Subject: Re: [44net] How to config mikrotik router for IPIP (and more) From: Don Fanning don@00100100.net Date: 04/05/2016 04:54 PM
To: AMPRNet working group 44net@hamradio.ucsd.edu
Maybe this is a good opportunity for someone to create a basic distribution that gets AMPRnet working on a RPi. 8G SD cards are incredibly cheap and ship well or someone can write the image directly on them. Maybe if it's packaged, profits could be sent to Brian for gateway maintenance/growth.
I think it would be a good idea to create something like that. I have done images for another special-purpose Pi application, however in this case it probably needs a little more work to create a nice "setup" program that allows the user to enter the variable data and configures the Pi accordingly.
(after all, the instructions that are already on wiki.ampr.org apparently are not enough to get people started, so providing an image and then tell them to edit config files and scripts will probably fail the same way)
It is also clear that the default firewall should be OK, and users should be warned not to install things like open telnet servers on or behind the router.
Rob
Don et al;
On Wed, 2016-04-06 at 18:10 +0200, Rob Janssen wrote:
Maybe this is a good opportunity for someone to create a basic distribution that gets AMPRnet working on a RPi. 8G SD cards are incredibly cheap and ship well or someone can write the image directly on them. Maybe if it's packaged, profits could be sent to Brian for gateway maintenance/growth.
I think it would be a good idea to create something like that. I have done images for another special-purpose Pi application, however in this case it probably needs a little more work to create a nice "setup" program that allows the user to enter the variable data and configures the Pi accordingly.
https://sourceforge.net/projects/uronode/files/2014-12-05-URONode-wheezy.tz2...
Fill in the variables inside /usr/local/bin/ax25 and you're off and running. IPIP will be configure by default with ampr-ripd as the daemon for capturing RipV2.
Hi All, After following the list and seeing all the problems with security would someone like to give some reasonably detailed advice on what I should be doing to keep myself and others secure.Also what should I check is running from a security viewpoint
Please remember that I am not an expert in either Linux or networking. A step by step how to would be really helpful both to me and presumably the rest of the network.
My set up is simply a raspberry pi running openvpn set up as per the wiki. It connects OK but the only security I am aware of at my end is fail2ban running with very minimalist rules.
The Pi has two Ethernet ports eth0 and eth1 and a wireless access, wlan1. The tunnel is tun0
What should I do to keep secure?
I would also like to comment that the suggestion on the list recently about a basic raspberry pi SD card image for beginners like me, would at least let us participate without compromising the security of the whole network. I am sure it would also encourage greater participation as a whole
Rgds Tony VK3API
Hello Tony,
Security on Linux is a very deep topic and you can find a LOT about it by searching on things like:
"How to Harden Debian Linux"
The first hit is the "Securing Debian HOWTO" which is an excellent start:
https://www.debian.org/doc/manuals/securing-debian-howto/
Since you mentioned a Rpi, I've started a short document on both making an Rpi more hardened but also more reliable too (minimize microSD card writes, etc) too:
http://www.trinityos.com/HAM/CentosDigitalModes/RPi/rpi2-setup.txt
It's still very much a work in progress but might help you get started. Feel free to ask me questions offline as I've been doing this for a while with other documents like the IP Masquerade HOWTO, the TrinityOS documentation set, etc.
--David KI6ZHD
I should install the shorewall firewall. You can download that package with apt-get or aptitude. It is easy to configure and it saves you lot of work with setting up your firewall instead of all those iptables rules if you are not familiar with those.
You configure it by filling in text files. It makes the iptables rules and runs them if you start it.
73,
Bob VE3TOK
On 16-04-06 09:26 PM, amprnet@wizards.sytes.net wrote:
(Please trim inclusions from previous messages) _______________________________________________ Hi All,
After following the list and seeing all the problems with security would someone like to give some reasonably detailed advice on what I should be doing to keep myself and others secure.Also what should I check is running from a security viewpoint
Please remember that I am not an expert in either Linux or networking. A step by step how to would be really helpful both to me and presumably the rest of the network.
My set up is simply a raspberry pi running openvpn set up as per the wiki. It connects OK but the only security I am aware of at my end is fail2ban running with very minimalist rules.
The Pi has two Ethernet ports eth0 and eth1 and a wireless access, wlan1. The tunnel is tun0
What should I do to keep secure?
I would also like to comment that the suggestion on the list recently about a basic raspberry pi SD card image for beginners like me, would at least let us participate without compromising the security of the whole network. I am sure it would also encourage greater participation as a whole
Rgds Tony VK3API
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
Hi,
Le 07/04/2016 04:22, Boudewijn (Bob) Tenty a écrit :
I should install the shorewall firewall. You can download that package with apt-get or aptitude. It is easy to configure and it saves you lot of work with setting up your firewall instead of all those iptables rules if you are not familiar with those.
+1 for Shorewall firewall.
-
amprnet@wizards.sytes.net -
Boudewijn (Bob) Tenty -
Brian -
David Ranch -
Rob Janssen -
Toussaint OTTAVI