Iptables configuration examples

Posted on October 9, 2012 by BackTrack

As Linux systems become popular, it may be used as gateway in small networks.
This is the case when iptables – standard Linux firewall will come in handy.

You can easily set up simple NAT-ed network with few simple command lines.

Basic syntax: iptables -t *table* *command*

Parameters:
-L – list rules
-F – flush all rules
-A – add rule
ex: iptables -t *table* -A *chain* *rule*
-D – delete rule

For example: iptables -t *table* -D *chain* *rule number*

To make current ruleset persistent, run:

[code]
/etc/init.d/iptables save
[/code]

So let’s imagine we have a simple netork (at home), with a Linux host, Internet gateway (cable modem or similar) and a PC host (running Windows for example).

Continue reading →

Tags: iptablesPosted by BackTrack in Linux, Networking on October 9, 2012

Adding new admin user to CheckPoint Gaia with expert permissions

Posted on October 1, 2012 by BackTrack

To add a new administrator user account with “expert” prompt add following lines to configuration in the CLI shell:

[code]
add user NEWUSER uid 0 homedir /home/NEWUSER
set user NEWUSER gid 100 shell /bin/bash
set user NEWUSER password-hash $1$************ / OR / set user NEWUSER password
add rba user NEWUSER roles adminRole
[/code]

Replase NEWUSER with new administrator’s login name.

This new account will login in “expert” shell and will not need to type additional password.
To access Gaia’s CLI shell user will need to execute /bin/clish

Tags: checkpointPosted by BackTrack in Networking on October 1, 2012

4 Replies

Enable SNMP monitoring in CheckPoint

Posted on July 3, 2012 by BackTrack

Step 1. Turning on SNMP extension
(to enable extended CP MIBS – http://www.oidview.com/mibs/2620/CHECKPOINT-MIB.html)
[code]cpconfig

Configuration Options:
———————-
…
(2) SNMP Extension
…

[/code]
Press the corresponding number to access SNMP extension configuration. In our case it is – “2”.
[code]Configuring SNMP Extension…
=============================
The SNMP daemon enables Check Point products module
to export its status to external network management tools.
Would you like to enable Check Point products SNMP daemon ? (y/n) [y] ?
[/code]
Press “y” or [Enter] key to enable the SNMP extension.[/code]
[code]Thank You…
You have changed Check Point products Configuration.
You need to restart ALL Check Point modules (performing cpstop & cpstart)
in order to activate the changes you have made.
Would you like to do it now? (y/n) [y] ?
[/code]
Press “y” or [Enter] key again to apply the changes.

2. Configuring SNMP users

[code]snmp user add authuser USER pass PASSWORD1 priv PASSWORD2
service snmpd restart
[/code]

3. Adding SNMPd to automatic startup sequence
[code]
chkconfig snmpd on
[/code]

Source: http://www.checkpoint.com/techsupport/downloads/docs/firewall1/r54/SNMP_Add-on_Manual.pdf

Tags: checkpoint, snmpPosted by BackTrack in Networking on July 3, 2012

Junos Pulse VPN client install issue – roll back

Posted on June 17, 2012 by BackTrack

If you have many VPN clients (or network filters) installed on your system, Junos Pulse install may fail due to low maxfilters value in registry. Install hangs for some time and then rolls back.
If rollback is interrupted, or if install is triggered by web-installer it results is non-working VPN client with empty connection window.
This means that necessary services to run the clinet are missing – only UI files are installed.

To resolve the issue, you need to edit the Windows Registry key:
[code]HKLM/SYSTEM/CurrentControlSet/Control/Network/MaxNumFilters[/code]

This value defines the maximum number of network filter drivers allowed on the computer.

Try to change this value to 14 (maximum value), and the Junos Pulse install should finish successfully.

Source: http://forums.juniper.net/t5/SSL-VPN/Junos-Pulse-empty-window-Win-7-64-bit/td-p/96592/page/3

Tags: juniper, vpn clientPosted by BackTrack in Networking on June 17, 2012

55 Replies

Cisco VPN client and 3G modems

Posted on June 17, 2012 by BackTrack

Cisco VPN client is not working with 3G modems out of the box on Windows 7. The VPN will come up, but no traffic will pass throught the tunnel.
The release notes for Cisco VPN Client 5 state: The VPN Client on Windows 7 does not support WWAN devices (also called wireless data cards).

To fix the problem you will need to update your DNE component:

For 32-bit OS: ftp://files.citrix.com/dneupdate.msi
For 64-bit OS: ftp://files.citrix.com/dneupdate64.msi

After a restart VPN will work fine.

Source: https://supportforums.cisco.com/thread/2017102

Tags: cisco, vpn clientPosted by BackTrack in Networking on June 17, 2012