Linux Networking

.########...######..########..######## .##.....##.##....##.##.....##.##...... .##.....##.##.......##.....##.##...... .########...######..########..######.. .##.....##.......##.##...##...##...... .##.....##.##....##.##....##..##...... .########...######..##.....##.##......

.########...######..########..########

.##.....##.##....##.##.....##.##......

.##.....##.##.......##.....##.##......

.########...######..########..######..

.##.....##.......##.##...##...##......

.##.....##.##....##.##....##..##......

.########...######..##.....##.##......

http://blacksun.box.sk
Lecturer: Ghost_Rider
Lecture: Linux Networking
Converter: AZTEK

*** Mikkkeee sets mode: +m
<Ghost_Rider> ok..guys lecture time
<mikestevens> ok b0iler
*** mikestevens sets mode: +o nin
<Ghost_Rider> the +m will be taken at the end of each topic
*** mikestevens sets mode: -o nin
<Ghost_Rider> so you can ask questions
*** mikestevens sets mode: +o Matt
*** Joins: [T]racer[T]
*** DigitalFallout sets mode: -m
*** Mikkkeee sets mode: +m
<mikestevens> wrong person lol
<Matt> use !mod and !unmod if you wish
*** DigitalFallout sets mode: -m
<a|pha[away]> hehe
*** Mikkkeee sets mode: +o Caboom
<[T]racer[T]> matt: waza dude
<nin> !mod
<Sapient2003> Does anybody know if Intel® 2100 Pro/DSL Linux drivers exist?
<a|pha[away]> too early
<HardW1r3> its mute time
<Mikkkeee> what we going to start?
*** mikestevens sets mode: +v b0iler
* Ghost_Rider is waiting to make ppl decide...
*** Mikkkeee sets mode: +v bomb8595
<HardW1r3> i got 5:55 here
<freeque> -m
<freeque> if we all stfu
<Mikkkeee> lets start
<nin> +m
<Matt> We've got another 8 mins or so?
<Democow> +m
<freeque> 22:52:23 GMT
<Dunceor> +m
<a|pha[away]> neh, there will be idiots to speak when not necessary
<a|pha[away]> 5 minutes
<Mikkkeee> !mod
<[T]racer[T]> kick the fuckerz!
<Democow> !mod
<[T]racer[T]> who speak not in the right place
<[T]racer[T]> sqeez
<b0iler> [T]racer[T]: like you? heh, heya msg me :)
<darkvpx> will the people telling people not to speak please stop speaking
*** Joins: ryph
*** Mikkkeee sets mode: +m
*** darkvpx is now known as jimi
*** Joins: Sub
*** DigitalFallout changes topic to '''Welcome to Black Sun Research Facility, http://blacksun.box.sk | DON'T MESSAGE THE OPS WITHOUT PERMISSION FIRST! | NO warez/serials/cracks/clones/advertisements. LECTURE IN PROGRESS! SIT BACK AND RELAX'
*** Joins: Infini7y
*** Joins: Revocomms
<DigitalFallout> All set GR?
*** Joins: rs
<DigitalFallout> All set GR?
<Mikkkeee> k, should we voice everyone?
*** mikestevens sets mode: +v Jahlin
<DigitalFallout> Sorry
<Ghost_Rider> df: yeah
<Ghost_Rider> nope
<HardW1r3> no
<mikestevens> not yet
<Ghost_Rider> the +m
<Ghost_Rider> will be taken
<DigitalFallout> Then if we are all set
<mikestevens> only the people we need
<Ghost_Rider> at then end of each topic
<DigitalFallout> LET THE PARTY BEGIN
<DigitalFallout> <START LECTURE LOGGING>
* Mikkkeee says the room is all your rider
*** Mikkkeee sets mode: +vvv a|pha[away] bobbie CodE4
<Ghost_Rider> thnx mike:)
*** Mikkkeee sets mode: -vvv a|pha[away] bobbie CodE4
<Ghost_Rider> well welcome ... as you know this is a networking lecture
<Ghost_Rider> I divided the lecture in 6 main topics
<Ghost_Rider> Ethernet card, LAN, IP masquerading, remote port fowarding, transparent proxy and NFS
<Ghost_Rider> at the end of each topic
*** Joins: blues
<Ghost_Rider> the +m will be taken
<Ghost_Rider> so you may ask anything related to it
<Ghost_Rider> also I advide you to download or at least check http://blacksun.box.sk/examples.txt
*** Joins: thebluegiant
*** Quits: thebluegiant (Quit: )
<Ghost_Rider> I'll use those ascii on the LAN part
<Ghost_Rider> now I think we are really ready to start
<mikestevens> after this I will follow up with a lecture on cable hacking
*** Joins: _RooTs_
<Ghost_Rider> unless any oper or voice wanna say something
<HardW1r3> im ok
<mikestevens> you can find the outline for my lecture at http://blacksun.box.sk/test/cablem.txt
<Matt> Ghost_Rider, the notice
*** Joins: Serial_Killer
*** rs is now known as RedShadow
<Ghost_Rider> Matt: yeah i saw it matt
*** SpiderMan sets mode: +o RedShadow
<Matt> Ghost_Rider, you could 'annouce it' :)
*** Joins: Blue^demoN
<Matt> Its nice to see the old class btw
<Ghost_Rider> ok ppl matt will be sorting questions
*** Joins: shady_harrasment_panda
*** ChanServ sets mode: +o shady_harrasment_panda
* DigitalFallout agrees with matt
<Ghost_Rider> and please guys don't start me asking prv questions
*** Mikkkeee sets mode: +v RedShadow
*** Joins: Ann0yeD
<Ghost_Rider> ok...ARE WE READY?
*** Mikkkeee sets mode: -o RedShadow
<shady_harrasment_panda> has it started
<Mikkkeee> lets begin
<Ghost_Rider> ok..
*** Joins: __052_-
<Ghost_Rider> start logging
<DigitalFallout> NEver stop :)
<Ghost_Rider> Networking Lecture
<Ghost_Rider> 1st stop Ethernet Cards
*** Mikkkeee sets mode: +v VoidIndex
*** Parts: a|pha[away]
*** Joins: a|pha[away]
<Ghost_Rider> well there is not much to tell about this, I'll just guide you throught the detection, configuration and show you a start up script
*** [T]racer[T] is now known as TracerT
<Ghost_Rider> nowadays most of the ethernet cards are PCI based, still you can find some nice 10mbit/s ISA cards
<Ghost_Rider> I use ISA on my LAN@home..and I don't think I need more speed
<Ghost_Rider> but that's up to you
*** Quits: vatefairefoutre (Quit: )
*** Parts: Ann0yeD
<Ghost_Rider> now the 1st thing you gotta make sure is that the kernel is detecting ur hardware..(I never had problems but we never know)
<Ghost_Rider> so if you are using a ISA card you can use pnpdump
<Ghost_Rider> this will create a file that will be read by isapnp
*** Joins: Phish
<Ghost_Rider> what you gotta make sure is that the ethernet card is being detected..just go throught the dump and check for it
<Ghost_Rider> if otherwise it's pci you can cat /proc/pci and look for it
*** Joins: Leper
<Ghost_Rider> now what you have to find out is what kernel module will support ur card
*** Joins: zwanderer
*** Joins: Ann0yeD
*** Quits: Revocomms (Quit: Leaving)
*** Quits: Sapient2003 (Quit: )
<Ghost_Rider> most ISA cards work with NE2000 module (ne.o) and all the PCI cards I know (I just know a couple SMC cards) always
<Ghost_Rider> use the DECchip
<Ghost_Rider> you'll also have the module for it
*** Mikkkeee sets mode: +v zwanderer
<Ghost_Rider> thought if you have a EN2242
*** Mikkkeee sets mode: +v Leper
<Ghost_Rider> common in laptops
<Ghost_Rider> you have to download a special version of DECchip module
*** Quits: Phish (Quit: [BX] Eat, drink and be merry...for tomorrow we die)
<zwanderer> sorry to interrupt, how far are we ?
*** Joins: julon
<Ghost_Rider> zwanderer: just in the beginning
<zwanderer> ah cool
*** Joins: paul_GG
<Ghost_Rider> but searching on google youll find that changed version
*** Quits: shady_harrasment_panda (Connection reset by peer)
*** Joins: Swirly
<Ghost_Rider> after loading the module using the command modprobe (/sbin/modprobe)
*** paul_GG is now known as shady_harrasment_panda
<Ghost_Rider> you'll start having a new interface that will be eth0
<Ghost_Rider> you can now nicelly /sbin/ifconfig eth0 to check it's status
*** Parts: Ann0yeD
<Ghost_Rider> you can make sure that ethernet card will be active doing /sbin/ifconfig eth0 up
*** Joins: Ellis_D
*** shady_harrasment_panda is now known as _shady_harrasment_panda-
<Ghost_Rider> for now you have the ethernet device working but you still can't comunicatte
<Ghost_Rider> with other computers
*** Joins: AxE
*** Quits: Crash_Gnome (Quit: we are the all dancing all singing crap of the world)
<Ghost_Rider> so for now our startup script would be something like ( it will be ended on the next section)
<Ghost_Rider> #!/bin/sh
<Ghost_Rider> /sbin/modprobe YOUR_ETHERNET_CARD_MODULE
*** AxE is now known as _AxE-
<Ghost_Rider> /sbin/ifconfig eth0 UP
*** Parts: Swirly
<Ghost_Rider> this might seem very basic for some of you..but I think I had to say it
<Ghost_Rider> Matt: do we have any questions for now?
<mikestevens> one thing
<Ghost_Rider> yes mike:)
<mikestevens> you will have to make sure its in the right dir (the module)
<Matt> Ghost_Rider, nope
<mikestevens> and depmod before you modprobe
*** Joins: mephist0
<Ghost_Rider> mikestevens: well depmode will take care of that
<Matt> If anyone has any question to ask GR, msg me and NOT him. GR is a VIP.
<Ghost_Rider> lol
<Ghost_Rider> no matt i think i'll keep the way I thought
<Megram> GR also smells, but thats a different lecture...
<Ghost_Rider> I'll take +m and ppl will make questions
*** Ghost_Rider sets mode: -m
<Ghost_Rider> ok..so any questions?
*** Joins: vanished
<Ghost_Rider> or may I proceed?
*** Joins: Edrin
<Ghost_Rider> no?...good..continuing
*** Ghost_Rider sets mode: +m
*** Matt sets mode: +v Edrin
<DigitalFallout> Is this lecture generic to all linux/unix systens?
<Edrin> hi Matt
<Ghost_Rider> df: mostly linux
<Mikkkeee> nice to see all the oldies here
<DigitalFallout> Ok
*** Quits: Blue^demoN (Ping timeout)
<Matt> Well, GR's doing such a generally good job, we can continue :)
*** Quits: __052_- (Quit: Leaving)
<Ghost_Rider> so we know have working ethernet cards
*** Joins: i1der
*** Parts: _AxE-
<Ghost_Rider> it's time to setup LAN
*** Joins: Cyberwolf
*** ChanServ sets mode: +o Cyberwolf
<Cyberwolf> hi all
*** Joins: slakka
<Mikkkeee> damn cyber u missed the lecture
*** Joins: Grim_Reaper
<Mikkkeee> just kidding
<Cyberwolf> damn! its crowded in here :))
<Ghost_Rider> let's check the 1st example of the example.txt (http://blacksun.box.sk/examples.txt)
<Ghost_Rider> I'll give you sometime to open the file...
*** Cyberwolf sets mode: +v Serial_Killer
<Ghost_Rider> ok..it's probably open
<Ghost_Rider> as you can see we have a direct ethernet-ethernet card connection..our LAN it's just 2 computers
<Ghost_Rider> this is the very easy to setup...but let's start from the beggining
<Ghost_Rider> since we are talking about private networks
<Ghost_Rider> we'll use the ips address that are use for private networks
<Ghost_Rider> they are 10.0.0.0/8
<Ghost_Rider> 172.16.0.0/32
<Ghost_Rider> 172.16.0.0/16 (sorry about this typo)
<Ghost_Rider> 192.168.0.0/24
*** Quits: PhAzE (Ping timeout)
<Ghost_Rider> now since we just got 2 computers (the router and the 2nd computer) we will use the Class C ip address
*** Quits: Megram (Connection reset by peer)
<Ghost_Rider> so we'll will put the router with ip address 192.168.0.1 and the 2nd computer with ip 192.168.0.2
*** Quits: Jahlin (Quit: Leaving)
<Ghost_Rider> you might ask why don't we give .0 and .1 or as someone asked me before why can't we give the .255
<Ghost_Rider> well .0 and .255 and HOST ID can't be given because these too addies are special
<Ghost_Rider> the .0 represents the intire network..and .255 is the broadcast address (When you wanna send something to every computer on the network)
*** Quits: zwanderer (Quit: Liberae sunt nostrae cogitationes)
<Ghost_Rider> so your HOST ID may be > 0 and < 255 but never = to this 2 values
*** Joins: Megram
*** ChanServ sets mode: +o Megram
<Ghost_Rider> now that we have this clear (I think)
<Ghost_Rider> let's setup the ips for them
<mikestevens> actually you can use those, but you need to do some other stuff with netmasks
*** Joins: Freezer
<mikestevens> they are special in most cases, so its better to leave them alone
*** Megram sets mode: +v Freezer
<Ghost_Rider> now...we wanna set the following ips 192.168.0.1 and 192.168.0.2
* Freezer prods megram,ghost,mikkkeee,caboom,wolf,spiderman and the rest in the tummy
*** Quits: VoidIndex (Quit: Shit on the Quit...)
<Ghost_Rider> we can do this using the /sbin/ifconfig
<Mikkkeee> hey freezer
<Ghost_Rider> so as root on the router to give ip 192.168.0.1 we'll do /sbin/ifconfig eth0 192.168.0.1 netmask 255.255.255.0
*** Joins: gUeSt51
*** Joins: hackbitbr
<Ghost_Rider> doing this should be add an entry to ur routing table
<Ghost_Rider> you can check it typing /sbin/route
<Ghost_Rider> and should be shown an entry besides loopback (127.0.0.1)
*** Joins: H2-0
<Ghost_Rider> TarcerT: eth0 it's the ethernet card inteface
*** hackbitbr is now known as CoRiNgA
<Ghost_Rider> but resuming
<Ghost_Rider> you now should have a route entry for 192.168.0.0 that will have eth0 as interface
*** Quits: Dunceor (Quit: )
<Ghost_Rider> if this wan't added you have to add it by youself
*** Parts: i1der
<Ghost_Rider> to do this
<Ghost_Rider> you do /sbin/route add 192.168.0.0 netmask 255.255.255.0 dev eth0
*** Quits: mephist0 (Ping timeout)
<Ghost_Rider> now you have a working ethernet card with ip and routing for other hosts on the same network
<Ghost_Rider> we repeat the process on the 2nd computer but giving the ip 192.168.0.2
*** Joins: WackC
*** Quits: b0iler (Ping timeout)
<Ghost_Rider> we connect both ethernet cards using a RJ-45 entriesand a crossover cable
<Ghost_Rider> remember to sue crossover cable when you are doing a ethernet to ethernet connection
<Ghost_Rider> sue = use
*** Joins: b0iler
*** Joins: zwanderer
*** Quits: _RooTs_ (Ping timeout)
<Ghost_Rider> it's now time to test our network
*** OperServ sets mode: +o zwanderer
<Megram> that is if you are connecting 2 nics directly btw...
<Ghost_Rider> we just ping one box to the other
*** Mikkkeee sets mode: +v zwanderer
<zwanderer> Mikkkeee: nm ;)
<Mikkkeee> heh
<Ghost_Rider> Megram: yeah..I saied ethernet to ethernet connection
<Ghost_Rider> no ethernet --> hub/switch--> ethernet
<Ghost_Rider> not ethernet --> hub/switch--> ethernet
<Ghost_Rider> like I Was saying we now try to ping each host and if everything is ok we will receive reply
*** Quits: blues (Ping timeout)
*** Joins: Nightshade
<Ghost_Rider> if you are connecting more than 2 computers
<Ghost_Rider> we'll then have something like example 2
*** Joins: crankykid
<Ghost_Rider> we have the router connected to a HUB and some computers connected to the HUB, this can also be a switch
<Ghost_Rider> but for home networking a HUB is just fine
*** Parts: _shady_harrasment_panda-
*** Joins: Obzerver
*** Joins: shady_harrasment_panda
*** ChanServ sets mode: +o shady_harrasment_panda
<Ghost_Rider> in this situation you won't use crossover cable, but just what I think it's called RJ connectable cable (at least this is the pt translation)
<Ghost_Rider> Megram: those the cable has any specific name?
<Megram> you would use CAT3 or CAT5 patch cable
<Ghost_Rider> ok..thnx for the name input:)
<Megram> but yeah, a standard RJ45 cable would also be used to describe it
*** Joins: SteeLe
*** ChanServ sets mode: +o SteeLe
<SteeLe> its a renuion :)
*** Joins: muncheese
*** Quits: WackC (Connection reset by peer)
<Ghost_Rider> so right now you play with ur connection from one box to another
*** Joins: Apparatus
<Ghost_Rider> services like ftp, telnet ssh everything you can think
<Ghost_Rider> but for now JUST INSIDE UR NETWORK
<Ghost_Rider> now as you also know we like to give names to our boxes..like GhostBox or RunAwayBox or GhostLogger...well those are my boxes..lol
*** Quits: Democow (Ping timeout)
*** Joins: blues
<Ghost_Rider> still if you try from let's say box 1 telnet to box2name you won't make it
*** Mikkkeee sets mode: +v Apparatus
<Ghost_Rider> because box 1 doesn't know the which ip stands for that name (this is called alias)
<Ghost_Rider> so what you have to do is editing a file at /etc/hosts and add an entry like
<Ghost_Rider> 192.168.0.2 BOXNAME
<Ghost_Rider> 192.168.0.2 antoehrname
<Ghost_Rider> 192.168.0.3 antoehrname
<Ghost_Rider> (sorry for the typo again)
<mikestevens> just a general hint
<Ghost_Rider> and if you want you can also name your network (network = 192.168.0.0)
<mikestevens> it is better to have the FQDN first
<Ghost_Rider> edit /etc/networks
<Ghost_Rider> and add an entry 192.168.0.0 the name you want for the network
<Ghost_Rider> mikestevens: wanna add something?
<mikestevens> 24.7.219.28 unixclan.box.sk unixclan
<mikestevens> that is a good example
<mikestevens> alot of networking software likes the FQDN first
<mikestevens> you can make up a domain name if you like
<mikestevens> and use it internally
<Ghost_Rider> but mike..u have see that we are working inside an LAN...
<Ghost_Rider> well but ok..we can do like BOX.localdomain BOX
<mikestevens> yes
<Ghost_Rider> and well have FQDN 1st
<mikestevens> yes, that is what is best
<Ghost_Rider> but even not putting it it will work (at least everything works on my lan)
<mikestevens> I've had barfing problems with that
<Ghost_Rider> ok...
*** Ghost_Rider sets mode: -m
<freeque> does all this apply for a wireless network? other than the cables section of course :-)
<mikestevens> ok
<Megram> essentially
<mikestevens> this has come up
<mikestevens> FQDN stands for Fully Qualified Domain Name
<mikestevens> its the diffrence between www and www.foo.com
*** Quits: blues (Ping timeout)
<Ghost_Rider> freeque: if the network is TCP/ip based yes
<mikestevens> www is the hostname
<mikestevens> www.foo.com is the FQDN
<jaxler> proceed
<Ghost_Rider> any more questions?
<Megram> freeque, you will probably need a different module to the ones GR suggested, but they shouldnt be too hard to find
<DigitalFallout> Ghost_Rider: are you god?
<freeque> lol
*** Joins: Kintege
<mikestevens> yes he is
<Cyberwolf> is a crossover cable very different from a regular UTP cable?
<DigitalFallout> Hehehe
<Ghost_Rider> freeque: check the IrDA kernel modules
<Megram> Cyberwolf, ish
<mikestevens> Cyberwolf: Crossover is a diffrent Pin setting
<TracerT> wait
<freeque> Ghost_Rider - cheers. u know too much m8 ;-)
<Megram> Cyberwolf, it simply has 1 pair of the wires crossed over
*** Joins: norton
<mikestevens> UTP stands for Unshielded Twisted Pair
<Cyberwolf> k, thanx guys
<jimi> what is the bnc port of my hub used for?
<TracerT> how the RJ45 cabel loox like?
<mikestevens> STP is shielded Twisted Pair
<mikestevens> (not the band)
<Ghost_Rider> TracerT: a normal cable
<Cyberwolf> TracerT: like a phone/ISDN plug
<Ghost_Rider> TracerT: with 4 wires in it
<Ghost_Rider> hehe
<Megram> jimi, the bnc part is for using bnc/thinnet cabling. that requires different cabling methods, and i suggest using cat3/5 over bnc
*** Freezer is now known as ]|MooCow|[
<jimi> oh ok thanks
<mikestevens> Cat 5 can do 100Mbit :-)
<Ghost_Rider> unless you guys wanna use AUI on ur network:)
<a|pha[away]> 2 pari cable
<ShellFish> i have q.. realy lame but what does the "cat x" stand for?
*** Joins: codz
<a|pha[away]> pair
<Megram> shell, ok....
<Megram> shellfish, its just used for declaring the capabilities of the cable. cat 3 is 'category 3', capable of 10mps connections, and prone to interference
*** Quits: RedShadow (Quit: gtg, bbl)
*** Quits: TracerT (Connection reset by peer)
<Megram> ShellFish, cat 5 is category 5, is capable of 10/100mps tranfers, and is less prone to interference
*** Quits: Paya (Quit: Leaving)
<ShellFish> ok.. the higher num the better?
<mikestevens> There are new emerging types
<mikestevens> Cat 5e and Cat 6
* ]|MooCow|[ moo's...lots
<a|pha[away]> which are?
<Megram> yeah, tho you will only really encounter cat 3/5 in a small home lan
<a|pha[away]> ..
<b0iler> fast ethernet
<kIllah|b> CAT 5E != CAT5
<mikestevens> They are types for gigabit ethernet
*** Joins: TracerT
<kIllah|b> CAT 5E is allmost same as CAT6
<mikestevens> I'm not sure if there are standards on it yet
<Megram> if i may, we may want to move on with the lecture, unless there are any main outstanding questions
<Serial_Killer> btw guys how come i know that my network card is detected by linux
<ShellFish> the reason im askin is that when we have lan paries everyone shouts a lot about "cat" and i just dont understand.. but i do now.. tnx
<a|pha[away]> i'll look it up in webopedia.com
<Ghost_Rider> Serial_Killer: i saied that on the 1st part of the lecture but no prob
<norton> .
<Ghost_Rider> Serial_Killer: is it pci?
<mikestevens> ok on with the lecture
<Serial_Killer> hhee
<Ghost_Rider> mikestevens: Wait..serial has a question..
<mikestevens> ok
<Ghost_Rider> Serial_Killer: is it pci?
<Frydo> i've got rh5.2 and no /etc/networks - how so ?
<Serial_Killer> no yeah
<Serial_Killer> yeah*
<Serial_Killer> it is
<Ghost_Rider> Serial_Killer: so cat /proc/pci and look for it
<TracerT> ive missed somethink?
*** ]|MooCow|[ is now known as Freezer
<mikestevens> TracerT: no still Q&A
<Ghost_Rider> Frydo: well rh sometimes just don't create files that you don't really need.. /etc/networks is just a add on
<Serial_Killer> ok...
<Ghost_Rider> Frydo: if you create it
<Ghost_Rider> it will work
*** Quits: Sub (Quit: good users don't use colored quits)
<Ghost_Rider> so any other questions?
*** Joins: XMulder
<Megram> one other quick point...
<XMulder> wpw
<Frydo> - it works without it ...
<XMulder> wow
<Serial_Killer> btw im using Fast ethernet Adapter 10/100 MBps PCi
<XMulder> so many ppl what is goin on?
<Megram> some of you may not know why the example ip GR used was 192.168.x.x, we will explain that later if anyone needs to know
*** Quits: VoRtex (Quit: )
*** Quits: a|pha[away] (Quit: well... an exit is really the entrance into something else...)
<gUeSt51> I have a question if I may... maybe not so related, I went into /proc/ and looked at pci, I can pico it or cat it, but it shows that the file is 0 bytes large.. why is this?
<Ghost_Rider> Megram: well I saied upthere that it was a private ip for LAN purposes
*** Joins: Devil_Panther
<Matt> ./proc is a virtual filesystem
<Ghost_Rider> /proc maps ur memory
<Devil_Panther> so....
<freeque> Ghost_Rider - but u didnt really explain why u used class C and not A or B :-P
<Matt> its not acutally a device like /dev devices are
<Megram> yep, but i can give a bit of history on why that ip is used if needed
<TracerT> freeque: cos it stands like this
<Matt> the closest relation would be a pointer in C, and /dev as a reference
<freeque> Megram - that would be nice
<Ghost_Rider> freeque: well since I was giving an example
*** Parts: Balle
<Ghost_Rider> but there's nothing that says you can't use class A or B
<Ghost_Rider> ok..moving on
*** Ghost_Rider sets mode: +m
*** Quits: Grim_Reaper (Quit: Leaving)
<Ghost_Rider> I think now this is the most important part of the lecture
<Ghost_Rider> it's ip masquerade part
*** Joins: Andrei_
<Ghost_Rider> ip masquerade is a system a NAT (network address translation) system
<Ghost_Rider> now what is this you ask...
<Ghost_Rider> well like I saied before we were using private ips
<Ghost_Rider> the routers on the internet don't know how to route data for those ips
*** Joins: mayfaer
<Ghost_Rider> so this means that a computer using 192.168.0.2 ip can't connect to the internet
*** Quits: Devil_Panther (Quit: The Devil Panther will rise again.)
<Ghost_Rider> and also because we want that all our network have internet access
<Ghost_Rider> but just using like a dial-up
<Ghost_Rider> so in other words what I'm trying to say is that with just one computer of the network that is connected to the internet all your network can have access to the internet using the ip masquerade capacities
*** Quits: nocent (Ping timeout)
*** Quits: jaxler (Ping timeout)
<mikestevens> it is a free version of those expensive "personal routers"
<Ghost_Rider> and it's not hard to make it work...
<Ghost_Rider> you re-compile the kernel of the box that has the ppp connection adding the IP Masquerade support
<Ghost_Rider> besides of that
<Ghost_Rider> you'll need ipchains
*** gUeSt51 is now known as Obsidian
*** Quits: Kintege (Quit: )
<Ghost_Rider> now with kerne 2.4.x
<Ghost_Rider> iptables is starting to take over ipchains
<Ghost_Rider> but since I'm still with kernel 2.2.x i'll talk what I know in other words ipchains
*** Quits: Obzerver (Quit: i ll check the logs)
<Ghost_Rider> a single ipchains rule will do the owrk
*** Joins: Crash_Gnome
<Ghost_Rider> /sbin/ipchains -A forward -s 192.168.0.0/24 -d | 192.168.0.0/24 -j MASQ
<Ghost_Rider> /sbin/ipchains -A forward -s 192.168.0.0/24 -d ! 192.168.0.0/24 -j MASQ
<Ghost_Rider> so any package that comes from 192.168.0.0 network and don't goes to that network will be masqued
<Ghost_Rider> in other words will be set to the internet.
<Ghost_Rider> and your LAN will start being able to access internet
<Ghost_Rider> (I'll just talk what really masq does)
<Ghost_Rider> but you also have to do a little configuration on your clients
<Ghost_Rider> you have to add a default route and set the box with ppp connection as gateway
*** Quits: nin (Ping timeout)
*** Quits: Nightshade (Ping timeout)
<Ghost_Rider> so thinking that our router is 192.168.0.0
*** Quits: Freezer (Quit: The source of our oppression is the reason for my anarchy)
<Ghost_Rider> we do /sbin/route -add 0.0.0.0 gateway 192.168.0.1
*** Joins: Ralph
*** ChanServ sets mode: +o Ralph
<Ghost_Rider> now to the important part..what really happens on our masquerading host
<Ghost_Rider> like I told you ip masquerading is a NAT System
<Mikkkeee> rider will u explain load balancing translation, where a single ip addy and port is translated to a pool of identical servers so taht a single pulblic addy can be served by a number of boxes
<Ralph> whao, lotsa people
<Ghost_Rider> explaining this in a very simple way..
*** Quits: Caboom (Quit: YAQM - yet another quit message)
<Ghost_Rider> when you send a request from an inside host to an external ip
<Ghost_Rider> it will be used ur router as gateway..to make than connection port X will be used
<Ghost_Rider> now the masquerading host will get the package
<Ghost_Rider> check the TO IP: and replace the FROM IP: with it's own ppp ip and make the connection on port Z
<Ghost_Rider> now doing all this it will store in a table internal machine port X port Z
*** Joins: Nightshade
<Ghost_Rider> now when the masquerading host receives data from port Z
<Ghost_Rider> it check the table
*** Parts: codz
<Ghost_Rider> see it's for machine and on port X so repalces again TO IP: and puts the internal ip and FROM IP: puts the external ip we are reaching and sents it to port X
<Ghost_Rider> sorry about just ignoring you mikkkeee what were you saying?
*** H2-0 is now known as H2-0[Away]
<Ghost_Rider> btw I assumed that you already knew it but mikestevens told me to remind you anyway
<Ghost_Rider> ip forwarding is disabled by default
<Ghost_Rider> so you have to enable it
<Mikkkeee> ahh i said someting about load balancing translation
<Mikkkeee> if u were going to explain it deepre
<Mikkkeee> er
<Ghost_Rider> echo "1" > /proc/sys/net/ipv4/ip_forward
*** Ghost_Rider sets mode: -m
*** Quits: norton (Quit: )
<Ghost_Rider> questions about masquerading?
<TracerT> somewhere in the datagram
<TracerT> is there writen that out Gateaway is a gateaway
<Mikkkeee> rider are u going to explain some problems with NAT?
<TracerT> and how he knows, wich packets for where they belong inside the lan
<TracerT> ?
<Ghost_Rider> mikestevens: talking about port probs and unreachilbity? I'll go there in a minute
<TracerT> out+our
<TracerT> out=our
<Nightshade> I CAN SPEEEK
<HardW1r3> be back in just a second
<Andrei_> s
<Mikkkeee> like the software that encrypts tcp headers info will not work correctly with NAT cause of tcp info must be accessible to the ifrewall, stuff like that
<Nightshade> Yoooo Woooo
<mikestevens> oh if you have 2.4.x and want to do IPMASQ
*** Quits: HardW1r3 (Quit: )
<mikestevens> I have a lil script right here
<TracerT> ghost_rider
*** Quits: Ralph (Ping timeout)
<Nightshade> sorry....
<mikestevens> echo 1 > /proc/sys/net/ipv4/ip_forward
<mikestevens> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
* Nightshade shuts right up
<Ghost_Rider> traceT: like i told the gateway sets a table which is called the masquerade table
<CodE4> why they at some places that one should set this fragmentation option too in addition to forward
<Ghost_Rider> on that table will be setted the internal host that sent the request
<Ghost_Rider> the port that comunicates to the gateway
<Ghost_Rider> and the port which the gateway is comunitating to the remote host
*** Quits: Cyberwolf (Ping timeout)
<Ghost_Rider> that allows the gateway to know when he receives a package from where to route it
<TracerT> so from outside, if you read the datagram, youl know that there are some PC in lan, after the gateaway?
<Ghost_Rider> TracerT: if you are trying to make the connection from the outside to get inside you can't..I'll get there in a sec
<TracerT> no!
*** Joins: bracaman
<TracerT> if you READ the datagram from outside, can you know the internel IPs
<Megram> no
<Ghost_Rider> nope
*** Mikkkeee sets mode: +v bracaman
<Ghost_Rider> TracerT: from the outside
<Ghost_Rider> you think you are being contact
<Ghost_Rider> from the masquerading host
<TracerT> after that GateAway of ours. Its like a wingate. right?
<Ghost_Rider> because like I told the ips we were using are UNroutable
<freeque> you might have answered this, and it's not even a very good question, but just out of interest, is there a limit to the number of computers whose ips you can masquerade?
<Megram> yes, 65k
<TracerT> OK, so how the gateaway knows wich packet, to where he belongs, after the packet is recieved from outside?
<bracaman> i think Ghost_Rider is lying...
<bracaman> :)
<Megram> TracerT, ill explain the details to you in pvt...
*** Joins: Ralph
*** ChanServ sets mode: +o Ralph
<Mikkkeee> not really nat allows an entire class B sized network to hide behind a single ip addy
<TracerT> 10X
<Mikkkeee> not really NAT allows an entire class B sized network to hide behind a single ip addy
<Frydo> any chance I can do this trick with windows ? not as a proxy I mean.
<freeque> so 65,000 or unlimited?
*** Quits: Andrei_ (Quit: BitchX-1.0c18 -- just do it.)
<mikestevens> Actually you can use 10.0.0.0/16
<TracerT> frydo: wingate
<mikestevens> errr
<TracerT> form win98 you can do it!
<mikestevens> 10.0.0.0/8
* freeque confuzzled
*** Joins: binz
<Frydo> not the same, it's a proxy.
<Infini7y> : )
<binz> is the lecture over?
<freeque> mikestevens - class b is /16 is it not?
<Ghost_Rider> binz: nope
<Mikkkeee> well for nt which doens't provide this fuction, u must use a third party firewall if u want to use NAT. thats for the window questions
<Ghost_Rider> freeque: yeah..class B is /16
<shady_harrasment_panda> btw good lecturer i was enjoying it but i have to go i fell to sick to stay up
<shady_harrasment_panda> bye ppl
<Ghost_Rider> because 2 octects are fixed
<mikestevens> I corrected myself
<mikestevens> above
<mikestevens> <mikestevens> 10.0.0.0/8
<Mikkkeee> nah there is a third part and an suprise lecture
*** Parts: shady_harrasment_panda
<Ghost_Rider> so shall we continue?
<Mikkkeee> its all yours
<Ellis_D> yes
*** Ghost_Rider sets mode: +m
<bracaman> can opers speak when the chan is moderated?
<mikestevens> yes
<bracaman> :))
<Ghost_Rider> ok..so like we were saying ip masquerading is really cute but it has some problems
<Mikkkeee> yup and voice
<Ghost_Rider> like if you need someone to connect to a host inside ur network it can't..
<Ghost_Rider> or like if you wanna use ftp or any other protocol
<Ghost_Rider> that works in a way that the remote host makes a connection to you it won't work..
<Ghost_Rider> well that's not interily true
<Ghost_Rider> you have the kernel modules to support ftp on active mode
<Ghost_Rider> you have kernel modules for real audio
<Ghost_Rider> for dcc over irc
*** Quits: binz (Quit: cya)
<Ghost_Rider> and a couple of other services
*** Joins: Andrei_
<Ghost_Rider> that will work one part of the prob
<Ghost_Rider> but what about if you really wanna allow ppl like to login in one of our boxes
*** Joins: RedShadow
<Ghost_Rider> well the answer to that is a program called ipmasqadm
*** Quits: Nightshade (Ping timeout)
<Ghost_Rider> you can find it at freshmeat.net
<Ghost_Rider> and what it does ir redirect traffic from localhost port X to remote HOST port Z
*** RedShadow is now known as _RedShadow-
*** Joins: Craft
*** SteeLe sets mode: +v _RedShadow-
*** _RedShadow- is now known as RedShadow
*** Craft is now known as Sup|ED-209|Craft
<Ghost_Rider> but allowing ppl to connect inside our network
<Ghost_Rider> might be unsecure
*** Joins: HellFish
<Ghost_Rider> since if it roots that box it's one step to root the intire network
<Ghost_Rider> so it's time to talk about the concept of DMZ
*** Quits: ShellFish (Killed (NickServ (GHOST command used by HellFish)))
*** HellFish is now known as shellfish
<Ghost_Rider> DMZ stands for De-Militarized Zone
*** Mikkkeee sets mode: +v Sup|ED-209|Craft
*** Parts: mayfaer
<Ghost_Rider> if you check example 3 you'll see what I'm talking about
<Ghost_Rider> the DMZ is a subnet were the untrusted host are
*** Joins: HardW1r3
*** ChanServ sets mode: +v HardW1r3
*** Quits: zwanderer (Quit: Liberae sunt nostrae cogitationes)
<HardW1r3> im back
<Ghost_Rider> a way of doing this kind of DMZ
<Sup|ED-209|Craft> who many ppl here...
<Ghost_Rider> is setting ur masquerading host with 2 ethernet cards
<Mikkkeee> sorry to cut in rider, problems with NAT also occur with software that embeds TCP/IP address info inside TCP/IP packets and tehn relies upon that information will not work cause the interior tcp/ip address info will be wrong, this occurs with FTP and other protocols.
<mikestevens> like AIM or FTP
<Ghost_Rider> still you guys have the modules
<mikestevens> there are modules for FTP
<mikestevens> and a few others
<Mikkkeee> PPTP, Sqlnet2, FTP, and best of all IRC.
*** Joins: jaxler
*** Joins: UraniumD
<Ghost_Rider> mikestevens: but why are you cutting of if I already told that?
<Ghost_Rider> Mikkkeee: but why are you cutting of if I already told that?
<Mikkkeee> u did
<Mikkkeee> sorry
<Ghost_Rider> it was for mikkkee not mikestevens
<Ghost_Rider> I did
<Ghost_Rider> no prob
<Mikkkeee> sorry
*** Quits: ryph (Quit: )
<Ghost_Rider> well continuing
*** Joins: freerider
<Ghost_Rider> other way of implementing a DMZ
<Ghost_Rider> is setting a ip masquerading host
<Ghost_Rider> inside the LAN
<Ghost_Rider> which is example 4
*** Quits: XMulder (Quit: )
<Ghost_Rider> of course this kind of network aren't home networks but I think it's always good to know about this stuff
<Ghost_Rider> the most imporant thing is that ur LAN won't trust the DMZ
<Ghost_Rider> so in my opnino the best way to implement it is using the so call 2 legged network
<Ghost_Rider> that is the ip masquerade host with 2 ethernet cards
<Ghost_Rider> then you would setup the firewall to allow traffic for the DMZ ethernet interface but not for the trusted LAN
<Ghost_Rider> do you guys wanna add anything?
*** Quits: muncheese (Quit: Leaving)
<Ghost_Rider> shall we stop for questions about DMZs?
<Sup|ED-209|Craft> which firewall you are using?
<Ghost_Rider> I use ipchains
<Mikkkeee> ipchains
*** Quits: UraniumD (Ping timeout)
*** Ghost_Rider sets mode: -m
<Ghost_Rider> anyone has questions that wanna ask?
<kn1x> so could a DMZ be setup like a 'honeypot'?
<Frydo> why connect the trusted lan to the router in the first place ?
<Ghost_Rider> Frydo: because you want the trusted lan to have access to the internet
*** Quits: SpiderMan (Ping timeout)
<Ghost_Rider> Frydo: and you just have a ppp-dial up connection
<Ghost_Rider> kn1x: yes..but it's not the major thought when setting up a DMZ
*** Quits: Infini7y (Connection reset by peer)
<Frydo> but where's the difference to the dmz then ? if you hack the router the protection is gone !?!
<Ghost_Rider> when you setup a DMZ you are thinking in giving services to the internet but not taking very risk at it
<kn1x> well could you trick an attacker, by making him think that was your network, when it is actually hidden further in..?
<mikestevens> kn1x: yes
<Ghost_Rider> Frydo: well if you root the router is it's the same thing all network is in a bad situaton
<mikestevens> the real network is hidden behind NAT
<Ghost_Rider> Frydo: but if you hack like the mail server
<Ghost_Rider> Frydo: that's not so bad..since the DMZ is suposed to be under hevially watching
* Sup|ED-209|Craft is reading http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO-2.html
<Mikkkeee> well faults in static traslation won't protect the internal host
<Ghost_Rider> Frydo: and since traffic from DMZ --> trusted LAN
<Ghost_Rider> Frydo: won't be routed
<Ghost_Rider> Frydo: you gain some time there...
<Frydo> got it
<Ghost_Rider> Frydo: of course like you root the firewall the LAN is doomed
*** Joins: Nightshade
<Ghost_Rider> but since the firewall isn't really running services
<Andrei_> Ghost_Rider
<Ghost_Rider> it's just redirecting them to the DMZ
<Ghost_Rider> andrei_ : yes?
<Andrei_> i'm soryy to interrup this discution
<Andrei_> but i can'd set up my internal network
<Ghost_Rider> what's ur prob?
<freeque> lol. he charges £50 and hour :-)
<Andrei_> in fact i camn't give internet access to a computer
<Ghost_Rider> lo@freeque
<Ghost_Rider> Andrei_: but is ur LAN working, like you can ping lan hosts, you can't just masq?
<Andrei_> iexactly
<Andrei_> i can ping
<Ghost_Rider> Andrei_: can you ping ur ppp0 ip?
<Andrei_> my internat network works just fine
<freerider> /freerider REGISTER 2825902 cantnot@adinet.com.uy
<Sup|ED-209|Craft> Ghost_Rider: have you read David Ranch's faq?
<Andrei_> Ghost_Rider nope
*** Mikkkeee sets mode: +o RedShadow
<Andrei_> that's the problem
<Ghost_Rider> Sup|ED-209|Craft: I don't think so why?
<Nightshade> Ok guys, thats me for tonight, c ya laterz
*** Parts: Nightshade
<Ghost_Rider> Andrei_: well check ur routing table..I'll keep with you on private
<Ghost_Rider> guys the lecture is going on..for the final part
*** Ghost_Rider sets mode: +m
<Sup|ED-209|Craft> Ghost_Rider: maybe usefull to read @ http://www.linuxdoc.org/HOWTO/IP-Masquerade-HOWTO.html ?
<Ghost_Rider> oh...ip masquerade howto yes I read it when I setting up my 1st lan hehe
* Mikkkeee says guys if u don't understand/still got questions all will be clear once rider releases the tut
*** Joins: |\Lesma\|
*** |\Lesma\| is now known as samurai
<Ghost_Rider> so guys this puts us on the final topic and most buggy one too NFS
<Ghost_Rider> (damn I was seeing that I would never end this lecture)
<mikestevens> I want AFS or CODA!!!
*** Joins: SileNceR
<mikestevens> sorry
<Ghost_Rider> as usual mike giving it's very unique taste to the chat
<mikestevens> lol
<Sup|ED-209|Craft> lol
<Ghost_Rider> but let's keep going
<Ghost_Rider> nfs stands for network file system
*** Retrieving #bsrf info...
<Ghost_Rider> I once read a very simple definition nfs = file sharing windows for *nix
<Ghost_Rider> yes..that's true
<Ghost_Rider> but NFS
<Ghost_Rider> is much more configurable
<Megram> sorry guys, i need to run off, sleep is calling. Have fun all of you :O)
<Sup|ED-209|Craft> nt filesystem
<Megram> gj so far btw GR :O)
*** Quits: Megram (Quit: Why do we need cheese?)
*** H2-0[Away] is now known as H2-0
*** Quits: H2-0 (Quit: good users don't use colored quits)
<Ghost_Rider> to make nfs available
<Ghost_Rider> you have to put some really buggy daemons running
<Ghost_Rider> I know at least 2 linux worms uses portmap probs to spread and you will need to use portmap
<Ghost_Rider> rpc.portmap, rpc.mountd and rpc.nfsd
<Ghost_Rider> will be the services you'll need to run to allow nfs
<Ghost_Rider> now one questions that we ask when we are setting up NFS is "is this really necessary?"
<Ghost_Rider> well NFS is slow as hell, if you need anything from one computer to other you can just start a ftp deamon and upload or download
<Sup|ED-209|Craft> can somebody give me your plan(s)?
<Ghost_Rider> it would be faster...
<Ghost_Rider> Sup|ED-209|Craft: i'm almost finishing...it's last topic man
<Sup|ED-209|Craft> ok
<Ghost_Rider> to make this quick since you guys are already tired of reading what I say
<Ghost_Rider> you have 3 main files to configure NFS
<Ghost_Rider> /etc/hosts.allo /etc/hosts.deny and /etc/exports
*** Joins: SpiderMan
*** ChanServ sets mode: +o SpiderMan
*** Quits: freerider (Quit: Leaving)
<Ghost_Rider> /etc/hosts.allow /etc/hosts.deny and /etc/exports
<Ghost_Rider> hosts.allow and hosts.deny will check allow or deny connections from hosts
*** Joins: Hand_of_God
<Ghost_Rider> you just allow ur local network and deny all the rest
<Ghost_Rider> so hosts.allow would be something like
<Ghost_Rider> rpc.portmap: 192.168.0.0/24
*** Quits: Sh0ck3R (Ping timeout)
<Ghost_Rider> rpc.mountd: 192.168.0.0/24
<Ghost_Rider> rpc.nfsd: 192.168.0.0/24
*** Quits: jimi (Quit: BitchX-1.0c16 -- just do it.)
<Ghost_Rider> and on hosts.deny just ALL: ALL and would deny everything that isn't accepted
*** Joins: freerider
<Ghost_Rider> on /etc/exports you'll have the exports dir
<Ghost_Rider> and the hosts that could export it
<Ghost_Rider> for example /home HOSTNAME(rw)
<Ghost_Rider> the (rw) stands for read and write giving these permissions to HOSTNAME when he mounts /home
<Ghost_Rider> well I think this is done
<SteeLe> tired heh ?
* DigitalFallout wakes up
<DigitalFallout> DId I miss anything?
<Mikkkeee> man we all got to give it up for Rider
*** Joins: _RooTs_
* DigitalFallout gives Ghost_Rider a "round of applause"
*** Mikkkeee sets mode: -m
<mikestevens> great job
<Ghost_Rider> man I'm exausted..almost 2 hours...u guys killed me
<Ghost_Rider> thnx mike
* Ellis_D gives a standing ovacion
<DigitalFallout> That is like a BSRF lecture record
* Mikkkeee gives Rider a "round of applause"
<Ghost_Rider> well guys I cutted some parts because this was already too extensive
<Ghost_Rider> thnx mikkkeee
<Ghost_Rider> glad that you guys liked
<Mikkkeee> hell yah

<--------------End of lecture------------>