Notices


Reply
Thread Tools
Posts: 434 | Thanked: 1,160 times | Joined on Feb 2012 @ Germany
#1
Genwall for N900

Hi all,

This application was born out of boredom due to the loss of DSL connection.
I used the N900 as my router, the poor bandwith forced me to do local stuff on my computer like programming.

In 2012 the version 1.0.0 took part in the coding competition. http://wiki.maemo.org/Maemo.org_Coding_Competition_2012

Genwall started in principle as an iptable firewall script generator. These days it can do a bit more.
It is very useful if you want to route or forwarding to another network.

The generated firewall script is based on this example:
http://www.debuntu.org/iptables-how-...et-connection/
There are the same chains defined, but genwall you can choose logging or not.

- creating connections with Wlan-ad-hoc, USB, BT
- you can activate forwarding from internet from and to any device
- set your firewall script, open ports, forwarding ports
- gives network and iptable informations
- you can modify start scripts or the firewall script by yourself with an editor
- it can read syslog file


requirements:
- you need to start application as root
- sysklogd (only if you want to enable logging)


All files genwall creates are in "/home/user/.genwall/".
[local->basics]
"gen" button = generates firestart.sh
"start" button = runs the script
"stop" button = generates and runs firestop.sh script

First steps would be:
Choose your "WAN-device" (local->basics) and your "LAN-device" (for/out->forward)
and generate your script. After this you can start it to set the firewall up.

Solid scripts you will find in /opt/genwall/
These script are based on forum members and applications
maybe you want to add something

bt_on.sh (route->BT: start button)
bt_off.sh (route->BT: stop button)
hotspot.sh (route->Wifi: adhoc button)
hotspot_off.sh (route->Wifi: adhoc button)
wifi.sh (route->Wifi: wifi start/stop button)
ssh-status.sh (local->SSH: start/stop button)
usb_on.sh (route->USB: start button)
usb_off.sh (route->USB: stop button)
usbmodule.sh (route->USB: module 3x button)

Install help

extract genwall_help_vx.x.tar.gz to /home/user/.genwall/


Install and configure sysklogd for use with genwall

Make persistent bootfile

Domain filter and iptable blacklist

Download an Ad-domain list

Linux Bluetooth PAN connection and internet sharing

Windows Bluetooth PAN connection and internet sharing


For more screenshots and little description go to:

http://www.setius.net/n900_genwall.html

Have fun generating your rules. Comments are welcome.


Old requirements:
- you need to start application as root
- iptables of course
- sudser (only if you want to start with desktop icon) no more needed since v1.0.1
- rootsh for gainroot no more needed since version 1.0.4
- sysklogd (only if you want to enable logging)

Old Deb file v0.0.2 by sifo

For N900 the application is in extras-devel now.
For N9(50) the application is in a very experimental stage.
Attached Images
 
Attached Files
File Type: gz genwall_v0.0.2_binary_armel.tar.gz (185.0 KB, 369 views)
File Type: deb genwall_v0.0.2_armel.deb (203.5 KB, 384 views)
File Type: gz genwall_help_v1.0.tar.gz (272.3 KB, 258 views)
File Type: deb genwall_1.0.2_N950.deb (108.0 KB, 243 views)

Last edited by Halftux; 2015-07-29 at 10:39. Reason: added new N950 version
 

The Following 33 Users Say Thank You to Halftux For This Useful Post:
misterc's Avatar
Posts: 1,625 | Thanked: 996 times | Joined on Aug 2010
#2
Originally Posted by Halftux View Post
Hi folks,

one week without internet at home and I started to write an iptables generator with simple firewall functions. [...]
unbelievable how much time you find yourself with without I-Net, huh

thanks!

going to install it on test dev & let you know how it works; usually only use
Code:
tcpsvd -vE 0.0.0.0 21 ftpd -w /media/mmc1/
to exchange files between the two N900s or to sync backup on PC.
if that behaves / works on test dev i'll give it a try on primary & test "Qt Mobile Hotspot" as well

may take a couple days, though
__________________
information is a necessary though no sufficient condition to rationality...
 
D@vIcHoJD's Avatar
Posts: 236 | Thanked: 95 times | Joined on Jan 2012 @ Ecuador
#3
Excuse my ignorance as I run or install the script
 
misterc's Avatar
Posts: 1,625 | Thanked: 996 times | Joined on Aug 2010
#4
Originally Posted by D@vIcHoJD View Post
Excuse my ignorance as I run or install the script
genwall_v0.0.1_binary_armel.tar.gz contains the compiled ready to run genwall executable.
on windoooooz use 7zip to unpack it
  • copy it into /usr/sbin e.g after copying it over from your PC to [N900]
  • open an X-Terminal
  • Code:
    root
    mv /home/user/MyDocs/genwall /usr/sbin
    chmod 755 /user/sbin/genwall
    genwall &
    exit
    exit
you only need to do mv and chmod the 1st time
after that simply become root & start it
__________________
information is a necessary though no sufficient condition to rationality...
 

The Following 3 Users Say Thank You to misterc For This Useful Post:
Posts: 293 | Thanked: 163 times | Joined on Jan 2012 @ beijing-islamabad
#5
i am gonna test it soon i get back home . Thanks ,been waiting for such kinda thing for long.Great stuff
 
D@vIcHoJD's Avatar
Posts: 236 | Thanked: 95 times | Joined on Jan 2012 @ Ecuador
#6
Thank you very much, it works without problems
 
Posts: 434 | Thanked: 1,160 times | Joined on Feb 2012 @ Germany
#7
Originally Posted by misterc View Post
you only need to do mv and chmod the 1st time
after that simply become root & start it
Thank you misterc for explaining. And sorry for my poor explanation. This application is atm a prerelease so only binary. I think it will grow in the future to a deb package and will get a shortcut

However you can run it also at user, the script that will be generated from the application uses gainroot to execute iptables.
I don't know if you run it the first time as root if it still working as user. It could be that after executing as root at first time that the user don't have the rights to the created directory and script. I will look and report.

And sorry for using windows shame on me. For linux I need to install the designer I have only installed the scratchbox environment.

@imo you are welcome. I wanted such application too and makes me happy that it is also useful for other people.

@D@vIcHoJD good to hear.
 

The Following User Says Thank You to Halftux For This Useful Post:
sifo's Avatar
Posts: 1,359 | Thanked: 1,289 times | Joined on Oct 2011 @ Tartus.Syria
#8
thank you Halftux for this useful app btw the UI reminds me of fAircrack :-D
__________________
[ N900-Crack ] [ The Purge ] [ New Smiles ] [ New icons ] [ ? ]
" Hey ! I've just met you and this is crazy, so install cssu maybe ? "
Please help out keeping Maemo.org alive, and consider donating.
https://www.facebook.com/ZoRk7
 
Posts: 466 | Thanked: 661 times | Joined on Jan 2009
#9
What's the UI created with? Qt or GTK? What's the control for the buttons/tabs on the left?
 
misterc's Avatar
Posts: 1,625 | Thanked: 996 times | Joined on Aug 2010
#10
Originally Posted by Halftux View Post
Thank you misterc for explaining. And sorry for my poor explanation. This application is atm a prerelease so only binary. I think it will grow in the future to a deb package and will get a shortcut

However you can run it also at user, the script that will be generated from the application uses gainroot to execute iptables.
I don't know if you run it the first time as root if it still working as user. It could be that after executing as root at first time that the user don't have the rights to the created directory and script. I will look and report.

And sorry for using windows shame on me. For linux I need to install the designer I have only installed the scratchbox environment.

@imo you are welcome. I wanted such application too and makes me happy that it is also useful for other people.

@D@vIcHoJD good to hear.
Halftux,

thank you for the clarification.
however, if the executable is in /usr/sbin only root (or the system) will actually be able to start it
if the user should be able to start it as well, put it in /usr/bin
you still need to be root to place it there.
alternatively, as it doesn't have any location related dependencies (good coding ) put it anywhere where user has access and start it with absolute path (e.g. /home/user/MyDocs/genwall or ./genwall )

personally i feel a firewall belongs in /usr/sbin
__________________
information is a necessary though no sufficient condition to rationality...
 

The Following 2 Users Say Thank You to misterc For This Useful Post:
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 20:23.