Securing Wireless Networks
by Micah Silverman

Listing One

/etc/sysconfig/network-scripts/ifcfg-eth0:
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=10.0.0.1
NETMASK=255.255.0.0

/etc/sysconfig/network-scripts/ifcfg-eth1:
DEVICE=eth1
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.0.50
NETMASK=255.255.255.0
GATEWAY=192.168.0.1

Listing Two

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
service iptables save

Listing Three

DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=10.0.0.10
NETMASK=255.255.0.0
GATEWAY=10.0.0.1

Listing Four
1.  config setup
2.      interfaces="ipsec0=eth0"
3.      klipsdebug=none
4.      plutodebug=none
5.      plutoload=%search
6.      plutostart=%search
7.      uniqueids=yes
8.
9.  conn %default
10.     keyingtries=0
11.     authby=rsasig
12.     left=%any
13.     right=10.0.0.1
14.     rightsubnet=0.0.0.0/0
15.     rightid=@secgw.MPowerIT.com
16.     rightrsasigkey=...
17.
18. conn client1
19.     leftid=@wireless1.MPowerIT.com
20.     leftrsasigkey=...
21.     auto=add
22.
23. conn client2
24.     leftid=@wireless2.MPowerIT.com
25.     leftrsasigkey=...
26.     auto=add

Listing Five

1.  config setup
2.      interfaces=%defaultroute
3.      klipsdebug=none
4.      plutodebug=none
5.      plutoload=%search
6.      plutostart=%search
7.      uniqueids=yes
8.
9.  conn %default
10.     keyingtries=0
11.     authby=rsasig
12.
13. conn client
14.     left=%defaultroute
15.     leftid=@wireless1.MPowerIT.com
16.     leftrsasigkey=...
17.     right=10.0.0.1
18.     rightsubnet=0.0.0.0/0
19.     rightid=@secgw.MPowerIT.com
20.     rightrsasigkey=...
21.     auto=add

Listing Six

1.  iptables -F
2.  iptables -t nat -F
3.  iptables -X
4.  iptables -t nat -X
5.
6.  # NAT and FORWARD
7.
8.  iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
9.  iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
10. iptables -A FORWARD -i ipsec+ -j ACCEPT
11. iptables -A FORWARD -i ! ipsec+ -j LOG --log-prefix "Not IPSEC: "
12.
13. # IPSEC
14.
15. iptables -A INPUT -p UDP --sport 500 --dport 500 -j ACCEPT
16. iptables -A INPUT -p 50 -j ACCEPT
17. iptables -A INPUT -j LOG --log-prefix "INPUT DROP: "
18.
19. iptables -A OUTPUT -p UDP --sport 500 --dport 500 -j ACCEPT
20. iptables -A OUTPUT -p 50 -j ACCEPT
21. iptables -A OUTPUT -j LOG --log-prefix "OUTPUT DROP: "
22.
23. # lockdown!
24.
25. iptables -P INPUT DROP
26. iptables -P OUTPUT DROP
27. iptables -P FORWARD DROP



1


