Getting DDWRT to play nice with Zeroshell

Posted in Networking, Unix on November 9, 2009 by lucywitdiam0nds

So I borked a bridge on my zeroshell router tonight, and I had to re-do it. I figured this guide would be useful for anyone who has a wrt54g (or any other ) that’s crapping out, and want to replace it with something unix based, or just for people who are trying to configure Zeroshell for the first time.

I’ve got ideas to expand this article, so check back in a few days and it should be fully finished :)

This is my network infrastructure.

topology

Click for a bigger picture (small formatting space :( )

So now you see exactly what it is I want to do. I had everything running off of my DDWRT on my WRG54G, but my roommates and I use quite a bit of bandwidth and with 8 mb on onboard memory, needless to say it was the equivalent of a one armed retard trying to take on an army of ninjas, even with overclocking enabled.

I’d been looking for a computer to turn into a router for a while, and I finally found one at work last week :)

So I grabbed a copy of zeroshell, and started it up and I was greeted by the main screen. It sets a static IP on eth00 (their naming convention is a bit wonky) to 192.168.0.75, so I plugged into it with my main ethernet port, and set a static ip to the same subnet (google it if you don’t know how).

When I could finally connect I was greeted by the sign I page (of course after the SCARY self signed cert warning)

login

Default U:P == admin:zeroshell

Time to create a new profile, on the top bar, there is a ‘profiles’ tab. Its a good place to start so we can actually save all our settings :)

In this case, there was a WIN95 formatted drive in there, which zeroshell couldn’t read. What I ended up doing I just plugged it into an ide reader and formatted it, which worked fine.

Either way after creating a new database with all of my info, including hostname, Kerberos, and LDAP stuff.

profile

Now in the ‘Network’ tab we need to set our IP addresses. The dynamic IP won’t stick until theres actually an address to get, so I just set the static IP to 10.0.0.1

It was at this point that I realized that I needed to disable all DHCP/routing functionality on my DDWRT

Logging in I had to change a few things

  • WAN Connection type = disabled
  • Local IP address = 10.0.0.2/24
  • Assign WAN port to swtich
  • DHCP Fowarder (as opposed to server) – followed by the ip of the dhcp server

ddwrtsettings

Since I wasn’t going to be changing anything on my wireless side (I still wanted to use the AP functionality of my DDWRT) there was no need to fiddle with any of those settings.

Finally all we have to do is disable routing. Go to the administration tab and at the bottom hit the Routing button to disable.

routeingdisable

Now we can actually put our machine into place, but you may want to enable the dhcp server first (or you have to assign yourself a static address):

On the left in the ‘network’ subsection theres a DHCP link, after you click it you need to create a new subnet. Choose the proper interface to broadcast on (eth00 in my case) and set the dhcp pool specifications. I did 10.0.0.10-10.0.0.25 and put in OpenDNS for my primary and secondary DNS.

DHCPNow you want to get a dynamic address for your ‘outside’ interface (eth01 in my case)

Dynamic

Now we need to click on the Router section, and click the NAT tab, so we can route between interfaces properly.

NATThats about it as far as what needs to happen to get routing, DHCP, and dns properly set up so you can now do pretty much anything you want.

The important lesson here? Before you start messing with things that could break the world, which in turn causes you to mess up your hard drive containing your configuration, BACKUP YOUR CONFIGURATION. Do it now. Seriously. Although I wouldn’t have written this article if I would’ve done that now would I :)

I apologize for the crappy formatting. I just started this thing, so I’m still trying to find a theme that supports the architecture of my writing, and still looks good.

Like I said, tomorrow I’ll put in my OpenVPN how-to on the end of this article, as it can be a bit complicated if you don’t know anything about certificates.

After that I’ll be putting in how to get NAT working properly, as it can be a bit weird. Took me a while to figure out anyway.

dwight

Identity theft is not a joke, Jim!

EDIT: So instead of putting the VPN & NAT stuff down here, I’m going to just do another post about it, tie them both together and make a page for it.

Hope you enjoy it!

Milw0rm…I miss you!

Posted in Random on November 8, 2009 by lucywitdiam0nds

milw0rm-wi

Le sigh. That is all I have to say about milw0rm being down for so long. I mean obviously I don’t really use it for exploits, as there really aren’t any viable ones (good in a crunch though if you DO find an unpatched system though) after patching and such, but I miss reading about the ones that they DO have.
I mean come on, this was like the first security-oriented website I REALLY started reading, and that was all because of a bookmark toolbar enclosed with backtrack 3 (or was it 2?).

At least I still have darkc0de.com, a great security oriented forum with programatic POC’s that are very helpful for learning both optimized coding and how many security exploits are actually written.

For me security is something that has fascinated me from the start. To me theres nothing better than finding a failure in a system that can be leveraged to do something proactive and offensive. Not offensive in the malicious sense per say, but failures are generally considered a shortcoming, something that the system is lacking. The ability to transmute this failure into something that accomplishes another task is damn near like alchemy.

I make no claim to be an expert in any sense. I am a student, and I always will be. I break things, but that is a natural path to take when trying to become intimately familiar with a system of any sort. I am just curious, and while this has gotten me in to trouble in the past, id rather have my curiosity then be oblivious to anything security related, because that is how bad administrators are made.

You can make any system secure enough that it isn’t worth a hackers time. That is the number one thing, even if your good, you need all the information before you can even remotely evaluate the most vulnerable spot. While its true in some sense that any system can be compromised given enough time, that also assumes that the system is static in nature. As computing grows more and more powerful, it also gets more dynamic. People are starting to write software with security in mind, and while there will always be bad sys admins and bad programmers failing miserably, we are seeing our world transition from a hacked together system full of bugs to a beautifully built juggernaut of entropy. All security is security by obscurity, but we’re talking about trying to find a needle, buried a mile in the earths crust, from a different galaxy.

On a different note, its getting way to dark way to quick. Its 6:00 and its pretty much black. An average day for me starts at 2:00, so needless to say I’m not going to be getting much sunlight so far up here. This is the part that kills me about being up here. It’s cold, lonely, and boring. Don’t get me wrong. I love cold weather and snow, but when it’s too cold for me to go snowboarding (one of the ONLY ways I can relieve stress up here), thats where I draw the line.

My freshmen year up here, we had 1 snow day, and thats all I’ve seen in the past 3 years. It got down to -35, and nobody’s car would start :-P

I have a feeling I’m going to be writing a lot more articles this winter.

Mini-logo

Bash-shortcuts

Posted in Unix on November 8, 2009 by lucywitdiam0nds

I have just finished my preliminary summary of the crap written on my wall! I hope it helps whomever is reading this!

 

https://talesofacoldadmin.wordpress.com/bash-shortcuts/

 

The begining words

Posted in Random, Unix, Windows on November 7, 2009 by lucywitdiam0nds

Hello cyberspace.

I peruse you as a (big) part of my daily life, and for a time now I’ve wanted a place to rant and rave about the ongoing plethora of computer nerdom that I’m exposed to on a daily basis.

I will use this space to retroactively delve into my prior projects/jobs and a place to divulge what I find in the future. I feel as though this is a bit overdue, as I’ve got lots of things rattling around in my brain and no where to properly put them.

My true niche is security, both in the cyber-world as well as the physical world. I like dealing with the failures of  systems and the like, especially when the system was designed explicitly *not* to fail.

As I sit here contemplating on what I could write about a world of possibilities are opening up. Some of my posts might hold some music-related things, although I’m not sure about that. I’m a lot more knowledgeable about computers than I am about music.

There are many many things that I will write about, although i’m not sure how much time I will have to do it. I work a lot, and a lot of my job is pretty much all the time.

I’m a bit new to wordpress, so I’m going to use this post to get acclimated with the tools as well.

BOLD

Italic

Strikethrough

  • Hey look!
  • I found some bullets :)
  1. I think I also found
  2. Some numbers :)

Blockquotes? I have a feeling I know what this does, but I could be wrong

 

Randal Graves

This is Randal, he is a slacker