LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-03-2013, 04:36 PM   #1
Tleepc
LQ Newbie
 
Registered: Jul 2013
Posts: 7

Rep: Reputation: Disabled
NoCatSplash -yes I know its old- IPaddress whitelist? x86 Computer not a router


I have nocatsplash installed on a computer within a hotel. its been running for about 5 years now and never had to deal with this issue. Up till now everything is good. However, now I want to set up a range of IP address that can bypass the splash page and allow the "staff" to use the internet with out having to click the accept page all the time. My research showed I more then likely can do this with-in the IPtables itself, however, every command I set up via my test computer, stops the splash page from coming up but it also stops the internet from working. I could be wrong but I am getting the idea the the masquerading is broke only for that ipaddress because its going a backwards way of getting to the internet. This IS an internal IP trying to access the outside world. I wish I could figure out the commands for iptables... at this point I am at a loss.
 
Old 07-04-2013, 06:52 AM   #2
MikeDeltaBrown
Member
 
Registered: Apr 2013
Location: Arlington, WA
Distribution: Slackware
Posts: 96

Rep: Reputation: 10
I think the end of "initialize.fw" in the NoCatAuth package has your answer:

#AllowedNetworks="10.0.0.0/8"
#
#for net in $AllowedNetworks; do
# iptables -t mangle -A PREROUTING -d $net -j MARK --set-mark 2
# iptables -t filter -A FORWARD -s $net -j ACCEPT
#done

You'll need to change the AllowedNetworks variable to the sub-net of your staff computers, remove the hash(#) characters and add this code snippet to a startup script.

I can't find a copy of NoCatSplash so I don't know if it uses the MARK functionality. If not, then more will be needed. If you have a copy of the NoCatSplash files or output of `iptables -L -nv`, that would be helpful.
 
1 members found this post helpful.
Old 07-04-2013, 11:42 AM   #3
Tleepc
LQ Newbie
 
Registered: Jul 2013
Posts: 7

Original Poster
Rep: Reputation: Disabled
I belive from what I was working with it does use the mark function, however, on the safe side I am attaching my iptables -L -nv, and the first additional question I would have then is wouldn't opening this up to that subnet do this all for everyone ( they are all on the same subnet) I was hoping to just do it by IP address or mac. I have no qualms admitting this is a new area for me. To be honest
I am not sure How I got this running 4/5 years ago.


Chain INPUT (policy ACCEPT 713 packets, 68775 bytes)
pkts bytes target prot opt in out source destination
876 94024 LOG all -- eth2 * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix "BANDWIDTH_IN:"

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
360K 45M LOG all -- * eth2 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix "BANDWIDTH_OUT:"
556K 741M LOG all -- eth2 * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix "BANDWIDTH_IN:"
916K 786M NoCat all -- * * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 520 packets, 65739 bytes)
pkts bytes target prot opt in out source destination
1008 138K LOG all -- * eth2 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix "BANDWIDTH_OUT:"

Chain NoCat (1 references)
pkts bytes target prot opt in out source destination
916K 786M NoCat_Ports all -- * * 0.0.0.0/0 0.0.0.0/0
916K 786M NoCat_Inbound all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- eth3 * 10.254.0.0/23 0.0.0.0/0 mark match 0x1
0 0 ACCEPT all -- eth3 * 10.254.0.0/23 0.0.0.0/0 mark match 0x2
347K 44M ACCEPT all -- eth3 * 10.254.0.0/23 0.0.0.0/0 mark match 0x3
0 0 ACCEPT tcp -- * * 10.254.0.0/23 74.125.28.103 tcp dpt:80
0 0 ACCEPT tcp -- * * 10.254.0.0/23 74.125.28.105 tcp dpt:80
0 0 ACCEPT tcp -- * * 10.254.0.0/23 74.125.28.106 tcp dpt:80
0 0 ACCEPT tcp -- * * 10.254.0.0/23 74.125.28.104 tcp dpt:80
0 0 ACCEPT tcp -- * * 10.254.0.0/23 74.125.28.147 tcp dpt:80
0 0 ACCEPT tcp -- * * 10.254.0.0/23 74.125.28.99 tcp dpt:80
0 0 ACCEPT tcp -- * * 74.125.28.103 10.254.0.0/23 tcp spt:80
0 0 ACCEPT tcp -- * * 74.125.28.106 10.254.0.0/23 tcp spt:80
0 0 ACCEPT tcp -- * * 74.125.28.105 10.254.0.0/23 tcp spt:80
0 0 ACCEPT tcp -- * * 74.125.28.99 10.254.0.0/23 tcp spt:80
0 0 ACCEPT tcp -- * * 74.125.28.147 10.254.0.0/23 tcp spt:80
0 0 ACCEPT tcp -- * * 74.125.28.104 10.254.0.0/23 tcp spt:80
0 0 ACCEPT tcp -- * * 10.254.0.0/23 173.194.79.147 tcp dpt:443
0 0 ACCEPT tcp -- * * 10.254.0.0/23 173.194.79.106 tcp dpt:443
0 0 ACCEPT tcp -- * * 10.254.0.0/23 173.194.79.103 tcp dpt:443
0 0 ACCEPT tcp -- * * 10.254.0.0/23 173.194.79.99 tcp dpt:443
0 0 ACCEPT tcp -- * * 10.254.0.0/23 173.194.79.104 tcp dpt:443
0 0 ACCEPT tcp -- * * 10.254.0.0/23 173.194.79.105 tcp dpt:443
0 0 ACCEPT tcp -- * * 74.125.28.105 10.254.0.0/23 tcp spt:443
0 0 ACCEPT tcp -- * * 74.125.28.104 10.254.0.0/23 tcp spt:443
0 0 ACCEPT tcp -- * * 74.125.28.99 10.254.0.0/23 tcp spt:443
0 0 ACCEPT tcp -- * * 74.125.28.103 10.254.0.0/23 tcp spt:443
0 0 ACCEPT tcp -- * * 74.125.28.147 10.254.0.0/23 tcp spt:443
0 0 ACCEPT tcp -- * * 74.125.28.106 10.254.0.0/23 tcp spt:443
5135 678K ACCEPT all -- * eth3 8.8.8.8 10.254.0.0/23
0 0 ACCEPT tcp -- eth3 * 10.254.0.0/23 8.8.8.8 tcp dpt:53
5141 334K ACCEPT udp -- eth3 * 10.254.0.0/23 8.8.8.8 udp dpt:53
7676 487K DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain NoCat_Inbound (1 references)
pkts bytes target prot opt in out source destination
12948 12M ACCEPT all -- * * 0.0.0.0/0 10.254.1.53
5264 4680K ACCEPT all -- * * 0.0.0.0/0 10.254.0.172
5796 5142K ACCEPT all -- * * 0.0.0.0/0 10.254.1.154
2164 2048K ACCEPT all -- * * 0.0.0.0/0 10.254.1.105
360K 531M ACCEPT all -- * * 0.0.0.0/0 10.254.0.107
10486 9621K ACCEPT all -- * * 0.0.0.0/0 10.254.1.215
0 0 ACCEPT all -- * * 0.0.0.0/0 10.254.1.215
18193 25M ACCEPT all -- * * 0.0.0.0/0 10.254.0.216
12687 13M ACCEPT all -- * * 0.0.0.0/0 10.254.0.106
2386 2456K ACCEPT all -- * * 0.0.0.0/0 10.254.1.124
23059 30M ACCEPT all -- * * 0.0.0.0/0 10.254.1.165
0 0 ACCEPT all -- * * 0.0.0.0/0 10.254.1.165
9533 5910K ACCEPT all -- * * 0.0.0.0/0 10.254.0.226
0 0 ACCEPT all -- * * 0.0.0.0/0 10.254.0.226
0 0 ACCEPT all -- * * 0.0.0.0/0 10.254.0.226
7057 3952K ACCEPT all -- * * 0.0.0.0/0 10.254.0.225
0 0 ACCEPT all -- * * 0.0.0.0/0 10.254.0.225
3540 2878K ACCEPT all -- * * 0.0.0.0/0 10.254.1.21
8220 6478K ACCEPT all -- * * 0.0.0.0/0 10.254.0.219
5635 4256K ACCEPT all -- * * 0.0.0.0/0 10.254.0.138
0 0 ACCEPT all -- * * 0.0.0.0/0 10.254.0.138
3466 1303K ACCEPT all -- * * 0.0.0.0/0 10.254.0.16
17921 26M ACCEPT all -- * * 0.0.0.0/0 10.254.0.80
11603 16M ACCEPT all -- * * 0.0.0.0/0 10.254.0.39

Chain NoCat_Ports (1 references)
pkts bytes target prot opt in out source destination
180 10656 DROP tcp -- eth3 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 mark match 0x3
0 0 DROP udp -- eth3 * 0.0.0.0/0 0.0.0.0/0 udp dpt:25 mark match 0x3

Last edited by Tleepc; 07-04-2013 at 11:46 AM.
 
Old 07-05-2013, 12:05 PM   #4
MikeDeltaBrown
Member
 
Registered: Apr 2013
Location: Arlington, WA
Distribution: Slackware
Posts: 96

Rep: Reputation: 10
OK, so this looks promising. The code snippet I sent initially should work.

To limit this to just your STAFF computers you'll need to modify the AllowedNetworks variable to something like this:

AllowedNetworks="10.254.0.32/27"

This value will allow 32 computers from 10.254.0.32 to 10.254.0.61 to have the special priviledges. You will need to adjust your DHCP server to either exclude this range and configure the computers statically -or- match on MAC addresses and issue these IP addresses to the specific computers. Of course you can adjust this to a smaller or bigger range, or a different area of your address space if you like.

The last piece of the puzzle is to figure out which file to add this to. The copy of NoCatSplash on sourceForge is corrupt and I can't find it anywhere else. Using NoCatAuth as a baseline, look for a directory named something like "NoCatSplash/libexec/iptables", probably somewhere in your web-server document directory tree. If there is a file called "initialize.fw", look at the bottom and see if the code snippet is already there. If so, adjust the AllowedNetworks variable, remove the comment hashes and restart. If not, add the code and do all the stuff as if it was there.

Good job on the initial setup. Having an application work for five years in a production environment without the need to administer is a feather in your cap.
 
Old 07-06-2013, 10:55 AM   #5
Tleepc
LQ Newbie
 
Registered: Jul 2013
Posts: 7

Original Poster
Rep: Reputation: Disabled
First let me thank you for you reply's on this, and the great complement. Like I need a big head.
Now back to the task at hand. Did what you suggested, created the start-up script, as well as removed the comment hashes then restarted. acts like nothing took. the location of the file is /usr/local/nocat/bin/initialize.fw. If this is to much I am sorry, but Here is the whole Doc copied and pasted... There is also one called iptables.fw should I be editing that as well?

#!/bin/sh
##
#
# initialize.fw: setup the default firewall rules
#
# *** NOTE ***
#
# If you want to have local firewall rules in addition to what NoCat
# provides, add them at the bottom of this file. They will be recreated
# each time gateway is restarted.
#
##

# The current service classes by fwmark are:
#
# 1: Owner
# 2: Co-op
# 3: Public
# 4: Free

# Note: your PATH is inherited from the gateway process
#

if [ $(id -u) = 0 ]; then
# Enable IP forwarding and rp_filter (to kill IP spoof attempts).
#
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter

# Load alllll the kernel modules we need.
#
rmmod ipchains > /dev/null 2>&1 # for RH 7.1 users.

for module in ip_tables ipt_REDIRECT ipt_MASQUERADE ipt_MARK ipt_REJECT \
ipt_TOS ipt_LOG iptable_mangle iptable_filter iptable_nat ip_nat_ftp \
ip_conntrack ip_conntrack_ftp ip_conntrack_irc \
ip_nat_irc ipt_mac ipt_state ipt_mark; do

modprobe $module
done
fi

# Flush all user-defined chains
#
iptables -t filter -N NoCat 2>/dev/null
iptables -t filter -F NoCat
iptables -t filter -D FORWARD -j NoCat 2>/dev/null
iptables -t filter -A FORWARD -j NoCat

iptables -t filter -N NoCat_Ports 2>/dev/null
iptables -t filter -F NoCat_Ports
iptables -t filter -D NoCat -j NoCat_Ports 2>/dev/null
iptables -t filter -A NoCat -j NoCat_Ports

iptables -t filter -N NoCat_Inbound 2>/dev/null
iptables -t filter -F NoCat_Inbound
iptables -t filter -D NoCat -j NoCat_Inbound 2>/dev/null
iptables -t filter -A NoCat -j NoCat_Inbound

iptables -t nat -N NoCat_Capture 2>/dev/null
iptables -t nat -F NoCat_Capture
iptables -t nat -D PREROUTING -j NoCat_Capture 2>/dev/null
iptables -t nat -A PREROUTING -j NoCat_Capture

iptables -t nat -N NoCat_NAT 2>/dev/null
iptables -t nat -F NoCat_NAT

#
# Only nat if we're not routing
#
iptables -t nat -D POSTROUTING -j NoCat_NAT 2>/dev/null
[ "$RouteOnly" ] || iptables -t nat -A POSTROUTING -j NoCat_NAT

iptables -t mangle -N NoCat 2>/dev/null
iptables -t mangle -F NoCat
iptables -t mangle -D PREROUTING -j NoCat 2>/dev/null
iptables -t mangle -A PREROUTING -j NoCat

fwd="iptables -t filter -A NoCat"
ports="iptables -t filter -A NoCat_Ports"
nat="iptables -t nat -A NoCat_NAT"
redirect="iptables -t nat -A NoCat_Capture"
mangle="iptables -t mangle -A NoCat"

if [ "$MembersOnly" ]; then
classes="1 2"
else
classes="1 2 3"
fi

# Handle tagged traffic.
#
for iface in $InternalDevice; do
for net in $LocalNetwork; do
for fwmark in $classes; do
# Only forward tagged traffic per class
$fwd -i $iface -s $net -m mark --mark $fwmark -j ACCEPT
# $fwd -o $iface -d $net -m mark --mark $fwmark -j ACCEPT

# Masquerade permitted connections.
$nat -o $ExternalDevice -s $net -m mark --mark $fwmark -j MASQUERADE
done

# Allow web traffic to the specified hosts, and don't capture
# connections intended for them.
#
if [ "$AuthServiceAddr" -o "$AllowedWebHosts" ]; then
for host in $AuthServiceAddr $AllowedWebHosts; do
for port in 80 443; do
$nat -s $net -d $host -p tcp --dport $port -j MASQUERADE
$redirect -s $net -d $host -p tcp --dport $port -j RETURN
$fwd -s $net -d $host -p tcp --dport $port -j ACCEPT
$fwd -d $net -s $host -p tcp --sport $port -j ACCEPT
done
done
fi

# Accept forward and back traffic to/from DNSAddr
if [ "$DNSAddr" ]; then
for dns in $DNSAddr; do
$fwd -o $iface -d $net -s $dns -j ACCEPT

for prot in tcp udp; do
$fwd -i $iface -s $net -d $dns -p $prot --dport 53 -j ACCEPT
$nat -p $prot -s $net -d $dns --dport 53 -j MASQUERADE

# Force unauthenticated DNS traffic through this server.
# Of course, only the first rule of this type will match.
# But it's easier to leave them all in ATM.
#
# Commented out for now, it's got a syntax issue I can't
# quite fathom: "iptables: Invalid argument"
# --Rob
#
#$nat -i $InternalDevice -m mark --mark 4 -p $prot \
# --dport 53 -j DNAT --to $dns:53
done
done
fi
done

# Set packets from internal devices to fw mark 4, or 'denied', by default.
$mangle -i $iface -j MARK --set-mark 4
done

# Redirect outbound non-auth web traffic to the local gateway process
# except to windowsupdate.microsoft.com, which is broken.
#
# If MembersOnly is active, then redirect public class as well
#
if [ "$MembersOnly" ]; then
nonauth="3 4"
else
nonauth="4"
fi
for port in 80 443; do
for mark in $nonauth; do
$redirect -m mark --mark $mark -d windowsupdate.microsoft.com -j DROP
$redirect -m mark --mark $mark -p tcp --dport $port -j REDIRECT \
--to-port $GatewayPort
done
done

# Lock down more ports for public users, if specified. Port restrictions
# are not applied to co-op and owner class users.
#
# There are two philosophies in restricting access: That Which Is Not
# Specifically Permitted Is Denied, and That Which Is Not Specifically
# Denied Is Permitted.
#
# If "IncludePorts" is defined, the default policy will be to deny all
# traffic, and only allow the ports mentioned.
#
# If "ExcludePorts" is defined, the default policy will be to allow all
# traffic, except to the ports mentioned.
#
# If both are defined, ExcludePorts will be ignored, and the default policy
# will be to deny all traffic, allowing everything in IncludePorts, and
# issue a warning.
#
if [ "$IncludePorts" ]; then
if [ "$ExcludePorts" ]; then
echo "Warning: ExcludePorts and IncludePorts are both defined."
echo "Ignoring 'ExcludePorts'. Please check your nocat.conf."
fi

# Enable all ports in IncludePorts
for iface in $InternalDevice; do
for port in $IncludePorts; do
$ports -p tcp -i $iface --dport $port -m mark --mark 3 -j ACCEPT
$ports -p udp -i $iface --dport $port -m mark --mark 3 -j ACCEPT
done

# Always permit access to the GatewayPort (or we can't logout)
$ports -p tcp -i $iface --dport $GatewayPort -j ACCEPT
$ports -p udp -i $iface --dport $GatewayPort -j ACCEPT

# ...and disable access to the rest.
$ports -p tcp -i $iface -m mark --mark 3 -j DROP
$ports -p udp -i $iface -m mark --mark 3 -j DROP
done

elif [ "$ExcludePorts" ]; then
# If ExcludePorts has entries, simply deny access to them.
for iface in $InternalDevice; do
for port in $ExcludePorts; do
$ports -p tcp -i $iface --dport $port -m mark --mark 3 -j DROP
$ports -p udp -i $iface --dport $port -m mark --mark 3 -j DROP
done
done
fi

#
# Disable access on the external to GatewayPort from anything but the AuthServiceAddr
#
if [ "$AuthServiceAddr" ]; then
$fwd -i $ExternalDevice -s ! $AuthServiceAddr -p tcp --dport $GatewayPort -j DROP
fi

# Filter policy.
$fwd -j DROP

#
# Call the bandwidth throttle rules.
#
# Note: This feature is *highly* experimental.
#
# This functionality requires the 'tc' advanced router tool,
# part of the iproute2 package, available at:
# ftp://ftp.inr.ac.ru/ip-routing/
#
# To use bandwidth throttling, edit the upload and download
# bandwidth thresholds at the top of the throttle.fw file,
# and make throttle.fw executable. Try something like this:
#
# chmod +x throttle.fw
#
[ -x throttle.fw ] && throttle.fw

##
# Add any other local firewall rules below.
##
# iptables -t nat -I PREROUTING -s 10.254.0.22 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 22 -j DNAT --to-destination 10.254.0.22:22
iptables -t nat -A POSTROUTING -j MASQUERADE
##
# Uncomment the following to permit all 10/8 traffic *before* auth
#
AllowedNetworks="10.254.0.2/27

for net in $AllowedNetworks; do
iptables -t mangle -A PREROUTING -d $net -j MARK --set-mark 2
iptables -t filter -A FORWARD -s $net -j ACCEPT
done

#
# Ende
#

I just noticed I forgot the " behind the 27, when I changed that computers stopped seeing the log in page, but they also did not see the internet? I feel so close to having this up and running, but I am also considering scraping this and going directly with the IPtables and with what this guy did - http://www.andybev.com/index.php/Usi...captive_portal - What is your opinion?

Last edited by Tleepc; 07-06-2013 at 11:38 AM.
 
Old 07-09-2013, 11:58 AM   #6
MikeDeltaBrown
Member
 
Registered: Apr 2013
Location: Arlington, WA
Distribution: Slackware
Posts: 96

Rep: Reputation: 10
OK, some small progress.

Not having access to all of the firewall rules makes this a guess, but I would be suspicious of the line:
iptables -t nat -A POSTROUTING -j MASQUERADE
in the section just above the AllowedNetworks variable titled "# Add any other local firewall rules below."
Normally a "-j MASQUERADE" would include the outgoing interface. This rule will probably mess with the connection tracking table. I would comment it out. If that fixes the problem then I would delete it.

Also,the rule just above that line:
iptables -t nat -A PREROUTING -p tcp --dport 22 -j DNAT --to-destination 10.254.0.22:22
would redirect all ssh traffic, inbound or outbound, to your internal computer. Unless you're attempting to engage in a man-in-the-middle attack on your hotel guests, this line should be deleted or modified to include an input interface match such as this (assuming you want to access your network from outside):
iptables -t nat -A PREROUTING -p tcp -i $ExternalDevice --dport 22 -j DNAT --to-destination 10.254.0.22

One final thing, and this is just me nit-picking, but the AllowedNetworks="10.254.0.2/27" line would be more correct as:
AllowedNetworks="10.254.0.0/27" as 10.254.0.0 is the network address for the CIDR net-block. iptables figures it out and adds the correct rule, so not a big deal one way or the other. You can see iptables' interpretation with these commands:
iptables -L -nv | grep 10.254.0.0\/27
iptables -t mangle -L -nv | grep 10.254.0.0\/27

And since you asked.... my opinion is this:
Both of these solutions are using iptables and possess their own complications. Personally I wouldn't jump ship on a solution that is working and just needs a little tweaking. Of course, if there are other features that you want implemented, then by all means, go for it.

I would suggest getting a book on Linux firewalls to help you better understand iptables, firewalls, and routing. My favorite is: "Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT and l7-filter" by Packt Publishing. It has a bunch of examples from simple home firewalls to multi-city ISP networks.

Last edited by MikeDeltaBrown; 07-09-2013 at 12:01 PM.
 
1 members found this post helpful.
Old 07-09-2013, 03:53 PM   #7
Tleepc
LQ Newbie
 
Registered: Jul 2013
Posts: 7

Original Poster
Rep: Reputation: Disabled
ok, still no luck with this, Two things first-I really appreciate "nit-picking" as you put it, and Second- the route to the back computer was there so I could multitask I have followed your advice and removed everything for right now besides the actual no cat rules we are working with. its very odd, the rules seem to be allowing the bypass of the nocatsplash page but now it seems that when a client computer goes to the internet it keeps trying to redirect them and refresh the page. here is a copy of all the rules that I presently have in place I'm doing an iptablessave and giving you this.

# Generated by iptables-save v1.4.12 on Tue Jul 9 12:50:21 2013
*nat
:PREROUTING ACCEPT [1851:128911]
:INPUT ACCEPT [889:57962]
:OUTPUT ACCEPT [99:14241]
:POSTROUTING ACCEPT [99:14241]
:NoCat_Capture - [0:0]
:NoCat_NAT - [0:0]
:input - [0:0]
-A PREROUTING -j NoCat_Capture
-A POSTROUTING -j NoCat_NAT
-A NoCat_Capture -s 10.254.0.0/23 -d 74.125.28.99/32 -p tcp -m tcp --dport 80 -j RETURN
-A NoCat_Capture -s 10.254.0.0/23 -d 74.125.28.103/32 -p tcp -m tcp --dport 80 -j RETURN
-A NoCat_Capture -s 10.254.0.0/23 -d 74.125.28.106/32 -p tcp -m tcp --dport 80 -j RETURN
-A NoCat_Capture -s 10.254.0.0/23 -d 74.125.28.104/32 -p tcp -m tcp --dport 80 -j RETURN
-A NoCat_Capture -s 10.254.0.0/23 -d 74.125.28.105/32 -p tcp -m tcp --dport 80 -j RETURN
-A NoCat_Capture -s 10.254.0.0/23 -d 74.125.28.147/32 -p tcp -m tcp --dport 80 -j RETURN
-A NoCat_Capture -s 10.254.0.0/23 -d 74.125.28.147/32 -p tcp -m tcp --dport 443 -j RETURN
-A NoCat_Capture -s 10.254.0.0/23 -d 74.125.28.99/32 -p tcp -m tcp --dport 443 -j RETURN
-A NoCat_Capture -s 10.254.0.0/23 -d 74.125.28.105/32 -p tcp -m tcp --dport 443 -j RETURN
-A NoCat_Capture -s 10.254.0.0/23 -d 74.125.28.104/32 -p tcp -m tcp --dport 443 -j RETURN
-A NoCat_Capture -s 10.254.0.0/23 -d 74.125.28.106/32 -p tcp -m tcp --dport 443 -j RETURN
-A NoCat_Capture -s 10.254.0.0/23 -d 74.125.28.103/32 -p tcp -m tcp --dport 443 -j RETURN
-A NoCat_Capture -p tcp -m mark --mark 0x4 -m tcp --dport 80 -j REDIRECT --to-ports 5280
-A NoCat_Capture -p tcp -m mark --mark 0x4 -m tcp --dport 443 -j REDIRECT --to-ports 5280
-A NoCat_NAT -s 10.254.0.0/23 -o eth2 -m mark --mark 0x1 -j MASQUERADE
-A NoCat_NAT -s 10.254.0.0/23 -o eth2 -m mark --mark 0x2 -j MASQUERADE
-A NoCat_NAT -s 10.254.0.0/23 -o eth2 -m mark --mark 0x3 -j MASQUERADE
-A NoCat_NAT -s 10.254.0.0/23 -d 173.194.79.106/32 -p tcp -m tcp --dport 80 -j MASQUERADE
-A NoCat_NAT -s 10.254.0.0/23 -d 173.194.79.103/32 -p tcp -m tcp --dport 80 -j MASQUERADE
-A NoCat_NAT -s 10.254.0.0/23 -d 173.194.79.104/32 -p tcp -m tcp --dport 80 -j MASQUERADE
-A NoCat_NAT -s 10.254.0.0/23 -d 173.194.79.99/32 -p tcp -m tcp --dport 80 -j MASQUERADE
-A NoCat_NAT -s 10.254.0.0/23 -d 173.194.79.105/32 -p tcp -m tcp --dport 80 -j MASQUERADE
-A NoCat_NAT -s 10.254.0.0/23 -d 173.194.79.147/32 -p tcp -m tcp --dport 80 -j MASQUERADE
-A NoCat_NAT -s 10.254.0.0/23 -d 74.125.28.104/32 -p tcp -m tcp --dport 443 -j MASQUERADE
-A NoCat_NAT -s 10.254.0.0/23 -d 74.125.28.147/32 -p tcp -m tcp --dport 443 -j MASQUERADE
-A NoCat_NAT -s 10.254.0.0/23 -d 74.125.28.103/32 -p tcp -m tcp --dport 443 -j MASQUERADE
-A NoCat_NAT -s 10.254.0.0/23 -d 74.125.28.105/32 -p tcp -m tcp --dport 443 -j MASQUERADE
-A NoCat_NAT -s 10.254.0.0/23 -d 74.125.28.106/32 -p tcp -m tcp --dport 443 -j MASQUERADE
-A NoCat_NAT -s 10.254.0.0/23 -d 74.125.28.99/32 -p tcp -m tcp --dport 443 -j MASQUERADE
-A NoCat_NAT -s 10.254.0.0/23 -d 8.8.8.8/32 -p tcp -m tcp --dport 53 -j MASQUERADE
-A NoCat_NAT -s 10.254.0.0/23 -d 8.8.8.8/32 -p udp -m udp --dport 53 -j MASQUERADE
-A input -i eth3 -j ACCEPT
-A input -i lo -j ACCEPT
-A input -i eth2 -j ACCEPT
-A input -i eth3
COMMIT
# Completed on Tue Jul 9 12:50:21 2013
# Generated by iptables-save v1.4.12 on Tue Jul 9 12:50:21 2013
*filter
:INPUT ACCEPT [1064:85766]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [834:86296]
:NoCat - [0:0]
:NoCat_Inbound - [0:0]
:NoCat_Ports - [0:0]
-A INPUT -i eth2 -j LOG --log-prefix "BANDWIDTH_IN:" --log-level 7
-A FORWARD -o eth2 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7
-A FORWARD -i eth2 -j LOG --log-prefix "BANDWIDTH_IN:" --log-level 7
-A FORWARD -j NoCat
-A OUTPUT -o eth2 -j LOG --log-prefix "BANDWIDTH_OUT:" --log-level 7
-A NoCat -j NoCat_Ports
-A NoCat -j NoCat_Inbound
-A NoCat -s 10.254.0.0/23 -i eth3 -m mark --mark 0x1 -j ACCEPT
-A NoCat -s 10.254.0.0/23 -i eth3 -m mark --mark 0x2 -j ACCEPT
-A NoCat -s 10.254.0.0/23 -i eth3 -m mark --mark 0x3 -j ACCEPT
-A NoCat -s 10.254.0.0/23 -d 74.125.28.105/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A NoCat -s 10.254.0.0/23 -d 74.125.28.104/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A NoCat -s 10.254.0.0/23 -d 74.125.28.147/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A NoCat -s 10.254.0.0/23 -d 74.125.28.103/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A NoCat -s 10.254.0.0/23 -d 74.125.28.99/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A NoCat -s 10.254.0.0/23 -d 74.125.28.106/32 -p tcp -m tcp --dport 80 -j ACCEPT
-A NoCat -s 173.194.79.104/32 -d 10.254.0.0/23 -p tcp -m tcp --sport 80 -j ACCEPT
-A NoCat -s 173.194.79.99/32 -d 10.254.0.0/23 -p tcp -m tcp --sport 80 -j ACCEPT
-A NoCat -s 173.194.79.147/32 -d 10.254.0.0/23 -p tcp -m tcp --sport 80 -j ACCEPT
-A NoCat -s 173.194.79.105/32 -d 10.254.0.0/23 -p tcp -m tcp --sport 80 -j ACCEPT
-A NoCat -s 173.194.79.106/32 -d 10.254.0.0/23 -p tcp -m tcp --sport 80 -j ACCEPT
-A NoCat -s 173.194.79.103/32 -d 10.254.0.0/23 -p tcp -m tcp --sport 80 -j ACCEPT
-A NoCat -s 10.254.0.0/23 -d 173.194.79.99/32 -p tcp -m tcp --dport 443 -j ACCEPT
-A NoCat -s 10.254.0.0/23 -d 173.194.79.106/32 -p tcp -m tcp --dport 443 -j ACCEPT
-A NoCat -s 10.254.0.0/23 -d 173.194.79.104/32 -p tcp -m tcp --dport 443 -j ACCEPT
-A NoCat -s 10.254.0.0/23 -d 173.194.79.147/32 -p tcp -m tcp --dport 443 -j ACCEPT
-A NoCat -s 10.254.0.0/23 -d 173.194.79.105/32 -p tcp -m tcp --dport 443 -j ACCEPT
-A NoCat -s 10.254.0.0/23 -d 173.194.79.103/32 -p tcp -m tcp --dport 443 -j ACCEPT
-A NoCat -s 173.194.79.106/32 -d 10.254.0.0/23 -p tcp -m tcp --sport 443 -j ACCEPT
-A NoCat -s 173.194.79.103/32 -d 10.254.0.0/23 -p tcp -m tcp --sport 443 -j ACCEPT
-A NoCat -s 173.194.79.104/32 -d 10.254.0.0/23 -p tcp -m tcp --sport 443 -j ACCEPT
-A NoCat -s 173.194.79.99/32 -d 10.254.0.0/23 -p tcp -m tcp --sport 443 -j ACCEPT
-A NoCat -s 173.194.79.105/32 -d 10.254.0.0/23 -p tcp -m tcp --sport 443 -j ACCEPT
-A NoCat -s 173.194.79.147/32 -d 10.254.0.0/23 -p tcp -m tcp --sport 443 -j ACCEPT
-A NoCat -s 8.8.8.8/32 -d 10.254.0.0/23 -o eth3 -j ACCEPT
-A NoCat -s 10.254.0.0/23 -d 8.8.8.8/32 -i eth3 -p tcp -m tcp --dport 53 -j ACCEPT
-A NoCat -s 10.254.0.0/23 -d 8.8.8.8/32 -i eth3 -p udp -m udp --dport 53 -j ACCEPT
-A NoCat -j DROP
-A NoCat_Inbound -d 10.254.0.16/32 -j ACCEPT
-A NoCat_Inbound -d 10.254.1.99/32 -j ACCEPT
-A NoCat_Inbound -d 10.254.1.99/32 -j ACCEPT
-A NoCat_Inbound -d 10.254.1.26/32 -j ACCEPT
-A NoCat_Ports -i eth3 -p tcp -m tcp --dport 25 -m mark --mark 0x3 -j DROP
-A NoCat_Ports -i eth3 -p udp -m udp --dport 25 -m mark --mark 0x3 -j DROP
COMMIT
# Completed on Tue Jul 9 12:50:21 2013
# Generated by iptables-save v1.4.12 on Tue Jul 9 12:50:21 2013
*mangle
:PREROUTING ACCEPT [3661:1346719]
:INPUT ACCEPT [1064:85766]
:FORWARD ACCEPT [2585:1260285]
:OUTPUT ACCEPT [834:86296]
:POSTROUTING ACCEPT [3282:1338254]
:NoCat - [0:0]
-A PREROUTING -j NoCat
-A NoCat -i eth3 -j MARK --set-xmark 0x4/0xffffffff
-A NoCat -s 10.254.0.16/32 -m mac --mac-source 84:8F:69:AA:B8:88 -j MARK --set-xmark 0x3/0xffffffff
-A NoCat -s 10.254.1.99/32 -m mac --mac-source 04:7D:7B:73:15:E3 -j MARK --set-xmark 0x3/0xffffffff
-A NoCat -s 10.254.1.99/32 -m mac --mac-source 04:7D:7B:73:15:E3 -j MARK --set-xmark 0x3/0xffffffff
-A NoCat -s 10.254.1.26/32 -m mac --mac-source B0:48:7A0:93:C1 -j MARK --set-xmark 0x3/0xffffffff
COMMIT
# Completed on Tue Jul 9 12:50:21 2013

Last edited by Tleepc; 07-09-2013 at 10:26 PM.
 
Old 07-09-2013, 03:58 PM   #8
Tleepc
LQ Newbie
 
Registered: Jul 2013
Posts: 7

Original Poster
Rep: Reputation: Disabled
And thank you for the suggestions on the books.
 
Old 07-14-2013, 12:48 PM   #9
MikeDeltaBrown
Member
 
Registered: Apr 2013
Location: Arlington, WA
Distribution: Slackware
Posts: 96

Rep: Reputation: 10
I'm not seeing the two lines being added to the iptables rules... and I also don't think the NoCatAuth config will work correctly with your NoCatSplash. Try the following lines, which are only slightly modified from before, and remove the previously suggested lines from initialize.fw.
Try adding these by hand:
iptables -t mangle -A NoCat -s 10.254.0.0/27 -j MARK --set-mark 2
iptables -t filter -A NoCat_Inbound -d 10.254.0.0/27 -j ACCEPT

If these work than you can add them to initialize.fw where the other ones went. I would double check to make sure the path is correct ( you previously listed /usr/local/nocat/bin/initialize.fw ). Since the other rules weren't added, I'm suspicious that the path may be wrong. Do you know how NoCat is started; from /etc/rc.local (or /etc/rc.d/rc.local) or an init.d script? If you can find how it's started you will be able to verify the path.
 
1 members found this post helpful.
Old 07-15-2013, 09:08 PM   #10
Tleepc
LQ Newbie
 
Registered: Jul 2013
Posts: 7

Original Poster
Rep: Reputation: Disabled
Ok little by little this is all coming back to me, when I first implemented this I did use nocat auth, I managed to manipulate it to make it work for my needs. Everything is pointing to the right spot, However, until recently I just left it all alone cause it was working. Still is actually just not the way I want it to. the nocat.conf points to the /usr/locat/nocat/bin/initialize.fw. however you are right in concluding its not inputting the tables on a reboot. Its strange cause when I edit the file it creates the temp file initialize.fw~ and its not removing it. I wonder if that could be causing some of the issues. I manually remove it. I am going to try the two tables that you suggested, tonight. In the mean time. Is there anything I can get additional for you that you might be able to help trouble shoot this? I am at a loss, cause it "SHOULD" work.... but how do you ever learn if you don't have things that don't work and try to figure it out. By the way, I had thought the same thing you did about the lines not getting added. I wonder if I manually have to implement the adjustment in the Initialize.fw file when I change them? What do you think. TLEE Out

This is what listed in the /usr/local/nocat/bin folder:

:/usr/local/nocat/bin$ ls
access.fw admintool clear.fw detect-fw.sh dump.fw gateway initialize.fw iptables reset.fw throttle.fw vtun.sh
:/usr/local/nocat/bin$

And here is a copy of the nocat.conf file
###### gateway.conf -- NoCatAuth Gateway Configuration.
#
# Format of this file is: <Directive> <Value>, one per
# line. Trailing and leading whitespace is ignored. Any
# line beginning with a punctuation character is assumed to
# be a comment.

###### General settings.
#
# See the bottom of this file for options for logging to syslog.
#
# Log verbosity -- 0 is (almost) no logging. 10 is log
# everything. 5 is probably a safe middle road.
#
Verbosity 10

##### Gateway application settings.
#
# GatewayName -- The name of this gateway, to be optionally displayed
# on the splash and status pages. Any short string of text will do.
#
GatewayName Spokane Airport Ramada

##
#
# GatewayMode -- Determines the mode of operation of the gateway. Possible
# values are:
#
# Captive - Allow authentication against an auth service. LEGACY.
# Passive - Like Captive, but YOU MUST USE THIS if your gateway
# is behind a NAT. Will work anyway if not. *RECOMMENDED*.
# Open - Simply require a user to view a splash page and accept
# a use agreement.
#
# If Captive or Passive Mode is set, you will need to have values set for
# AuthServiceAddr, AuthServiceURL, and LogoutURL. You will want to leave a
# short value for LoginTimeout (probably <600).
#
# If Open Mode is set, you will need to have values set for SplashForm,
# HomePage, and possibly DocumentRoot (or provide an absolute path for
# SplashForm). Also, you will want to set a large value for LoginTimeout
# (probably >3600).
#
GatewayMode Open

##
# GatewayLog -- Optional. If unset, messages will go to STDERR.
#
GatewayLog /usr/local/nocat/nocat.log

##
# LoginTimeout - Number of seconds after a client's last
# login/renewal to terminate their connection. Probably
# don't want to set this to less than 60 or a lot of
# bandwidth is likely to get consumed by the client's
# renewal attempts. Defaults to 300 seconds.
#
# For Captive Mode, you want to set this to something
# fairly short (like 10 minutes) to prevent connection
# spoofing.
#
#LoginTimeout 3600

# For Open Mode portals, you probably want to comment out
# the preceding and set LoginTimeout to
# something large (like 86400, for one notification
# per day).
#
LoginTimeout 86400

###### Open Portal settings.
#
##
# HomePage -- The authservice's notion of a default
# redirect.
#
HomePage 10.254.0.1

# DocumentRoot -- Where all of the application templates (including
# SplashPage) are hiding. Can be different from Apache's DocumentRoot.
#
DocumentRoot /usr/local/nocat/htdocs

# SplashForm -- Form displayed to users on capture.
#
SplashForm splash.html

# StatusForm -- Page displaying status of logged in users.
#
StatusForm status.html


###### Active/Passive Portal settings.
#
##
# TrustedGroups - A list of groups registered with the auth server
# that a user may claim membership in order to gain Member-class
# access through this portal. The default magic value "Any" indicates
# that a member of *any* group is granted member-class access from
# this gateway.
#
# TrustedGroups NoCat NYCWireless PersonalTelco
#
#TrustedGroups Any

##
# Owners - Optional. List all local "owner" class users here, separated
# by spaces. Owners typically get full bandwidth, and unrestricted
# access to all network resources.
#
# Owners rob@nocat.net schuyler@nocat.net

##
# AuthServiceAddr - Required, for captive mode. Must be set to the address of
# your authentication service. You must use an IP address
# if DNS resolution isn't available at gateway startup.
#
# AuthServiceAddr 208.201.239.21
#
#AuthServiceAddr auth.nocat.net

##
# AuthServiceURL - HTTPS URL to the login script at the authservice.
#
#AuthServiceURL https://$AuthServiceAddr/cgi-bin/login

##
# LogoutURL - HTTP URL to redirect user after logout.
#
#LogoutURL https://$AuthServiceAddr/logout.html

### Network Topology
#
# ExternalDevice - Required if and only if NoCatAuth can't figure it out
# from looking at your routing tables and picking the interface
# that carries the default route. Must be set to the interface
# connected to the Internet. Usually 'eth0' or 'eth1'
# under Linux, or maybe even 'ppp0' if you're running
# PPP or PPPoE.
#
ExternalDevice eth2

##
# InternalDevice - Required if and only if you have ethernet devices
# on your gateway besides your wireless device and your 'Net connection.
# Must be set to the interface connected to your local network, normally
# your wireless card. In Linux, some wireless devices are named 'wvlan0'
# or 'wlan0' rather than 'ethX'.
#
InternalDevice eth3

##
# LocalNetwork - Required if and only if NoCatAuth can't figure out
# the network address of your local (probably wireless) network,
# given your InternalDevice(s). Must be set to the network
# address and net mask of your internal network. You
# can use the number of bits in the netmask (e.g. /16, /24, etc.)
# or the full x.x.x.x specification.
#
LocalNetwork 10.254.0.0/23

##
# DNSAddr - Optional. *If* you choose not to run DNS on your internal network,
# specify the address(es) of one or more domain name server on the Internet
# that wireless clients can use to get out. Should be the same DNS that your
# DHCP server hands out. If left blank, NoCatAuth will presume that you
# want to use whatever nameservers are listed in /etc/resolv.conf.
#
DNSAddr 8.8.8.8
DNSAddr 8.8.8.8

##
# AllowedWebHosts - Optional. List any domains that you would like to
# allow web access (TCP port 80 and 443) BEFORE logging in (this is the
# pre-'skip' stage, so be careful about what you allow.)
#
AllowedWebHosts www.google.com

##
# RouteOnly - Required only if you DO NOT want your gateway to act as a NAT.
# Uncomment this only if you're running a strictly routed network, and
# don't need the gateway to enable NAT for you.
#
# RouteOnly 1

##
# IgnoreMAC - Set this if and only if the NoCat gateway isn't directly
# connected (or bridged at Layer 2) to your internal (usually wireless)
# network. In that event, the gateway won't be able to match clients based
# on MAC address, and will fall back to using IPs only. This is
# theoretically less secure, as IP addresses are usually easier to spoof
# than MAC addresses, so don't use this unless you know what you're doing.
#
# IgnoreMAC 1

##
# MembersOnly - Optional. Uncomment this if you want to disable public
# access (i.e. unauthenticated 'skip' button access). You'll also want to
# point AuthServiceURL somewhere that doesn't include a skip button (like
# at your own Auth server.)
#
# MembersOnly 1

##
# IncludePorts - Optional. Specify TCP ports to allow access to when
# public class users login. All others will be denied.
#
# For a list of common services and their respective port numbers, see
# your /etc/services file. Depending on your firewall, you might even
# be able to specify said services here, instead of using port numbers.
#
# IncludePorts 22 80 443

##
# ExcludePorts - Optional. Specify TCP ports to denied access to when
# public class users login. All others will be allowed.
#
# Note that you should use either IncludePorts or ExcludePorts, but not
# both. If neither is specified, access is granted to all ports to
# public class users.
#
# You should *always* exclude port 25, unless you want to run an portal
# for wanton spam sending. Users should have their own way of sending
# mail. It sucks, but that's the way it is. Comment this out *only if*
# you're using IncludePorts instead.
#
# ExcludePorts 23 25 111
#
ExcludePorts 25

####### Syslog Options -- alter these only if you want NoCat to log to the
# system log!
#
# Log Facility - syslog or internal. Internal sends log messages
# using the GatewayLog or STDERR if GatewayLog is unset. Syslog
# sends all messages to the system log.
#
# LogFacility internal

##
# SyslogSocket - inet or unix. Inet connects to an inet socket returned
# by getsrvbyname(). Unix connects to a unix domain socket returned by
# _PATH_LOG in syslog.ph (typically /dev/log). Defaults to unix.
#
# SyslogSocket unix

##
# SyslogOptions - Zero or more of the words pid, ndelay, cons, nowait
# Defaults to "cons,pid".
#
# SyslogOptions cons,pid

##
# SyslogPriority - The syslog class of message to use: In decreasing importance,
# the typical priorities are EMERG, ALERT, CRIT, ERR, WARNING, NOTICE, INFO,
# and DEBUG. Defaults to INFO.
#
# SyslogPriority INFO

##
# SyslogFacility - The facility used to log messages. Defaults to user.
# SyslogFacility user

##
# SyslogIdent - The ident of the program that is calling syslog. This will
# be prepended to every log entry made by NoCat. Defaults to NoCat.
#
# SyslogIdent NoCat

###### Other Common Gateway Options. (stuff you probably won't have to change)
#
# ResetCmd, PermitCmd, DenyCmd -- Shell commands to reset,
# open and close the firewall. You probably don't need to
# change these.
#
# ResetCmd initialize.fw
# PermitCmd access.fw permit $MAC $IP $Class
# DenyCmd access.fw deny $MAC $IP $Class

##
# GatewayPort - The TCP port to bind the gateway
# service to. 5280 is de-facto standard for NoCatAuth.
# Change this only if you absolutely need to.
#
# GatewayPort 5280

##
# PGPKeyPath -- The directory in which PGP keys are stored.
# NoCat tries to find this in the pgp/ directory above
# the bin/ parent directory. Set this only if you put it
# somewhere that NoCat doesn't expect.
#
# PGPKeyPath /usr/local/nocat/pgp

##
# MessageVerify -- Shell command to verify a PGP signed
# message. The actual message is delivered to the
# command's standard input. NoCat tries to find gpg
# and gpgv in your path. Set these only if you need to find
# them elsewhere.
#
# GpgvPath /usr/bin/gpgv
#
# MessageVerify $GpgvPath --homedir=$PGPKeyPath 2>/dev/null

##
#
# IdleTimeout -- How often to check the ARP cache, in seconds,
# for expiration of idle clients.
#
# MaxMissedARP -- How many times a client can be missing from
# the ARP cache before we assume they've gone away, and log them
# out. Set to 0 to disable logout based on ARP cache expiration.
#
# MaxMissedARP 2
#
# IdleTimeout 300

### Fin!
SyslogSocket unix
SyslogPriority INFO
SyslogOptions pid,cons
LogFacility internal



started from /etc/rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
/usr/local/nocat/bin/./gateway
exit 0
 
Old 07-16-2013, 11:41 AM   #11
Tleepc
LQ Newbie
 
Registered: Jul 2013
Posts: 7

Original Poster
Rep: Reputation: Disabled
THANK YOU, The strings you gave me worked. I can not thank you enough. I have inputted this into the initialize.fw, I will watch to see if this works. If not, because of how I did this, I will create script to add them. but I would consider this solved. This was such headache, thank you again.

I want you to know I did get the book, and I am reading it you have been a huge help in this.

Last edited by Tleepc; 07-16-2013 at 11:43 AM.
 
Old 07-17-2013, 03:03 AM   #12
MikeDeltaBrown
Member
 
Registered: Apr 2013
Location: Arlington, WA
Distribution: Slackware
Posts: 96

Rep: Reputation: 10
Glad to hear it worked for you. Enjoy the book!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
multiple port forwards with same router ipaddress mlnm Linux - Newbie 1 08-09-2011 07:01 PM
Routing issues with Wireless Router to Linux Server with NoCatSplash jclj Linux - Networking 2 01-19-2010 08:09 AM
Finding your computer ipaddress sridhar11 *BSD 2 11-02-2005 04:54 PM
Finding your computer ipaddress sridhar11 Linux - Software 3 11-01-2005 01:05 PM
Finding your computer ipaddress sridhar11 Debian 1 10-31-2005 12:21 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration