Some app to handle different IP address thru the FW

Discuss Applications
Post Reply
User avatar
Basher52
guru
guru
Posts: 928
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Some app to handle different IP address thru the FW

Post by Basher52 »

The new server I'm installing is for my sister and her husband and during the test I locked all IP addresses out of it but I sometimes want her to take a look at it. The bad thing is that she's on ADSL and that IP address' lease is like only an hour or so and the next time she turns the PC on, she got a new IP and can't get in.
Is there something that I can use to ease this pain. When her IP changes she won't call me/email me or anything to say that, she just gives up.
I need an application that can let her in whatever her IP is as long as she uses "her client" of this to open her IP in the firewall.
In this case it's for web, but it could be for, like anything.

If you know what I'm talking about?

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

I use "knockd" on my firewall to give temporary access to specified ports from whatever IP address I might be on. You add something to her machine's startup or browser startup that would send the appropriate knock sequence to her server and give her dynamic address access.

http://www.zeroflux.org/cgi-bin/cvstrac.cgi/knock/wiki

User avatar
Basher52
guru
guru
Posts: 928
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 »

now when you say it I remember that you said this before
*shame on me for not remembering, sorry*

User avatar
Basher52
guru
guru
Posts: 928
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 »

This don't seem to suite my machine and I can't find any prerequisites either on that site.

Code: Select all

[root@ftp knock-0.5]# ./config
config.guess  config.sub    configure     
[root@ftp knock-0.5]# ./configure 
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables... 
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
checking for g++... g++
checking whether we are using the GNU C++ compiler... yes
checking whether g++ accepts -g... yes
checking for a BSD-compatible install... /usr/bin/install -c
checking for pcap_open_live in -lpcap... no
checking how to run the C preprocessor... gcc -E
checking for egrep... grep -E
checking for ANSI C header files... yes
checking for sys/wait.h that is POSIX.1 compatible... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking arpa/inet.h usability... yes
checking arpa/inet.h presence... yes
checking for arpa/inet.h... yes
checking pcap.h usability... no
checking pcap.h presence... no
checking for pcap.h... no
checking netdb.h usability... yes
checking netdb.h presence... yes
checking for netdb.h... yes
checking netinet/in.h usability... yes
checking netinet/in.h presence... yes
checking for netinet/in.h... yes
checking for stdlib.h... (cached) yes
checking for string.h... (cached) yes
checking sys/socket.h usability... yes
checking sys/socket.h presence... yes
checking for sys/socket.h... yes
checking syslog.h usability... yes
checking syslog.h presence... yes
checking for syslog.h... yes
checking for unistd.h... (cached) yes
checking for an ANSI C-conforming const... yes
checking for size_t... yes
checking whether struct tm is in sys/time.h or time.h... time.h
checking for pid_t... yes
checking for unistd.h... (cached) yes
checking vfork.h usability... no
checking vfork.h presence... no
checking for vfork.h... no
checking for fork... yes
checking for vfork... yes
checking for working fork... yes
checking for working vfork... (cached) yes
checking for stdlib.h... (cached) yes
checking for GNU libc compatible malloc... yes
checking return type of signal handlers... void
checking for vprintf... yes
checking for _doprnt... no
checking for inet_ntoa... yes
checking for memmove... yes
checking for strcasecmp... yes
checking for strdup... yes
checking for strstr... yes
configure: creating ./config.status
config.status: creating Makefile
config.status: creating config.h
[root@ftp knock-0.5]#     

Code: Select all

[root@ftp knock-0.5]# make
gcc -g -O2 -g -Wall -pedantic -fno-exceptions -D_GNU_SOURCE -I. -o src/knockd.o -c src/knockd.c
src/knockd.c:47:18: error: pcap.h: No such file or directory
src/knockd.c:121: warning: 'struct pcap_pkthdr' declared inside parameter list
src/knockd.c:121: warning: its scope is only this definition or declaration, which is probably not what you want
src/knockd.c:123: error: expected '=', ',', ';', 'asm' or '__attribute__' before '*' token
src/knockd.c:134: error: 'PATH_MAX' undeclared here (not in a function)
src/knockd.c: In function 'main':
src/knockd.c:140: error: 'PCAP_ERRBUF_SIZE' undeclared (first use in this function)
src/knockd.c:140: error: (Each undeclared identifier is reported only once
src/knockd.c:140: error: for each function it appears in.)
src/knockd.c:196: error: 'cap' undeclared (first use in this function)
src/knockd.c:196: warning: implicit declaration of function 'pcap_open_live'
src/knockd.c:204: warning: implicit declaration of function 'pcap_datalink'
src/knockd.c:206: error: 'DLT_EN10MB' undeclared (first use in this function)
src/knockd.c:209: error: 'DLT_LINUX_SLL' undeclared (first use in this function)
src/knockd.c:212: error: 'DLT_RAW' undeclared (first use in this function)
src/knockd.c:256: warning: implicit declaration of function 'pcap_dispatch'
src/knockd.c:259: warning: implicit declaration of function 'pcap_perror'
src/knockd.c:140: warning: unused variable 'pcapErr'
src/knockd.c: In function 'cleanup':
src/knockd.c:346: warning: implicit declaration of function 'pcap_close'
src/knockd.c:346: error: 'cap' undeclared (first use in this function)
src/knockd.c: In function 'parseconfig':
src/knockd.c:438: warning: unused variable 'line'
src/knockd.c: In function 'get_next_one_time_sequence':
src/knockd.c:695: warning: unused variable 'line'
src/knockd.c: In function 'generate_pcap_filter':
src/knockd.c:783: error: storage size of 'bpf_prog' isn't known
src/knockd.c:972: warning: implicit declaration of function 'pcap_compile'
src/knockd.c:972: error: 'cap' undeclared (first use in this function)
src/knockd.c:976: warning: implicit declaration of function 'pcap_setfilter'
src/knockd.c:980: warning: implicit declaration of function 'pcap_freecode'
src/knockd.c:783: warning: unused variable 'bpf_prog'
src/knockd.c: At top level:
src/knockd.c:1161: warning: 'struct pcap_pkthdr' declared inside parameter list
src/knockd.c:1161: error: conflicting types for 'sniff'
src/knockd.c:121: error: previous declaration of 'sniff' was here
src/knockd.c: In function 'sniff':
src/knockd.c:1174: error: dereferencing pointer to incomplete type
src/knockd.c:1181: error: 'DLT_EN10MB' undeclared (first use in this function)
src/knockd.c:1187: error: 'DLT_LINUX_SLL' undeclared (first use in this function)
src/knockd.c:1189: error: 'DLT_RAW' undeclared (first use in this function)
src/knockd.c:1245: error: dereferencing pointer to incomplete type
src/knockd.c:1386: warning: unused variable 'parsed_stop_cmd'
src/knockd.c:1385: warning: unused variable 'parsed_start_cmd'
make: *** [src/knockd.o] Error 1
[root@ftp knock-0.5]# 

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

Looks like you need to install your pcap headers:

# yum install libpcap-devel

P.S. I actually had built an RPM of knock back in December '05 (FC4). The binary RPM might work directly but surely (maybe) you could rebuild the SRC RPM and it should work.

http://voidmain.is-a-geek.net/files/RPMS/knock/

User avatar
Basher52
guru
guru
Posts: 928
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 »

Nope still something missing or some other stuff

Code: Select all

[root@ftp knock-0.5]# make
gcc -g -O2 -g -Wall -pedantic -fno-exceptions -D_GNU_SOURCE -I. -o src/knockd.o -c src/knockd.c
src/knockd.c:134: error: 'PATH_MAX' undeclared here (not in a function)
src/knockd.c: In function 'parseconfig':
src/knockd.c:438: warning: unused variable 'line'
src/knockd.c: In function 'get_next_one_time_sequence':
src/knockd.c:695: warning: unused variable 'line'
src/knockd.c: In function 'sniff':
src/knockd.c:1386: warning: unused variable 'parsed_stop_cmd'
src/knockd.c:1385: warning: unused variable 'parsed_start_cmd'
make: *** [src/knockd.o] Error 1

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

I see there is a newer SRC RPM:
http://www.invoca.ch/pub/packages/knock/

I get the same error you get. I am sure it will be an easy fix but I do not have time right now. I'll try and get to it when I get home from work and fix the source.

User avatar
Basher52
guru
guru
Posts: 928
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 »

no worries mate :)

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

A quick fix would be to add this line to "src/knockd.c" right under all the other include files near the top:

Code: Select all

#include <linux/limits.h>

User avatar
Basher52
guru
guru
Posts: 928
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 »

You sure know your stuff :)
I'll make install this tomorrow and start to config it

thx again man :)

User avatar
Basher52
guru
guru
Posts: 928
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 »

yep it works
but from work using this win32 knock client don't seem to work properly.
sometimes it knocks with the same port twice thus I have to knock a couple of times to get the sequence right, but forgetting this it's working :)

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

Basher52 wrote:yep it works
but from work using this win32 knock client don't seem to work properly.
sometimes it knocks with the same port twice thus I have to knock a couple of times to get the sequence right, but forgetting this it's working :)
Hmm, that's odd. In my case I can't do the knock sequence from work at all because of outbound firewall restrictions. No problem though as for work addresses I just allow them directly to specified resources in my firewall configuration since they are known non-malicious static IP addresses. So really the only time I do the knock is if I am traveling.

Post Reply