Bip IRC ïðîêñè/áàóíñåð & FakeIdent äåìîí

[theMIROn]

Î÷åíü íóæåí áûë ïðîñòåíüêèé BNC äëÿ èðö è èäåíò ñåðâåð äëÿ áûñòðîãî âõîäà

Bip is an IRC proxy (ïðîêñè áàóíñåð)
bip_0.7.5 from the public repository http://bip.t1r.net/bip.git
http://bip.t1r.net/
Ðåïîçèòîðèé http://ipkg.nslu2-linux.org/feeds/op...g/cross/stable

This program is standalone 'fake' ident daemon
fakeidentd_2.5
Ðåïîçèòîðèé http://wl500g.googlecode.com/svn/ipkg/optware

Äëÿ äîñòóïà èç-âíå, íå çàáûâàåì ñîçäàòü ïðàâèëà ôàéðâîëà â /usr/local/sbin/post-firewall

Code:

#!/bin/sh
# set default input rule
iptables -P INPUT DROP
# remove last default rule 
iptables -D INPUT -j DROP
# allow ident access from wan & lan
iptables -A INPUT -p tcp -m tcp --dport 113 -j ACCEPT
# allow irc proxy access from wan & lan
iptables -A INPUT -p tcp -m tcp --dport 7778 -j ACCEPT

ãäå 7778 - òîò æå ïîðò, êîòîðûé íàñòðîåí â bip.conf

[4elo]

Ñòîèò ïðîøèâêà îò Îëåãà, ñìîíòèðîâàë OS íà ôëåøêó, ÷òîáû ìîæíî áûëî óñòàíàâëèâàòü íå òîëüêî "îôèöèàëüíûå" ïàêåòû.

Ïîïðîáûâàë óñòàíîâèòü oidentd - íå ïàøåò, âñ¸ ðàâíî â ìèðêå òèëüäà ïåðåä èìåíåì.

Åñëè ó êîãî åñòü how-òî ïî oidentd àëü äðóãîé workaround áûë áû î÷åíü ïðèçíàòåëåí çà îòâåò.

Ñ óâàæåíèåì
4elo

[theMIROn]

Äâà âàðèàíòà:

1. Óñòàíàâëèâàåøü fakeidentd èç http://wl500g.info/showthread.php?t=16949 è ïðîïèñûâàåøü â post-firewall

Code:

# set default input rule
iptables -P INPUT DROP
# remove last default rule
iptables -D INPUT -j DROP
# accept ident access from wan & lan
iptables -A INPUT -p tcp -m tcp --dport 113 -j ACCEPT

2. Ïðîñòî çàêðûâàåøü ïîðò èäåíòà

Code:

# set default input rule
iptables -P INPUT DROP
# remove last default rule
iptables -D INPUT -j DROP
# reject ident access from wan & lan
iptables -A INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with tcp-reset

È òî è äðóãîå ïðèâåäåò ê áûñòðîé ïðîâåðêå èäåíòà irc ñåðâåðàìè

[4elo]

Ñïàñèáî îãðîìíîå çà îòâåò, íî ãäå-òî çàòûê - íåò èäåé?
Ñäåëàë êàê â ïåðâîì âàðèàíòå ñ fakeidentd, ïîñòàâèëîñü, ïîðòû îòêðûë, ñòàðòîâàë:

Ïðîâåðÿåì ïîðò - îí îòêðûò
netstat -an | grep 113
tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN


Òåëíåò ïðîâåðÿþ ïîðò - ëîêàëüíî è íà ðîóòîðå, ïîäêëþ÷àåòñÿ, è äàæå ïèøåò ID -> eonix

[admin@Router /bin]$ telnet 192.168.1.1 113
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.

: USERID : UNIX : eonix
Connection closed by foreign host.



Äåëàþ â ìèðêå
/whois <mynick>
f*** òèëüäà íà ìåñòå

Äåëàþ ïðîâåðêó ñòðàíèöåé http://www.0x1b.ch/cgi-bin/ident
òîæå ïèøåò failed

Âîïðîñû:
- ìîæåò â ìèðêå ÷òî-òî íàäî ôèêñàíóòü? Ìèðêèí Identd - âñ¸ âûêëþ÷åíî
- lookup server èëè õîñò íå âëèÿåò?
- bouncer ïîìîæåò?
- íñëè ó òåáÿ ñòîèò identd è ñäåëàòü ïðîâåðêó ñòðàíèöåé ñâåðõó - ïðèõîäèò îòâåò?

Update:
Ñêîíôèãóðèë äàæå bouncer -> bip
Ê íåìó ïðèñîåäèíÿþñü
Âñ¸ ðàâíî òèëüäà
Íó ÷òî òû áóäåøü äåëàòü


Ñïàñèáî
Ñ óâàæåíèåì
4elo

[Mashiro-sama]

À â ôàéðâîëå äëÿ äîñòóïà ñíàðóæè îí îòêðûò?

[4elo]

Íó âîò ýòî ÿ âûïîëíèë

iptables -A INPUT -p tcp -m tcp --dport 113 -j ACCEPT

âðîäå äîñòàòî÷íî?

[theMIROn]

- ìîæåò â ìèðêå ÷òî-òî íàäî ôèêñàíóòü? Ìèðêèí Identd - âñ¸ âûêëþ÷åíî

ïðî ìèðê íåçíàþ, ò.ê èñïîëüçóþ ìèðàíäó, ó ìåíÿ âñå âûêëþ÷åíî

- lookup server èëè õîñò íå âëèÿåò?

íåçíà÷þ ÷òî ýòî

- bouncer ïîìîæåò?

ñ èäåíòîì - íå ïîìîæåò, èäåíò çàïðàøèâàåò èðö ñåâðåð

- íñëè ó òåáÿ ñòîèò identd è ñäåëàòü ïðîâåðêó ñòðàíèöåé ñâåðõó - ïðèõîäèò îòâåò?

äà, ïðèõîäèò
: USERID : OTHER : theMIROn

Âñ¸ ðàâíî òèëüäà
Íó ÷òî òû áóäåøü äåëàòü

ïðèâåäè ÷òî ó òåáÿ ïî "iptables -nL INPUT" òèïà òàê

Code:

[admin@router root]$ iptables -nL INPUT
Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       all  --  0.0.0.0/0            0.0.0.0/0          state INVALID
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          state NEW
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          state NEW
SECURITY   all  --  0.0.0.0/0            0.0.0.0/0          state NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0          udp spt:67 dpt:68
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp dpt:113
[admin@router root]$

è, åùå, èäåíò, âûñòàâëåííûé â mIRC äîëæåí ñîâïàäàòü ñ èäåíòîì â fakeidentd, íàñòðàèâàåòñÿ â /opt/etc/default/identd

Code:

# This is a configuration file for /opt/etc/init.d/identd; it allows you to
# perform common modifications to the behavior of the identd daemon
# startup without editing the init script.

# Parameters to pass to fakeidentd.
PARAMS="theMIROn"

# Whether or not to run the identd system daemon; set to 0 to disable.
ENABLED=1

[4elo]

Íó äàæå íå çíàþ

Iptables ãîâîðÿò:

Chain INPUT (policy DROP)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTAB
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:113



Netstat - ïîðò îòêðûò
[root@Router /opt]$ netstat -an | grep 113 | grep tcp
tcp 0 0 0.0.0.0:113 0.0.0.0:* LISTEN



Íî ïðè ýòîì


[root@Router /opt]$ telnet 192.168.1.1 113

0, 0 : ERROR : X-INVALID-REQUEST
Connection closed by foreign host.


Åñëè æå èñïîëüçîâàë fakeidentd îò /openwrt/whiterussian ÷åðåç óñòàíîâêó íà ôëåøêó - ÷åðåç òåëíåò ïîëó÷àë íîðìàëüíûé ðåïëàé, íî âñ¸ ðàâíî â ìèðêå òèëüäà.

Ìîæåò áèáëèîòåêè êàêèå íå ñîâïàäàþò?
Ïîõîæå íà òðàáë ñ ïðîãîé - òàê êàê INVALID-Request èç êîäà fakeidentd - ò.å. îí îòâå÷àåò íî íå âïîïàä


Íå âûëîæèøü âûâîä:
ls -la /opt/lib

Ñïàñèáî

[theMIROn]

Code:

[root@Router /opt]$ telnet 192.168.1.1 113

0, 0 : ERROR : X-INVALID-REQUEST
Connection closed by foreign host.

Òàê îí è ãîâîðèò, ÷òî ñ ïîðòîì êëèåíòà 0 è ïîðòîì ñåðâåðà 0 íåò ñîåäèíåíèé. Íóæíî çàïðîñ î êîíêðåòíûõ ïîðòàõ ïåðåäàâàòü

Code:

[admin@router root]$ telnet 192.168.1.1 113
1234, 5678
1234, 5678 : USERID : OTHER : theMIROn
Connection closed by foreign host.

Åñëè æå èñïîëüçîâàë fakeidentd îò /openwrt/whiterussian ÷åðåç óñòàíîâêó íà ôëåøêó - ÷åðåç òåëíåò ïîëó÷àë íîðìàëüíûé ðåïëàé, íî âñ¸ ðàâíî â ìèðêå òèëüäà.

 whiterussian fakeidentd 2.2, ÿ êîìïèëèë ïîñëåäíèé äîñòóïíûé 2.5
http://www.guru-group.fi/~too/sw/identd.readme

Ìîæåò áèáëèîòåêè êàêèå íå ñîâïàäàþò?

Îíî áåç çàâèñèìîñòåé

Ïîõîæå íà òðàáë ñ ïðîãîé - òàê êàê INVALID-Request èç êîäà fakeidentd - ò.å. îí îòâå÷àåò íî íå âïîïàä

Ïîõîæå íà òðàáë ñ çàïðîñîì, ñì. âûøå

p.s Íà IRC ñåðâåðàõ RusNet ïî whois ó ìåíÿ "theMIROn ^theMIROn my.host * Vladislav"

[4elo]

àãà
òàê ðàáîòàåò
[root@Router root]$ telnet 192.168.1.1 113
1234, 5678
1234, 5678 : USERID : OTHER : tschelo
Connection closed by foreign host.


Íî íè â ìèðêå - íè íà ñòðàíèöå íå îòîáðàæàåòñÿ, õìì


[root@Router root]$ iptables -nL INPUT
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
DROP all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:113
[root@Router root]$


http://www.0x1b.ch/cgi-bin/ident - faliled

[theMIROn]

[root@Router root]$ iptables -nL INPUT
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
DROP all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:113
[root@Router root]$

ó òåáÿ ïîëèòèêà ðàçðåøåíèÿ, ïîýòîìó â êîíöå òàáëèöû ñòàâèòüñÿ ïðàâèëî çàïðåòà. òàáëèöà ôàéðâîëà ïðîñìàòðèâàåòñÿ ñâåðõó âíèç.
ïîýòîìó äî ïðàâèëà, ðàçðåøàþùåããî ïîäêëþ÷åíèå tcp dpt:113 äåëî íå äîõîäèò.

Code:

# óñòàíîâêà ïîëèòèêè, âñå ÷òî íå áóäåò ïåðå÷èñëåíî â ïðàâèëàõ, äðîïíåòñÿ
iptables -P INPUT DROP
# óäàëÿåì ïîñëåäíåå ïðàâèëî äðîïàþùåå âñå ïàêåòû
iptables -D INPUT -j DROP
# äîáàâëÿåì â êîíåö òàáëèöû ïðàâèëî, ðàçðåøàþùåå ident
iptables -A INPUT -p tcp -m tcp --dport 113 -j ACCEPT

â èòîãå ïîëó÷èì
Chain INPUT (policy DROP)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:113

âñå æå âûøå áûëî ïðèâåäåíî

[theMIROn]

Òîëüêî ÷òî çàìåòèë, fakeidentd 2.5 âîçâðàùàåò OTHER â êà÷åñòâå îïåðàöèîííîé ñèñòåìû, ñóäÿ ïî RFC (http://www.rfc-editor.org/rfc/rfc1413.txt) íóæíî äîáàâëÿòü åùå è charset, è, â ýòîì ñëó÷àå IRC ñåðâåðà äîáàâëÿþò ñèìâîë ^ ê èäåíòó
Ñêîìïèëèë ïàêåò fakeidentd_2.5-2_mipsel.ipk, ãäå äåìîí âîçâðàùàåò UNIX.
Ñ íèì íèêàêèõ äîïñèìâîëîâ (òèëüäû, ïòè÷êè) óæå íå äîáàâëÿåòñÿ
Ññûëêè â òîé æå òåìå http://wl500g.info/showthread.php?t=16949

[4elo]

Ñïàñèáî áîëüøîå - ïðàâäà âñ¸ ðàâíî íå ïàøåò
Âûñòàâèë iptables åù¸ ðàç, ïåðåãðóçèë
ïðîâåðÿþ

[root@Router root]$ iptables -nL INPUT
Chain INPUT (policy DROP)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:113
[root@Router root]$ /opt/etc/init.d/S55identd restart
Stopping identd... done.
Starting identd... done.
[root@Router root]$

ëîêàëüíî ìîãó ïîäêëþ÷èòüñÿ - à èç èíåòà íåò, èäåè êàê-òî íåòó ÷òîá ýòî ìîãëî áûòü?

[theMIROn]

ðàç ìîæåøü ïîäêëþ÷èòüñÿ ëîêàëüíî, çíà÷èò èäåíò äåìîí ðàáîòàåò.
âñå îñòàëüíîå - íàñòðîéêè òâîåãî ôàéðâîëà è/èëè ïðîâàéäåðà

[FilimoniC]

ðàç ìîæåøü ïîäêëþ÷èòüñÿ ëîêàëüíî, çíà÷èò èäåíò äåìîí ðàáîòàåò.
âñå îñòàëüíîå - íàñòðîéêè òâîåãî ôàéðâîëà è/èëè ïðîâàéäåðà

http://www.utorrent.com/testport.php?port=113