NULL0.CO.UK

Some standard config for UK ADSL using a Cisco router, again from an 1800. Remember to add NAT config and inbound access control if required.


interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface Dialer0
bandwidth [X]
bandwidth receive [X]
ip address negotiated
ip flow ingress
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname [username]
ppp chap password 0 [password]
ppp ipcp route default
end



username [username] privilege 15 secret 0 [secret]
aaa new-model
enable secret [secret]
!
aaa authentication login CONSOLE local enable
aaa authentication login VTY local enable
!
line vty 0 4
login authentication VTY
!
line con 0
login authentication CONSOLE


A sample Fibre To The Cabinet Cisco router config for PPPoE assuming you have the standard BT Openreach modem. Generated from an 1800 series router.

interface FastEthernet0
description FTTC
no ip address
ip virtual-reassembly
pppoe enable group global
pppoe-client dial-pool-number 1

interface Dialer0
ip address negotiated
ip virtual-reassembly
encapsulation ppp
load-interval 30
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname [USERNAME]
ppp chap password 0 [PASSWORD]
ppp ipcp dns request
ppp ipcp route default


I’m lucky enough to be in one of the few UK areas to have BT’s latest broadband offering – Fiber To The Cabinet or FTTC.

When the BT Openreach engineer decides to turn up, he will install a Huawei modem which hands off your public IP address (or subnet if you so choose) via PPPoE to your router of preference. Being a networking geek I chose a Cisco ASA 5505 firewall.

Below is a basic command-line config, I’ll get working on some ASDM screenshots soon for those who prefer the GUI (not my thing). Note the MTU size, for PPPoE overhead we need to trim 8 bytes off the 1500 Ethernet standard leaving 1492.

interface Vlan10
nameif outside
security-level 0
pppoe client vpdn group BTFTTC
ip address pppoe
!
mtu outside 1492
!
vpdn group BTFTTC request dialout pppoe
vpdn group BTFTTC localname you@isp.com
vpdn group BTFTTC ppp authentication chap
vpdn username you@isp.com password *ppp password*

A simple one-liner that can be added to the global bashrc (/etc/bash.bashrc on Ubuntu) to send an alert via email when a user logs in. Useful for login alert from un-attended machines you don’t usually log into.

echo 'Login on' `hostname` `date` `who` | mail -s "Login on `hostname` `who | awk '{ print $5 }'`" email@address.com

ssh -L localport:host:hostport user@ssh_server -N

Example:

ssh -L 8888:www.google.com:80 user@ssh_server -N

Browsing to http://localhost:8888/ would tunnel all requests to google via your SSH server’s IP address.

sudo dpkg-reconfigure tzdata

This will run a nice graphical menu that allows you to select the timezone by region and country.

# iptables -N new_chain                         // create a chain
# iptables -E new_chain old_chain               // edit a chain
# iptables -X old_chain                         // delete a chain

redirecting packet to a user chain:
# iptables -A INPUT -p icmp -j new_chain

listing rules:
# iptables -L                                   // list all rules of all tables
# iptables -L -v                                // display rules and their counters
# iptables -L -t nat                            // display rules for a specific tables
# iptables -L -n --line-numbers                 // listing rules with line number for all tables
# iptables -L INPUT -n --line-numbers           // listing rules with line number for specific table

manage rules:
# iptables -A chain                             // append rules to the bottom of the chain
# iptables -I chain [rulenum]                   // insert in chain as rulenum (default at the top or 1)
# iptables -R chain rulenum                     // replace rules with rules specified for the rulnum
# iptables -D chain     rulenum                 // delete rules matching rulenum (default 1)
# iptables -D chain                             // delete matching rules

change default policy:
# iptables -P chain target                      // change policy on chain to target
# iptables -P INPUT DROP                        // change INPUT table policy to DROP
# iptables -P OUTPUT DROP                       // change OUTPUT chain policy to DROP
# iptables -P FORWARD DROP                      // change FORWARD chain policy to DROP 

Source: raynux.com

#!/bin/sh

ftp -i -n << EOT
open <SERVER_ADDRESS>
user <USER> <PASS>
put <FILENAME>
quit

archive tar /xtract tftp://TFTP-IP/IOS.tar flash: