by youself
*** Parts: i1der
<Ghost_Rider> to do this
<Ghost_Rider> you do /sbin/route add 192.168.0.0 netmask 255.255.255.0
dev eth0
*** Quits: mephist0 (Ping timeout)
<Ghost_Rider> now you have a working ethernet card with ip and
routing for other hosts on the same network
<Ghost_Rider> we repeat the process on the 2nd computer but giving
the ip 192.168.0.2
*** Joins: WackC
*** Quits: b0iler (Ping timeout)
<Ghost_Rider> we connect both ethernet cards using a RJ-45 entriesand
a crossover cable
<Ghost_Rider> remember to sue crossover cable when you are doing
a ethernet to ethernet connection
<Ghost_Rider> sue = use
*** Joins: b0iler
*** Joins: zwanderer
*** Quits: _RooTs_ (Ping timeout)
<Ghost_Rider> it's now time to test our network
*** OperServ sets mode: +o zwanderer
<Megram> that is if you are connecting 2 nics directly btw...
<Ghost_Rider> we just ping one box to the other
*** Mikkkeee sets mode: +v zwanderer
<zwanderer> Mikkkeee: nm ;)
<Mikkkeee> heh
<Ghost_Rider> Megram: yeah..I saied ethernet to ethernet connection
<Ghost_Rider> no ethernet --> hub/switch--> ethernet
<Ghost_Rider> not ethernet --> hub/switch--> ethernet
<Ghost_Rider> like I Was saying we now try to ping each host
and if everything is ok we will receive reply
*** Quits: blues (Ping timeout)
*** Joins: Nightshade
<Ghost_Rider> if you are connecting more than 2 computers
<Ghost_Rider> we'll then have something like example 2
*** Joins: crankykid
<Ghost_Rider> we have the router connected to a HUB and some
computers connected to the HUB, this can also be a switch
<Ghost_Rider> but for home networking a HUB is just fine
*** Parts: _shady_harrasment_panda-
*** Joins: Obzerver
*** Joins: shady_harrasment_panda
*** ChanServ sets mode: +o shady_harrasment_panda
<Ghost_Rider> in this situation you won't use crossover cable,
but just what I think it's called RJ connectable cable (at least this is
the pt translation)
<Ghost_Rider> Megram: those the cable has any specific name?
<Megram> you would use CAT3 or CAT5 patch cable
<Ghost_Rider> ok..thnx for the name input:)
<Megram> but yeah, a standard RJ45 cable would also be used
to describe it
*** Joins: SteeLe
*** ChanServ sets mode: +o SteeLe
<SteeLe> its a renuion :)
*** Joins: muncheese
*** Quits: WackC (Connection reset by peer)
<Ghost_Rider> so right now you play with ur connection from one
box to another
*** Joins: Apparatus
<Ghost_Rider> services like ftp, telnet ssh everything you can
think
<Ghost_Rider> but for now JUST INSIDE UR NETWORK
<Ghost_Rider> now as you also know we like to give names to our
boxes..like GhostBox or RunAwayBox or GhostLogger...well those are my boxes..lol
*** Quits: Democow (Ping timeout)
*** Joins: blues
<Ghost_Rider> still if you try from let's say box 1 telnet to
box2name you won't make it
*** Mikkkeee sets mode: +v Apparatus
<Ghost_Rider> because box 1 doesn't know the which ip stands for
that name (this is called alias)
<Ghost_Rider> so what you have to do is editing a file at /etc/hosts
and add an entry like
<Ghost_Rider> 192.168.0.2 BOXNAME
<Ghost_Rider> 192.168.0.2 antoehrname
<Ghost_Rider> 192.168.0.3 antoehrname
<Ghost_Rider> (sorry for the typo again)
<mikestevens> just a general hint
<Ghost_Rider> and if you want you can also name your network
(network = 192.168.0.0)
<mikestevens> it is better to have the FQDN first
<Ghost_Rider> edit /etc/networks
<Ghost_Rider> and add an entry 192.168.0.0 the name you want
for the network
<Ghost_Rider> mikestevens: wanna add something?
<mikestevens> 24.7.219.28
unixclan.box.sk unixclan
<mikestevens> that is a good example
<mikestevens> alot of networking software likes the FQDN
first
<mikestevens> you can make up a domain name if you like
<mikestevens> and use it internally
<Ghost_Rider> but mike..u have see that we are working inside
an LAN...
<Ghost_Rider> well but ok..we can do like BOX.localdomain BOX
<mikestevens> yes
<Ghost_Rider> and well have FQDN 1st
<mikestevens> yes, that is what is best
<Ghost_Rider> but even not putting it it will work (at least
everything works on my lan)
<mikestevens> I've had barfing problems with that
<Ghost_Rider> ok...
*** Ghost_Rider sets mode: -m
<freeque> does all this apply for a wireless network? other
than the cables section of course :-)
<mikestevens> ok
<Megram> essentially
<mikestevens> this has come up
<mikestevens> FQDN stands for Fully Qualified Domain Name
<mikestevens> its the diffrence between www and www.foo.com
*** Quits: blues (Ping timeout)
<Ghost_Rider> freeque: if the network is TCP/ip based yes
<mikestevens> www is the hostname
<mikestevens> www.foo.com is the FQDN
<jaxler> proceed
<Ghost_Rider> any more questions?
<Megram> freeque, you will probably need a different module
to the ones GR suggested, but they shouldnt be too hard to find
<DigitalFallout> Ghost_Rider: are you god?
<freeque> lol
*** Joins: Kintege
<mikestevens> yes he is
<Cyberwolf> is a crossover cable very different from a regular
UTP cable?
<DigitalFallout> Hehehe
<Ghost_Rider> freeque: check the IrDA kernel modules
<Megram> Cyberwolf, ish
<mikestevens> Cyberwolf: Crossover is a diffrent Pin setting
<TracerT> wait
<freeque> Ghost_Rider - cheers. u know too much m8 ;-)
<Megram> Cyberwolf, it simply has 1 pair of the wires crossed
over
*** Joins: norton
<mikestevens> UTP stands for Unshielded Twisted Pair
<Cyberwolf> k, thanx guys
<jimi> what is the bnc port of my hub used for?
<TracerT> how the RJ45 cabel loox like?
<mikestevens> STP is shielded Twisted Pair
<mikestevens> (not the band)
<Ghost_Rider> TracerT: a normal cable
<Cyberwolf> TracerT: like a phone/ISDN plug
<Ghost_Rider> TracerT: with 4 wires in it
<Ghost_Rider> hehe
<Megram> jimi, the bnc part is for using bnc/thinnet cabling.
that requires different cabling methods, and i suggest using cat3/5 over
bnc
*** Freezer is now known as ]|MooCow|[
<jimi> oh ok thanks
<mikestevens> Cat 5 can do 100Mbit :-)
<Ghost_Rider> unless you guys wanna use AUI on ur network:)
<a|pha[away]> 2 pari cable
<ShellFish> i have q.. realy lame but what does the "cat
x" stand for?
*** Joins: codz
<a|pha[away]> pair
<Megram> shell, ok....
<Megram> shellfish, its just used for declaring the capabilities
of the cable. cat 3 is 'category 3', capable of 10mps connections, and
prone to interference
*** Quits: RedShadow (Quit: gtg, bbl)
*** Quits: TracerT (Connection reset by peer)
<Megram> ShellFish, cat 5 is category 5, is capable of 10/100mps
tranfers, and is less prone to interference
*** Quits: Paya (Quit: Leaving)
<ShellFish> ok.. the higher num the better?
<mikestevens> There are new emerging types
<mikestevens> Cat 5e and Cat 6
* ]|MooCow|[ moo's...lots
<a|pha[away]> which are?
<Megram> yeah, tho you will only really encounter cat 3/5
in a small home lan
<a|pha[away]> ..
<b0iler> fast ethernet
<kIllah|b> CAT 5E != CAT5
<mikestevens> They are types for gigabit ethernet
*** Joins: TracerT
<kIllah|b> CAT 5E is allmost same as CAT6
<mikestevens> I'm not sure if there are standards on it yet
<Megram> if i may, we may want to move on with the lecture,
unless there are any main outstanding questions
<Serial_Killer> btw guys how come i know that my network
card is detected by linux
<ShellFish> the reason im askin is that when we have lan
paries everyone shouts a lot about "cat" and i just dont understand.. but
i do now.. tnx
<a|pha[away]> i'll look it up in webopedia.com
<Ghost_Rider> Serial_Killer: i saied that on the 1st part of
the lecture but no prob
<norton> .
<Ghost_Rider> Serial_Killer: is it pci?
<mikestevens> ok on with the lecture
<Serial_Killer> hhee
<Ghost_Rider> mikestevens: Wait..serial has a question..
<mikestevens> ok
<Ghost_Rider> Serial_Killer: is it pci?
<Frydo> i've got rh5.2 and no /etc/networks - how so ?
<Serial_Killer> no yeah
<Serial_Killer> yeah*
<Serial_Killer> it is
<Ghost_Rider> Serial_Killer: so cat /proc/pci and look for it
<TracerT> ive missed somethink?
*** ]|MooCow|[ is now known as Freezer
<mikestevens> TracerT: no still Q&A
<Ghost_Rider> Frydo: well rh sometimes just don't create files
that you don't really need.. /etc/networks is just a add on
<Serial_Killer> ok...
<Ghost_Rider> Frydo: if you create it
<Ghost_Rider> it will work
*** Quits: Sub (Quit: good users don't use colored
quits)
<Ghost_Rider> so any other questions?
*** Joins: XMulder
<Megram> one other quick point...
<XMulder> wpw
<Frydo> - it works without it ...
<XMulder> wow
<Serial_Killer> btw im using Fast ethernet Adapter 10/100
MBps PCi
<XMulder> so many ppl what is goin on?
<Megram> some of you may not know why the example ip GR used
was 192.168.x.x, we will explain that later if anyone needs to know
*** Quits: VoRtex (Quit: )
*** Quits: a|pha[away] (Quit: well... an exit
is really the entrance into something else...)
<gUeSt51> I have a question if I may... maybe not so related,
I went into /proc/ and looked at pci, I can pico it or cat it, but it shows
that the file is 0 bytes large.. why is this?
<Ghost_Rider> Megram: well I saied upthere that it was a private
ip for LAN purposes
*** Joins: Devil_Panther
<Matt> ./proc is a virtual filesystem
<Ghost_Rider> /proc maps ur memory
<Devil_Panther> so....
<freeque> Ghost_Rider - but u didnt really explain why u
used class C and not A or B :-P
<Matt> its not acutally a device like /dev devices are
<Megram> yep, but i can give a bit of history on why that
ip is used if needed
<TracerT> freeque: cos it stands like this
<Matt> the closest relation would be a pointer in C, and
/dev as a reference
<freeque> Megram - that would be nice
<Ghost_Rider> freeque: well since I was giving an example
*** Parts: Balle
<Ghost_Rider> but there's nothing that says you can't use class
A or B
<Ghost_Rider> ok..moving on
*** Ghost_Rider sets mode: +m
*** Quits: Grim_Reaper (Quit: Leaving)
<Ghost_Rider> I think now this is the most important part of
the lecture
<Ghost_Rider> it's ip masquerade part
*** Joins: Andrei_
<Ghost_Rider> ip masquerade is a system a NAT (network address
translation) system
<Ghost_Rider> now what is this you ask...
<Ghost_Rider> well like I saied before we were using private
ips
<Ghost_Rider> the routers on the internet don't know how to route
data for those ips
*** Joins: mayfaer
<Ghost_Rider> so this means that a computer using 192.168.0.2
ip can't connect to the internet
*** Quits: Devil_Panther (Quit: The Devil Panther
will rise again.)
<Ghost_Rider> and also because we want that all our network have
internet access
<Ghost_Rider> but just using like a dial-up
<Ghost_Rider> so in other words what I'm trying to say is that
with just one computer of the network that is connected to the internet
all your network can have access to the internet using the ip masquerade
capacities
*** Quits: nocent (Ping timeout)
*** Quits: jaxler (Ping timeout)
<mikestevens> it is a free version of those expensive "personal
routers"
<Ghost_Rider> and it's not hard to make it work...
<Ghost_Rider> you re-compile the kernel of the box that has the
ppp connection adding the IP Masquerade support
<Ghost_Rider> besides of that
<Ghost_Rider> you'll need ipchains
*** gUeSt51 is now known as Obsidian
*** Quits: Kintege (Quit: )
<Ghost_Rider> now with kerne 2.4.x
<Ghost_Rider> iptables is starting to take over ipchains
<Ghost_Rider> but since I'm still with kernel 2.2.x i'll talk
what I know in other words ipchains
*** Quits: Obzerver (Quit: i ll check the logs)
<Ghost_Rider> a single ipchains rule will do the owrk
*** Joins: Crash_Gnome
<Ghost_Rider> /sbin/ipchains -A forward -s 192.168.0.0/24 -d
| 192.168.0.0/24 -j MASQ
<Ghost_Rider> /sbin/ipchains -A forward -s 192.168.0.0/24 -d
! 192.168.0.0/24 -j MASQ
<Ghost_Rider> so any package that comes from 192.168.0.0 network
and don't goes to that network will be masqued
<Ghost_Rider> in other words will be set to the internet.
<Ghost_Rider> and your LAN will start being able to access internet
<Ghost_Rider> (I'll just talk what really masq does)
<Ghost_Rider> but you also have to do a little configuration
on your clients
<Ghost_Rider> you have to add a default route and set the box
with ppp connection as gateway
*** Quits: nin (Ping timeout)
*** Quits: Nightshade (Ping timeout)
<Ghost_Rider> so thinking that our router is 192.168.0.0
*** Quits: Freezer (Quit: The source of our oppression
is the reason for my anarchy)
<Ghost_Rider> we do /sbin/route -add 0.0.0.0 gateway 192.168.0.1
*** Joins: Ralph
*** ChanServ sets mode: +o Ralph
<Ghost_Rider> now to the important part..what really happens
on our masquerading host
<Ghost_Rider> like I told you ip masquerading is a NAT System
<Mikkkeee> rider will u explain load balancing translation,
where a single ip addy and port is translated to a pool of identical servers
so taht a single pulblic addy can be served by a number of boxes
<Ralph> whao, lotsa people
<Ghost_Rider> explaining this in a very simple way..
*** Quits: Caboom (Quit: YAQM - yet another quit
message)
<Ghost_Rider> when you send a request from an inside host to
an external ip
<Ghost_Rider> it will be used ur router as gateway..to make than
connection port X will be used
<Ghost_Rider> now the masquerading host will get the package
<Ghost_Rider> check the TO IP: and replace the FROM IP: with
it's own ppp ip and make the connection on port Z
<Ghost_Rider> now doing all this it will store in a table internal
machine port X port Z
*** Joins: Nightshade
<Ghost_Rider> now when the masquerading host receives data from
port Z
<Ghost_Rider> it check the table
*** Parts: codz
<Ghost_Rider> see it's for machine and on port X so repalces
again TO IP: and puts the internal ip and FROM IP: puts the external ip
we are reaching and sents it to port X
<Ghost_Rider> sorry about just ignoring you mikkkeee what were
you saying?
*** H2-0 is now known as H2-0[Away]
<Ghost_Rider> btw I assumed that you already knew it but mikestevens
told me to remind you anyway
<Ghost_Rider> ip forwarding is disabled by default
<Ghost_Rider> so you have to enable it
<Mikkkeee> ahh i said someting about load balancing translation
<Mikkkeee> if u were going to explain it deepre
<Mikkkeee> er
<Ghost_Rider> echo "1" > /proc/sys/net/ipv4/ip_forward
*** Ghost_Rider sets mode: -m
*** Quits: norton (Quit: )
<Ghost_Rider> questions about masquerading?
<TracerT> somewhere in the datagram
<TracerT> is there writen that out Gateaway is a gateaway
<Mikkkeee> rider are u going to explain some problems with
NAT?
<TracerT> and how he knows, wich packets for where they belong
inside the lan
<TracerT> ?
<Ghost_Rider> mikestevens: talking about port probs and unreachilbity?
I'll go there in a minute
<TracerT> out+our
<TracerT> out=our
<Nightshade> I CAN SPEEEK
<HardW1r3> be back in just a second
<Andrei_> s
<Mikkkeee> like the software that encrypts tcp headers info
will not work correctly with NAT cause of tcp info must be accessible to
the ifrewall, stuff like that
<Nightshade> Yoooo Woooo
<mikestevens> oh if you have 2.4.x and want to do IPMASQ
*** Quits: HardW1r3 (Quit: )
<mikestevens> I have a lil script right here
<TracerT> ghost_rider
*** Quits: Ralph (Ping timeout)
<Nightshade> sorry....
<mikestevens> echo 1 > /proc/sys/net/ipv4/ip_forward
<mikestevens> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
* Nightshade shuts right up
<Ghost_Rider> traceT: like i told the gateway sets a table which
is called the masquerade table
<CodE4> why they at some places that one should set this
fragmentation option too in addition to forward
<Ghost_Rider> on that table will be setted the internal host
that sent the request
<Ghost_Rider> the port that comunicates to the gateway
<Ghost_Rider> and the port which the gateway is comunitating
to the remote host
*** Quits: Cyberwolf (Ping timeout)
<Ghost_Rider> that allows the gateway to know when he receives
a package from where to route it
<TracerT> so from outside, if you read the datagram, youl
know that there are some PC in lan, after the gateaway?
<Ghost_Rider> TracerT: if you are trying to make the connection
from the outside to get inside you can't..I'll get there in a sec
<TracerT> no!
*** Joins: bracaman
<TracerT> if you READ the datagram from outside, can you
know the internel IPs
<Megram> no
<Ghost_Rider> nope
*** Mikkkeee sets mode: +v bracaman
<Ghost_Rider> TracerT: from the outside
<Ghost_Rider> you think you are being contact
<Ghost_Rider> from the masquerading host
<TracerT> after that GateAway of ours. Its like a wingate.
right?
<Ghost_Rider> because like I told the ips we were using are UNroutable
<freeque> you might have answered this, and it's not even
a very good question, but just out of interest, is there a limit to the
number of computers whose ips you can masquerade?
<Megram> yes, 65k
<TracerT> OK, so how the gateaway knows wich packet, to where
he belongs, after the packet is recieved from outside?
<bracaman> i think Ghost_Rider is lying...
<bracaman> :)
<Megram> TracerT, ill explain the details to you in pvt...
*** Joins: Ralph
*** ChanServ sets mode: +o Ralph
<Mikkkeee> not really nat allows an entire class B sized
network to hide behind a single ip addy
<TracerT> 10X
<Mikkkeee> not really NAT allows an entire class B sized
network to hide behind a single ip addy
<Frydo> any chance I can do this trick with windows ? not
as a proxy I mean.
<freeque> so 65,000 or unlimited?
*** Quits: Andrei_ (Quit: BitchX-1.0c18 -- just
do it.)
<mikestevens> Actually you can use 10.0.0.0/16
<TracerT> frydo: wingate
<mikestevens> errr
<TracerT> form win98 you can do it!
<mikestevens> 10.0.0.0/8
* freeque confuzzled
*** Joins: binz
<Frydo> not the same, it's a proxy.
<Infini7y> : )
<binz> is the lecture over?
<freeque> mikestevens - class b is /16 is it not?
<Ghost_Rider> binz: nope
<Mikkkeee> well for nt which doens't provide this fuction,
u must use a third party firewall if u want to use NAT. thats for the window
questions
<Ghost_Rider> freeque: yeah..class B is /16
<shady_harrasment_panda> btw good lecturer i was enjoying
it but i have to go i fell to sick to stay up
<shady_harrasment_panda> bye ppl
<Ghost_Rider> because 2 octects are fixed
<mikestevens> I corrected myself
<mikestevens> above
<mikestevens> <mikestevens> 10.0.0.0/8
<Mikkkeee> nah there is a third part and an suprise lecture
*** Parts: shady_harrasment_panda
<Ghost_Rider> so shall we continue?
<Mikkkeee> its all yours
<Ellis_D> yes
*** Ghost_Rider sets mode: +m
<bracaman> can opers speak when the chan is moderated?
<mikestevens> yes
<bracaman> :))
<Ghost_Rider> ok..so like we were saying ip masquerading is really
cute but it has some problems
<Mikkkeee> yup and voice
<Ghost_Rider> like if you need someone to connect to a host inside
ur network it can't..
<Ghost_Rider> or like if you wanna use ftp or any other protocol
<Ghost_Rider> that works in a way that the remote host makes
a connection to you it won't work..
<Ghost_Rider> well that's not interily true
<Ghost_Rider> you have the kernel modules to support ftp on active
mode
<Ghost_Rider> you have kernel modules for real audio
<Ghost_Rider> for dcc over irc
*** Quits: binz (Quit: cya)
<Ghost_Rider> and a couple of other services
*** Joins: Andrei_
<Ghost_Rider> that will work one part of the prob
<Ghost_Rider> but what about if you really wanna allow ppl like
to login in one of our boxes
*** Joins: RedShadow
<Ghost_Rider> well the answer to that is a program called ipmasqadm
*** Quits: Nightshade (Ping timeout)
<Ghost_Rider> you can find it at freshmeat.net
<Ghost_Rider> and what it does ir redirect traffic from localhost
port X to remote HOST port Z
*** RedShadow is now known as _RedShadow-
*** Joins: Craft
*** SteeLe sets mode: +v _RedShadow-
*** _RedShadow- is now known as RedShadow
*** Craft is now known as Sup|ED-209|Craft
<Ghost_Rider> but allowing ppl to connect inside our network
<Ghost_Rider> might be unsecure
*** Joins: HellFish
<Ghost_Rider> since if it roots that box it's one step to root
the intire network
<Ghost_Rider> so it's time to talk about the concept of DMZ
*** Quits: ShellFish (Killed (NickServ (GHOST
command used by HellFish)))
*** HellFish is now known as shellfish
<Ghost_Rider> DMZ stands for De-Militarized Zone
*** Mikkkeee sets mode: +v Sup|ED-209|Craft
*** Parts: mayfaer
<Ghost_Rider> if you check example 3 you'll see what I'm talking
about
<Ghost_Rider> the DMZ is a subnet were the untrusted host are
*** Joins: HardW1r3
*** ChanServ sets mode: +v HardW1r3
*** Quits: zwanderer (Quit: Liberae sunt nostrae
cogitationes)
<HardW1r3> im back
<Ghost_Rider> a way of doing this kind of DMZ
<Sup|ED-209|Craft> who many ppl here...
<Ghost_Rider> is setting ur masquerading host with 2 ethernet
cards
<Mikkkeee> sorry to cut in rider, problems with NAT also
occur with software that embeds TCP/IP address info inside TCP/IP packets
and tehn relies upon that information will not work cause the interior
tcp/ip address info will be wrong, this occurs with FTP and other protocols.
<mikestevens> like AIM or FTP
<Ghost_Rider> still you guys have the modules
<mikestevens> there are modules for FTP
<mikestevens> and a few others
<Mikkkeee> PPTP, Sqlnet2, FTP, and best of all IRC.
*** Joins: jaxler
*** Joins: UraniumD
<Ghost_Rider> mikestevens: but why are you cutting of if I already
told that?
<Ghost_Rider> Mikkkeee: but why are you cutting of if I already
told that?
<Mikkkeee> u did
<Mikkkeee> sorry
<Ghost_Rider> it was for mikkkee not mikestevens
<Ghost_Rider> I did
<Ghost_Rider> no prob
<Mikkkeee> sorry
*** Quits: ryph (Quit: )
<Ghost_Rider> well continuing
*** Joins: freerider
<Ghost_Rider> other way of implementing a DMZ
<Ghost_Rider> is setting a ip masquerading host
<Ghost_Rider> inside the LAN
<Ghost_Rider> which is example 4
*** Quits: XMulder (Quit: )
<Ghost_Rider> of course this kind of network aren't home networks
but I think it's always good to know about this stuff
<Ghost_Rider> the most imporant thing is that ur LAN won't trust
the DMZ
<Ghost_Rider> so in my opnino the best way to implement it is
using the so call 2 legged network
<Ghost_Rider> that is the ip masquerade host with 2 ethernet
cards
<Ghost_Rider> then you would setup the firewall to allow traffic
for the DMZ ethernet interface but not for the trusted LAN
<Ghost_Rider> do you guys wanna add anything?
*** Quits: muncheese (Quit: Leaving)
<Ghost_Rider> shall we stop for questions about DMZs?
<Sup|ED-209|Craft> which firewall you are using?
<Ghost_Rider> I use ipchains
<Mikkkeee> ipchains
*** Quits: UraniumD (Ping timeout)
*** Ghost_Rider sets mode: -m
<Ghost_Rider> anyone has questions that wanna ask?
<kn1x> so could a DMZ be setup like a 'honeypot'?
<Frydo> why connect the trusted lan to the router in the
first place ?
<Ghost_Rider> Frydo: because you want the trusted lan to have
access to the internet
*** Quits: SpiderMan (Ping timeout)
<Ghost_Rider> Frydo: and you just have a ppp-dial up connection
<Ghost_Rider> kn1x: yes..but it's not the major thought when
setting up a DMZ
*** Quits: Infini7y (Connection reset by peer)
<Frydo> but where's the difference to the dmz then ? if you
hack the router the protection is gone !?!
<Ghost_Rider> when you setup a DMZ you are thinking in giving
services to the internet but not taking very risk at it
<kn1x> well could you trick an attacker, by making him think
that was your network, when it is actually hidden further in..?
<mikestevens> kn1x: yes
<Ghost_Rider> Frydo: well if you root the router is it's the
same thing all network is in a bad situaton
<mikestevens> the real network is hidden behind NAT
<Ghost_Rider> Frydo: but if you hack like the mail server
<Ghost_Rider> Frydo: that's not so bad..since the DMZ is suposed
to be under hevially watching
* Sup|ED-209|Craft is reading http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO-2.html
<Mikkkeee> well faults in static traslation won't protect
the internal host
<Ghost_Rider> Frydo: and since traffic from DMZ --> trusted LAN
<Ghost_Rider> Frydo: won't be routed
<Ghost_Rider> Frydo: you gain some time there...
<Frydo> got it
<Ghost_Rider> Frydo: of course like you root the firewall the
LAN is doomed
*** Joins: Nightshade
<Ghost_Rider> but since the firewall isn't really running services
<Andrei_> Ghost_Rider
<Ghost_Rider> it's just redirecting them to the DMZ
<Ghost_Rider> andrei_ : yes?
<Andrei_> i'm soryy to interrup this discution
<Andrei_> but i can'd set up my internal network
<Ghost_Rider> what's ur prob?
<freeque> lol. he charges £50 and hour :-)
<Andrei_> in fact i camn't give internet access to a computer
<Ghost_Rider> lo@freeque
<Ghost_Rider> Andrei_: but is ur LAN working, like you can ping
lan hosts, you can't just masq?
<Andrei_> iexactly
<Andrei_> i can ping
<Ghost_Rider> Andrei_: can you ping ur ppp0 ip?
<Andrei_> my internat network works just fine
<freerider> /freerider REGISTER 2825902 cantnot@adinet.com.uy
<Sup|ED-209|Craft> Ghost_Rider: have you read David Ranch's
faq?
<Andrei_> Ghost_Rider nope
*** Mikkkeee sets mode: +o RedShadow
<Andrei_> that's the problem
<Ghost_Rider> Sup|ED-209|Craft: I don't think so why?
<Nightshade> Ok guys, thats me for tonight, c ya laterz
*** Parts: Nightshade
<Ghost_Rider> Andrei_: well check ur routing table..I'll keep
with you on private
<Ghost_Rider> guys the lecture is going on..for the final part
*** Ghost_Rider sets mode: +m
<Sup|ED-209|Craft> Ghost_Rider: maybe usefull to read @ http://www.linuxdoc.org/HOWTO/IP-Masquerade-HOWTO.html
?
<Ghost_Rider> oh...ip masquerade howto yes I read it when I setting
up my 1st lan hehe
* Mikkkeee says guys if u don't understand/still
got questions all will be clear once rider releases the tut
*** Joins: |\Lesma\|
*** |\Lesma\| is now known as samurai
<Ghost_Rider> so guys this puts us on the final topic and most
buggy one too NFS
<Ghost_Rider> (damn I was seeing that I would never end this
lecture)
<mikestevens> I want AFS or CODA!!!
*** Joins: SileNceR
<mikestevens> sorry
<Ghost_Rider> as usual mike giving it's very unique taste to
the chat
<mikestevens> lol
<Sup|ED-209|Craft> lol
<Ghost_Rider> but let's keep going
<Ghost_Rider> nfs stands for network file system
*** Retrieving #bsrf info...
<Ghost_Rider> I once read a very simple definition nfs = file
sharing windows for *nix
<Ghost_Rider> yes..that's true
<Ghost_Rider> but NFS
<Ghost_Rider> is much more configurable
<Megram> sorry guys, i need to run off, sleep is calling.
Have fun all of you :O)
<Sup|ED-209|Craft> nt filesystem
<Megram> gj so far btw GR :O)
*** Quits: Megram (Quit: Why do we need cheese?)
*** H2-0[Away] is now known as H2-0
*** Quits: H2-0 (Quit: good users don't use colored
quits)
<Ghost_Rider> to make nfs available
<Ghost_Rider> you have to put some really buggy daemons running
<Ghost_Rider> I know at least 2 linux worms uses portmap probs
to spread and you will need to use portmap
<Ghost_Rider> rpc.portmap, rpc.mountd and rpc.nfsd
<Ghost_Rider> will be the services you'll need to run to allow
nfs
<Ghost_Rider> now one questions that we ask when we are setting
up NFS is "is this really necessary?"
<Ghost_Rider> well NFS is slow as hell, if you need anything
from one computer to other you can just start a ftp deamon and upload or
download
<Sup|ED-209|Craft> can somebody give me your plan(s)?
<Ghost_Rider> it would be faster...
<Ghost_Rider> Sup|ED-209|Craft: i'm almost finishing...it's last
topic man
<Sup|ED-209|Craft> ok
<Ghost_Rider> to make this quick since you guys are already tired
of reading what I say
<Ghost_Rider> you have 3 main files to configure NFS
<Ghost_Rider> /etc/hosts.allo /etc/hosts.deny and /etc/exports
*** Joins: SpiderMan
*** ChanServ sets mode: +o SpiderMan
*** Quits: freerider (Quit: Leaving)
<Ghost_Rider> /etc/hosts.allow /etc/hosts.deny and /etc/exports
<Ghost_Rider> hosts.allow and hosts.deny will check allow or
deny connections from hosts
*** Joins: Hand_of_God
<Ghost_Rider> you just allow ur local network and deny all the
rest
<Ghost_Rider> so hosts.allow would be something like
<Ghost_Rider> rpc.portmap: 192.168.0.0/24
*** Quits: Sh0ck3R (Ping timeout)
<Ghost_Rider> rpc.mountd: 192.168.0.0/24
<Ghost_Rider> rpc.nfsd: 192.168.0.0/24
*** Quits: jimi (Quit: BitchX-1.0c16 -- just
do it.)
<Ghost_Rider> and on hosts.deny just ALL: ALL and would deny
everything that isn't accepted
*** Joins: freerider
<Ghost_Rider> on /etc/exports you'll have the exports dir
<Ghost_Rider> and the hosts that could export it
<Ghost_Rider> for example /home HOSTNAME(rw)
<Ghost_Rider> the (rw) stands for read and write giving these
permissions to HOSTNAME when he mounts /home
<Ghost_Rider> well I think this is done
<SteeLe> tired heh ?
* DigitalFallout wakes up
<DigitalFallout> DId I miss anything?
<Mikkkeee> man we all got to give it up for Rider
*** Joins: _RooTs_
* DigitalFallout gives Ghost_Rider a "round of
applause"
*** Mikkkeee sets mode: -m
<mikestevens> great job
<Ghost_Rider> man I'm exausted..almost 2 hours...u guys killed
me
<Ghost_Rider> thnx mike
* Ellis_D gives a standing ovacion
<DigitalFallout> That is like a BSRF lecture record
* Mikkkeee gives Rider a "round of applause"
<Ghost_Rider> well guys I cutted some parts because this was
already too extensive
<Ghost_Rider> thnx mikkkeee
<Ghost_Rider> glad that you guys liked
<Mikkkeee> hell yah
<--------------End of lecture------------>