Category: Linux
pfSense ipfw rules
Lists zones:
ipfw zone list
Show rules (Zone ID 2 for example):
ipfw -x 2 show
Show all tables
ipfw -x 2 table all list
Show authenticated/allowed clients (in)
ipfw -x 2 table 1 list
Show authenticated/allowed clients (out)
ipfw -x 2 table 2 list
pfSense 2.2.5 CaptivePortal Patch
Patch for pfSense 2.2.5 to redirect proxy users to the authentification portal.
*** captiveportal.inc Wed Nov 04 22:52:22 2015
--- captiveportal_patched.inc Mon Dec 14 17:12:42 2015
***************
*** 539,544 ****
--- 539,548 ----
EOD;
$rulenum = 65310;
+ /* Deny direct access to local services before captive portal authentication */
+ $local_service_ports="3128,3129";
+ $cprules .= "add {$rulenum} skipto 65314 ip from any to table(100) {$local_service_ports} in\n";
+ $cprules .= "add {$rulenum} skipto 65314 ip from table(100) {$local_service_ports} to any out\n";
/* These tables contain host ips */
$cprules .= "add {$rulenum} pass ip from any to table(100) in\n";
$rulenum++;
***************
*** 578,591 ****
else
$listenporthttps = 8001 + $cpzoneid;
if (!isset($config['captiveportal'][$cpzone]['nohttpsforwards'])) {
! $cprules .= "add 65531 fwd 127.0.0.1,{$listenporthttps} tcp from any to any dst-port 443 in\n";
}
}
$cprules .= <<<EOD
# redirect non-authenticated clients to captive portal
! add 65532 fwd 127.0.0.1,{$listenporthttp} tcp from any to any dst-port 80 in
# let the responses from the captive portal web server back out
add 65533 pass tcp from any to any out
# block everything else
--- 582,596 ----
else
$listenporthttps = 8001 + $cpzoneid;
if (!isset($config['captiveportal'][$cpzone]['nohttpsforwards'])) {
! $cprules .= "add 65530 fwd 127.0.0.1,{$listenporthttps} tcp from any to any dst-port 443 in\n";
}
}
$cprules .= <<<EOD
# redirect non-authenticated clients to captive portal
! add 65531 fwd 127.0.0.1,{$listenporthttp} tcp from any to any dst-port 80 in
! add 65532 fwd 127.0.0.1,{$listenporthttp} tcp from any to any dst-port 3128 in
# let the responses from the captive portal web server back out
add 65533 pass tcp from any to any out
# block everything else
Diff created with WinMerge.
Install IPKG on a Synology DS415play
I search for a easy guid to install ipkg on my Synology DS415play with Intel Atom CPU. I found a guid by Edward P:
Connect to your NAS as root through SSH
Go to a temporary folder, for example:
cd /volume1/@tmp
Download the bootstrap script:
wget http://ipkg.nslu2-linux.org/feeds/optware/syno-i686/cross/unstable/syno-i686-bootstrap_1.2-7_i686.xsh
Make the downloaded script file executable:
chmod +x syno-i686-bootstrap_1.2–7_i686.xsh
Execute the bootstrap script:
sh syno-i686-bootstrap_1.2–7_i686.xsh
Installation should now be completed. To test it, run:
ipkg update
Enjoy.
[via]https://medium.com/@edwardmp/how-to-install-ipkg-on-a-synology-ds415play-nas-14fa94901275[/via]
Erase and overwrite Disk on Synology DiskStation
I wanted to erase and overwrite the data on some hard disks that I need to downgrade my RAID 5 from three 4TB WD Red to only two. The erase function on the webgui doesn't work - something message like "don't possible with your drive". I search and found an alternative:
dd if=/dev/zero of=/dev/sdX bs=1M conv=noerror
To identify the disk use fdisk and/or hdparm:
fdisk -l
hdparm -I /dev/sdX
To run the dd command furthermore after disconnection from the SSH connection, use nohup:
nohup dd if=/dev/zero of=/dev/sdX bs=1M conv=noerror