YUM connects to servers on port 80, you should therefore open it on the OUTPUT chain of your firewall.

iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT

This connection, once established, will be amended to other high ports. Hence, you need to have the following rules to maintain packets of established and related connections.

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Assuming that the default chain’s policy is DROP

Ping works through ICMP echo-request and echo-reply messages. The following is an example of the rules required to allow ping from within the system but drop all pinging attempts from outside.

iptables –A INPUT -p icmp --icmp-type echo-request –j DROP
iptables –A OUTPUT -p icmp --icmp-type echo-reply –j DROP
iptables –A OUTPUT -p icmp --icmp-type echo-request –j ACCEPT
iptables –A INPUT -p icmp --icmp-type echo-reply –j ACCEPT

Further, to ping (and nslookup) a domain name, DNS UDP port 53 should be opened too:

iptables –A OUTPUT -p udp --dport 53 –j ACCEPT
iptables –A INPUT -p udp --sport 53  –j ACCEPT

FTP works in two different transfer mode, the first being active transfer mode, it makes use of port 20 to send out data packets, and -of course- port 21 for FTP controls, as in the following communication channels [1]:

  1. FTP server’s port 21 from anywhere (Client initiates connection)
  2. FTP server’s port 21 to ports > 1023 (Server responds to client’s control port)
  3. FTP server’s port 20 to ports > 1023 (Server initiates data connection to client’s data port)
  4. FTP server’s port 20 from ports > 1023 (Client sends ACKs to server’s data port)
    vsftpd

which means that configuring iptables to ACCEPT packet from and to ports 20 and 21 is enough to get through the firewall, as in:

iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --sport 21 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --sport 20 -j ACCEPT

However, with passive transfer mode, the communication includes a random port number at the server side as part of the following scenario [1]:

  1. FTP server’s port 21 from anywhere (Client initiates connection)
  2. FTP server’s port 21 to ports > 1023 (Server responds to client’s control port)
  3. FTP server’s ports > 1023 from anywhere (Client initiates data connection to random port specified by server)
  4. FTP server’s ports > 1023 to remote ports > 1023 (Server sends ACKs (and data) to client’s data port)

As such, you must plan to configure your server to allow transmission from this randomly selected range of ports. There are two different ways to tackle this problem:

  • First OPTION, you may limit your passive (PASV) ports in your FTP server, then open this range of port on the firewall; but this is NOT a good approach because you will unnecessarily be opening many extra ports on the firewall!

    Read the rest of this entry »

FirewallD is a new method to configure netfilter, redhat documentation explains that it works on top of iptables (cmd) to replace the static iptables (service). [1]

The Fedora Project introduces this new netfilter interface as follows:

firewalld provides a dynamically managed firewall with support for network/firewall zones to define the trust level of network connections or interfaces. It has support for IPv4, IPv6 firewall settings and for ethernet bridges and has a separation of runtime and permanent configuration options. It also supports an interface for services or applications to add firewall rules directly. [2]

While FirewallD comes as the default service in CentOS 7/Fedora 18 (and above?), we can easily replace it back with the known iptables if we go through the following few steps

  1. Install iptables from the repository
    yum install iptables-services -y
  2. Stop FirewallD
    service firewalld stop
  3. Remove FirewallD from the start-up list
    chkconfig firewalld off
  4. Start iptables and ip6tables
    service iptables start
    service ip6tables start
  5. Add iptables and ip6tables to the start-up list on boot time
    chksonfig iptables on
    chkconfig ip6tables on

    Enjoy iptables!

    References
    [1] Red Hat 7 – Security Guide
    [2] The Fedore Project: FirewallD

Rationale

The objective of this article is to set-up a secondary router to act as a “Repeater Bridge” which is a very convenient approach to extend the Wi-Fi coverage of a WLAN. This means that, if -for example- you live in a two-floors apartment, and your integrated router in the first floor does not provide enough coverage for the second floor, you can locate a secondary router in a strategic location to extend the signal of the first router to reach further rooms without having to establish a new network (or new subnet).

It does not really matter which model your first router is, as long as it works well for you. However, for the second router in this tutorial, I use a DD-WRT v24-sp2 firmware. It is described by its developers as a “Linux based alternative OpenSource firmware suitable for a great variety of WLAN routers and embedded systems”. In this case I flashed it into my Linksys WRT54G v1.1 (it is quite affordable, so I strongly recommend you to have one at home). Also note that, an Ethernet cable is NOT required between the two routers for this implementation, instead, the spectrum itself is sufficient to connect the two.

Read the rest of this entry »

A number of free and open-source tools are available to perform WLAN site-survey such as Kismet and inSSIDer for Home. This post will introduce the features of these two tools.

First, inSSIDer for Home is free to use Wi-Fi discovery tool for Windows. It is available from http://www.metageek.net/

Running the tool (v3.0.7.48) at home gave me the following detail about a Wi-Fi network I tested:

– Listed the SSIDs of all WLANs in my area based on their signal strength
– The chanel(s) each WLAN use: mine was channel 1
– Security protocols used: mine was WPA2-Personal
– MAC addresses
– IEEE 802. 11 protocols: mostly ‘n’ but some ‘g’ type appeared as well
– Signal: between -29 and -35 dBm
– Overlapping networks: 2 networks
– Co-channel: 9 networks
– Band: 2.4 Ghz networks

Nevertheless, inSSIDer enables sorting with the following filters: SSID, vendor, channel, signal, security protocol used and 802.11 protocol. Further, it has a visual view of the networks occupying the spectrum.

Some analysis

  • Channels: there are 11 channels in band 2.4 Ghz in which channels 1, 6 and 11 do not overlap with each other. In this case using channel 1 was appropriate and it was not overlapping with a strong signal in the neighbourhood.
    Read the rest of this entry »

Linux distributions such as Fedora does not include any Microsoft TrueType fonts (TTFs) by default. To get these, have a look at the resources and guidelines available from the following sourceforge.net project: http://corefonts.sourceforge.net/

First, Microsoft TTFs package includes the following font-families:

  • Andale Mono

  • Arial Black/Arial (Bold, Italic, Bold Italic)
  • Comic Sans MS (Bold)
  • Courier New (Bold, Italic, Bold Italic)
  • Georgia (Bold, Italic, Bold Italic)
  • Impact
  • Tahoma
  • Times New Roman (Bold, Italic, Bold Italic)
  • Trebuchet (Bold, Italic, Bold Italic)
  • Verdana (Bold, Italic, Bold Italic)
  • Webdings

Second, the following steps must be followed to get the fonts added:

  1. Make sure the following is installed:
    yum install rpm-build cabextract ttmkfdir
  2. Download the latest msttcorefonts spec from http://corefonts.sourceforge.net and build an rpm file
    Example:

    cd /tmp
    wget http://corefonts.sourceforge.net/msttcorefonts-2.5-1.spec
    rpmbuild -ba msttcorefonts-2.0-1.spec
  3. The RPM file will be stored in: /root/rpmbuild/RPMS/noarch/, install it using
     rpm -ivh /root/rpmbuild/RPMS/noarch/msttcorefonts-2.5-1.noarch.rpm

Third, restart your system to get this working. I used my gnome-tweak-tool to change my default fonts to Arial and Times New Roman.

And finally, the path to Fedora’s fonts directory is /usr/share/fonts in which the newly added fonts can be located now. Further, any ttf font files can be added directly to a (new) folder following this path, Google Fonts: http://www.google.com/fonts is a very good resource for these. If a new ttf file is added, refresh the system using fc-cache -v and enjoy!

In this post I will be demonstrating iperf in Linux, a tool used in measuring the TCP and UDP throughput in a LAN between two hosts. The demonstration objective is to briefly introduce iperf with snapshots of a live system rather than producing extensive testing result and network analysis.

I used Red Hat-based linux machines (Fedora and CentOS) and iperf as well as other tools such as netperf are not part of the official RPM, but they are indeed part of the RepoForge (previouslly known as RPMforge) which -if installed- adds many other packages.

To install RepoForge, go to the official website http://repoforge.org and download the release package suitable for your machine. In my case for example, this was:
rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm.

Which can be installed using the following command:

rpm -ivh  rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm

Now we can install iperf using yum

Read the rest of this entry »

Classless Inter-Domain Routing (CIDR) allocates address space on any bit boundary, instead of on 8-bit segments as in Classful addressing. The following example demonstrates how to determine possible networks, IP ranges and subnet mask from a CIDR Notation.

Considering the following CIDR notation value: 193.56.132.0/26
we may determine the following

  • Subnet Mask

    A CIDR notation is constructed from an IP address and a prefix size equivalent to the number of leading 1 bits in the subnet mask. Considering the CIDR notation above, the number of bits in the mask is 26. This can then be represented as:

    11111111.11111111.11111111.11000000

    If we convert this number to Decimal, we get the following subnet mask: 255.255.255.192
    Read the rest of this entry »

The Volatility Framework is an advanced memory forensics framework. This post aims to introduce it with a number of examples. The framework supports RAM dumps from 32 and 64-bit windows, linux, mac, and android systems.

My demonstration will take place on a Windows machine, hence I downloaded the standalone executable which comes packaged with Python and all required dependencies from:
https://www.volatilesystems.com/default/volatility. New address: https://code.google.com/p/volatility/

To organise my work environment, I created a folder called ‘volatility’ in my standard Download folder and moved the stand alone executable to it, in my case its name was volatility-2.1.standalone.exe.

P.S. The standalone executable is portable and can be run from removable media e.g. USB.

To use it, let us first list all possible options and included plugins. This need to be done using the Command Prompt in Windows

volatility-2.1.standalone.exe -h

This is demonstrated in the following figure (click to enlarge)

The Volatility Framework: list options and supported plugins

Read the rest of this entry »

Haider’s WebSpace

Welcome to my technical blog. This is where I write, archive and share computer related articles. Subjects vary from posting technical solutions to researching particular topics. Feel free to comment and talk IT!

The information provided is for educational purposes only. All content including links and comments is provided "as is" with no warranty, expressed or implied. Use is at your own risk and you are solely responsible for what you do with it.

Sponsored Links
My Tweets