Oct 11

There are times when you want to connect to the Internet through unknown and/or insecure networks such as  WiFi hotspot. If you aren’t careful, you might make it all too easy for someone to sniff your connection using Ettercap.

One of the best ways to secure your connection is to use a VPN, but that isn’t always practical. So here’s a way to securely connect to the net using only an SSH client and a remote box that you control/trust.

Requirements:

  1. PuTTY* loaded on your local machine
  2. Remote host running OpenSSH (e.g. Linux box at home)
  3. Firefox (obviously)
  4. Gaim for all your IM needs

Just follow these steps…
1. Create a new PuTTY session
Run PuTTY and create a new session in PuTTY to connect to the remote host that is running OpenSSH. Fill in the hostname, the port (usually 22), make sure SSH is checked, give it a session name and hit Save:

2. Configure a secure tunnel
Click on “Tunnels” on the left and set up dynamic fowarding for a local port (e.g. 7070). Under “Add new forwarded port” type in 7070 for the source port, leave the destination blank, and check Auto and Dynamic. Then it the Add button. If you did it correctly, you’ll see D7070 listed in the Forwarded Ports box:

That’s it for tunnels, as there is no need to create more than one. Remember to save your session profile in PuTTY so you don’t have to set up the tunnel next time.

3. Connect to the remote SSH box
Double click on the connection profile and type in your username and password when prompted.

4. Configure Firefox
Go to Tools, Options, General, and then click on Connection Settings…

Check Manual Proxy Configuration, leave most of the fields blank, but fill in 127.0.0.1 for the SOCKS v5 host with a port of 7070 (or whatever you used in Step 2):

5. Configure Gaim
Fire up Gaim and hit the Preferences button:

Then select Network on the left and set up the Proxy Server. The Proxy Type should be SOCKS 5. The host is 127.0.0.1 and the port is 7070 (or whatever you chose in Step 2).

There’s no need for a user or password. Then hit close.

6. Enjoy
That’s it. From now on, as long as you first log into the remote ssh host with PuTTY, your Firefox and IM traffic will be routed over a secure tunnel to the remote host and then out to the Net. Good stuff.

* Yes, PuTTY is available for Linux. It’s even in Portage!

Update (Email): Actually, the setup for Thunderbird to securely proxy your email traffic is pretty much the same as it is for Firefox.

And then type in 127.0.0.1 and your port number:

That’s it.

Posted in Administrator, Firewall, Network, Security, tips & tricks | | No Comments »
Sep 20

There are many times that client are having dynamic ip address (assigned by DHCP server) and in this cases it’s hard to set any rules on bases of ip address as, you would not know what ip address the client machine be getting, in such case we could use mac based ACL’s to set up any rules on that particular machine.

# vi /etc/squid/squid.conf

Look for acl section and append ACL as follows:

acl mac1 arp 00:11:22:70:44:90 acl mac2 arp 00:11:22:33:44:55 http_access allow mac1 http_access allow mac2 http_access deny

all Save and close the file. Restart squid server:

# /etc/init.d/squid restart

Posted in Administrator, Firewall, Linux Distribution, Network, QoS | | No Comments »
Sep 20


For those of you who don’t know, Vyatta is an open source network appliance that functions as a router, firewall, and VPN device, all running on a customized version of Debian Linux. I have been following the progress of Vyatta for over a year now, and things are looking very promising. The latest release is called VC4 (Vyatta Community edition) and it includes a bunch of useful new features:

  • New command shell allows you to modify Linux settings and network settings from one common interface
  • Redesign of routing protocol offers greatly improved stability and performance
  • Role-based user access
  • Equal-cost multi-path routing
  • Remote access VPN
  • Support for IP tunneling protocols
  • PPPoE support, commonly used with DSL connections
  • WAN load balancing of outbound traffic across two or more WAN-facing interfaces
  • Quality of Service policies provide congestion management and traffic conditioning

As you can see, a lot of exciting changes have been made in the short six months since the previous release. The routing improvements are related to the change from XORP to Quagga. The added QoS capabilities will make Vyatta a good fit for VoIP deployments. The only negative to this release is that Vyatta had to temporarily remove the GUI web-interface until they can integrate it, which is scheduled for July, 2008. Overall, Vyatta is becoming a a compelling option for replacing some of your over-priced network equipment. Read the rest of this entry »

Posted in Firewall, Linux Distribution, Network, Open Source, QoS, Security | | No Comments »