| View previous topic :: View next topic |
| Author |
Message |
orvtech
Tux's lil' helper
Joined: 28 Aug 2004
Posts: 115
Location: US. Florida
|
 Posted: Thu Nov 29, 2007 9:43 pm Post subject: Create Firewall with Netcat ? |
 |
|
OK so i bought a Dlink DSM-G600 and installed gentoo on it, i allready have one embeded system running gentoo in http://www.orvtech.com which is running on a Linksys NSLU2.
for my surprice there are no kernel modules available (Precompiled) for the dlink and i have no time to start creating a cross-complile environment + compiling kernel, toolchain etc.... so i am not able to install iptables on the DSM-G600
i have been bloking ips using route by redireting the trafic of attackers to a non existing ip but i feel that i need a bit more granularity here. i would like to be able to allow access to for example port 80 allways to any host but deny other ports to some hosts (not all).
is this possible with netcat ? any pointers on how to do this?
better yet. i have a list of more than 3k ips that i want to redirect to antoher port if they request port 80 (you can see the list here http://www.noolvidaremos.com:8888/index.html) i was doing it with .htaccess but after it grew more than 300 ips it became slow to answer requests. cant this filtering be done with netcat or it i will se the same slowness performance on it ?
please take in consideration that the system is:
CPU: 170 MHz Freescale MPC8241 with MPC603e Motorola PowerPC core
RAM: 32 MB ESMT M12L128168A
LAN: 10/100/1000Mb IC Plus IP1000A
WIFI: 2.4GHz 54Mbps Ralink RT2560 miniPCI
Stock kernel: Linux-2.4.21-pre4
_________________
http://orvtech.com
http://www.linuxevolution.org |
|
| Back to top |
|
 |
RobinVossen
Tux's lil' helper
Joined: 05 Nov 2007
Posts: 132
|
| Posted: Fri Nov 30, 2007 3:40 pm Post subject: |
|
|
Yea you can do this with NetCat.
I think you want to have advanced stuff like Iptables?
Its not that hard. Just lots of Work and Instable. Since after every connection it has to be restarted (but a never ending loop can fix that)
First you need to do mkfifo.
Then tunnel all the Traffic to that fifo.
Then you can do some Checking on it. Eg syn flag or destination. and then you tunnel it back to another netcat that sends.
You can also include Encryption with it with socat or cryptcat and then put a another cat to lisern just before your box. You can do this to prevent Network sniffing.
I hope I helped you some.
If I didnt just tell me and I might be able to help you further.. 
_________________
Server Unplugged! |
|
| Back to top |
|
|
orvtech
Tux's lil' helper
Joined: 28 Aug 2004
Posts: 115
Location: US. Florida
|
| Posted: Fri Nov 30, 2007 4:17 pm Post subject: |
|
|
| RobinVossen wrote: | Yea you can do this with NetCat.
I think you want to have advanced stuff like Iptables?
Its not that hard. Just lots of Work and Instable. Since after every connection it has to be restarted (but a never ending loop can fix that)
First you need to do mkfifo.
Then tunnel all the Traffic to that fifo.
Then you can do some Checking on it. Eg syn flag or destination. and then you tunnel it back to another netcat that sends.
You can also include Encryption with it with socat or cryptcat and then put a another cat to lisern just before your box. You can do this to prevent Network sniffing.
I hope I helped you some.
If I didnt just tell me and I might be able to help you further.. |
thanks. will this be too much load for my 170MHz 32Mb Ram system ?
_________________
http://orvtech.com
http://www.linuxevolution.org |
|
| Back to top |
|
|
RobinVossen
Tux's lil' helper
Joined: 05 Nov 2007
Posts: 132
|
| Posted: Fri Nov 30, 2007 5:30 pm Post subject: |
|
|
If you wont run anything else it will be fine
(like no X11)
_________________
Server Unplugged! |
|
| Back to top |
|
|
|
Networking & Security
