Active Topics

 



Notices


Reply
Thread Tools
Halftux's Avatar
Posts: 862 | Thanked: 2,511 times | Joined on Feb 2012 @ Germany
#81
As I said when I have the time I will add some quick tutorials. I will also update the help files for genwall the next days.
So here it comes:

USB LAN Connection Windows 7 Internet from N900

Prerequirements usb lan:
[PC]
driver e.g. from madde


Connect a windows system with usb lan:

  1. [N900] connect to internet wifi/gprs/bt-pan
  2. [N900] genwall {route-usb} click module button and load Windows module
  3. [N900] genwall {route-usb} configure the network and dhcp addresses choose dnsmasq=forward and save settings
  4. [N900-PC] connect the usb cable
  5. [N900] genwall {route-usb} click the start button
  6. [PC] look if you get a dhcp address
  7. [N900] make iptable rules to forward network see next list
[N900] forwarding
{local-basics}
  • Select wan device gprs/bnep0/wlan
  • I would "accept connection from local machine"... makes live easier
  • If you want to connect from pc->N900 without openning ports. I would also recommend to "Accept connection from local lan".

{for/out-forwarding}
  • Activate forwarding and set lan device to usb
  • Masquerade wan device should be active

{local-basics}
  • gen rules
  • push the start button
In case you want forward/open ports to your pc
{for/out-ports}
Before you generate the rules and start the firewall script you need to put your pc ip, the port and protocol then push the add button.

Last edited by Halftux; 2016-05-14 at 21:11. Reason: added link to driver
 

The Following 3 Users Say Thank You to Halftux For This Useful Post:
Halftux's Avatar
Posts: 862 | Thanked: 2,511 times | Joined on Feb 2012 @ Germany
#82
USB LAN Connection Windows 7 Internet to N900

Prerequirements usb lan:
[PC]
driver e.g. from madde

Connect a windows system with usb lan
  1. [N900] connect to internet wifi/gprs/bt-pan
  2. [N900] genwall {route-usb} click module button and load Windows module
  3. [N900-PC] connect the usb cable (PC Suite-Modus)
  4. [PC] run ncpa.cpl then properties from internet network device, sharing, activate ics and choose network from N900 usb lan.
  5. [N900] genwall {route-ipinfo} click dhclient usb0, ok

Now the N900 should have an ip 192.168.137.XXX and the tmp resolv should have domain mshome.net and nameserver 192.168.137.1 entry. It could be that some apps need a dummy connection.

Disconnecting:

  1. [N900] disconnect dummy network
  2. [N900-PC] disconnect the usb cable
  3. [N900] genwall {route-usb} click stop button
  4. [N900] genwall {route-gate} reset tmp resolv

Last edited by Halftux; 2016-05-15 at 07:47. Reason: added disconnecting
 

The Following 3 Users Say Thank You to Halftux For This Useful Post:
jellyroll's Avatar
Posts: 434 | Thanked: 684 times | Joined on Apr 2012 @ Netherlands 020
#83
Great application
 

The Following User Says Thank You to jellyroll For This Useful Post:
Halftux's Avatar
Posts: 862 | Thanked: 2,511 times | Joined on Feb 2012 @ Germany
#84
Genwall is available for SFOS too now.

https://openrepos.net/content/halftux/genwall-0

It has not so many functions at the moment because many hacks were specific for the N900/maemo device. Hence it is based on version 1.0.2.

On my Jolla C I have following iptable rules as a standard. The funny thing is, they were all as double roule so I guess they were set twice and they belong to mobile internet.

Chain OUTPUT (policy ACCEPT 132K packets, 12M bytes)
num pkts bytes target prot opt in out source destination
1 0 0 DROP udp -- * rmnet_data7 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 /* Drop SSDP on WWAN */
2 0 0 DROP udp -- * rmnet_data6 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 /* Drop SSDP on WWAN */
3 0 0 DROP udp -- * rmnet_data5 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 /* Drop SSDP on WWAN */
4 0 0 DROP udp -- * rmnet_data4 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 /* Drop SSDP on WWAN */
5 0 0 DROP udp -- * rmnet_data3 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 /* Drop SSDP on WWAN */
6 0 0 DROP udp -- * rmnet_data2 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 /* Drop SSDP on WWAN */
7 0 0 DROP udp -- * rmnet_data1 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 /* Drop SSDP on WWAN */
8 0 0 DROP udp -- * rmnet_data0 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 /* Drop SSDP on WWAN */
9 0 0 DROP udp -- * rmnet_data7 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 /* Drop SSDP on WWAN */
10 0 0 DROP udp -- * rmnet_data6 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 /* Drop SSDP on WWAN */
11 0 0 DROP udp -- * rmnet_data5 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 /* Drop SSDP on WWAN */
12 0 0 DROP udp -- * rmnet_data4 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 /* Drop SSDP on WWAN */
13 0 0 DROP udp -- * rmnet_data3 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 /* Drop SSDP on WWAN */
14 0 0 DROP udp -- * rmnet_data2 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 /* Drop SSDP on WWAN */
15 0 0 DROP udp -- * rmnet_data1 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 /* Drop SSDP on WWAN */
16 0 0 DROP udp -- * rmnet_data0 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 /* Drop SSDP on WWAN */


I created under [local]--[Settings] a checkbox include drop SSDP on WWAN. When this checkbox is enabled the same rules will be created in the script but only once.

The [local]--[ssh] tab is not optimal at the moment. When there is no network the process takes unusual long don't know why, maybe I need to open an own process for it.

You can also try the command in your console if you like.

Code:
lsof -i | egrep '(COMMAND|sshd)'
Thats it have fun.
 

The Following User Says Thank You to Halftux For This Useful Post:
Halftux's Avatar
Posts: 862 | Thanked: 2,511 times | Joined on Feb 2012 @ Germany
#85
New version released for SFOS.

v1.1.0-1
- added filter list for deleting rules
- fixed addnow ports dialog
- added rules creator from log
- added ofono info
- added iptables log option and view
- added messages

With the new added features you can add and remove rules during runtime. I will try to explain how....

First you need to generate your rules again with a checked checkbox "activate logging for Rejectwall". After that you need to run the script.



Then you try to connect with your pc to a closed port. In this example I used ftp 21 to generate some kernel messages.

For an easy readability I would suggest to set an filter on the log list entry names. When you would like to add a rule then I would suggest following filter settings.



When you are play with outgoing packages, you need to choose out instead of in.

After the filter is set go to the rules--chains tab again and choose as "filter log" Rejectwall and hit the load button.

Then you will get filtered kernel messages to the log textedit. In the right top corner there will be a menu button. There you could choose "open" to open a listwidget. Now you could choose a rejected event and the rules creator pops up.



The rules creator can create some different rules for you, which will be added in the listwidget on the rules--extra tab. With the current ip checkbox, when activated, you could restrict the rule to the source ip.
With accept and drop button you create the rule. You can also drop the packages into the firewall chain. When you don't like the source ip you could also drop all incoming from that ip with "drop all from ip".
The accept now button will open promptly the port ristricted to an ip or not depends on the checkbox.



Now for example when you would like to close the port again you could go to the local--filter tab, there is again a menu button, where you choose Input. A listwidget will open, there you select the specific rule and by pushing the delete button it will be promptly removed.

There is also another way to open a port during runtime.
Under local--ports tab you will find the add now button. Set you port and then hit the button. Now you will see how many rules are in Input. Here you could choose a rule number for adding. Be careful with choosing not that the rule has no effect. When you use add now from the log filter, the generated rule has everytime number one.
Choose the interface and push the insert button.

Another thing, I also implemented some ofono modem and sim card information. There are some abbreviations for which I write the full name here.

LAC= Location Area Code
CID= Cell Id
MCC= Mobile Country Code
MNC= Mobile Network Code
 

The Following 2 Users Say Thank You to Halftux For This Useful Post:
Posts: 367 | Thanked: 1,442 times | Joined on Feb 2015
#86
As a suggestion,would be awesome to have it parse uids of installed android apps and block/enable internet access for them by theirs uid.
 

The Following User Says Thank You to lantern For This Useful Post:
Halftux's Avatar
Posts: 862 | Thanked: 2,511 times | Joined on Feb 2012 @ Germany
#87
Originally Posted by lantern View Post
As a suggestion,would be awesome to have it parse uids of installed android apps and block/enable internet access for them by theirs uid.
No Aliens and Androids on my phone
So it would be nice if somebody could attach the file where the uids get saved and also tell me the location (full path).
 

The Following User Says Thank You to Halftux For This Useful Post:
peterleinchen's Avatar
Posts: 4,117 | Thanked: 8,901 times | Joined on Aug 2010 @ Ruhrgebiet, Germany
#88
info: https://android.stackexchange.com/qu...ication-stored

/opt/alien/data/system/packages.xml
seems to hold all info and also every single right

/opt/alien/data/system/packages.list
more simple list with names and uids

ad 1: if this is the base where each application gets its rights from at start then it should not be so hard to implement a GUI for SEDing this xml, or? (android noob )
__________________
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!

Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257

editsignature, http://talk.maemo.org/profile.php?do=editsignature
 

The Following 3 Users Say Thank You to peterleinchen For This Useful Post:
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 02:24.