Blue Light
Space shortcuts
Child pages
  • 802.1X secured wifi installation

Versions Compared

Old Version 41

changes.mady.by.user Dyuman

Saved on

compared with

New Version 42

changes.mady.by.user Dyuman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Base virtual machine preparation

Imported ~/Documents/Last School's Debian9 VM template "Debian9-base.ova" into Virtual Box as Debian9-base_8021x, re-initializing all MAC addresses. The description for this virtual machine template is:

...

The network configuration is now as follows (interface name seen in guest OS - Adapter name in VirtualBox settings - Adapter "Attached to" setting in VirtualBox settings):

enp0s3 - Adapter 1 - Bridged adapter

enp0s8 - Adapter 2 - Not attached

Booted, disconnected eth2 because of errorsLogged logged in to GUI, connected DHCP

In terminal:

Code Block
rm /etc/apt/apt.conf.d/02proxy
apt-get update
apt-get upgrade

...

Code Block
apt-get install shorewall
apt-get install ipset
mv /etc/shorewall{,-orig}
mkdir /etc/shorewall

Configuration:

Code Block
root@debian9-base:/etc/shorewall# for i in `ls`; do echo "========= $i ========="; cat $i | grep -v "^#" | grep -v "^$"; echo "========= $i ========="; echo ""; done
========= hosts =========
========= hosts =========

========= interfaces =========
net     enp0s3         detect      tcpflags,dhcp,nosmurfs,routefilter,logmartians
wifi	enp0s8		   detect	   tcpflags,nosmurfs,routefilter,logmartians
========= interfaces =========

========= masq =========
enp0s3					   192.168.9.0/24
========= masq =========

========= policy =========
$FW		net		REJECT		INFO(uid)
$FW		wifi	ACCEPT		INFO(uid)
wifi	all		REJECT
net		all		DROP		INFO
all		all		REJECT		info
========= policy =========

========= routestopped =========
========= routestopped =========

========= rules =========
Invalid(DROP)		 net			 all
ACCEPT:INFO(uid)     net             $FW             tcp     22
ACCEPT:INFO(uid)     net             $FW             udp     123
ACCEPT:INFO(uid)     net	     	 $FW	     	 icmp
ACCEPT:INFO(uid)     $FW             net             tcp     465,587,995,993
ACCEPT:INFO(uid)     $FW             net             udp     53,123
ACCEPT:INFO(uid)     $FW	     	 net	     	 icmp
ACCEPT:INFO(uid)     $FW             net             tcp     -            -               -               -               root
ACCEPT:INFO(uid)     $FW             net             udp     -            -               -               -               root
ACCEPT:INFO(uid)     $FW             net             icmp    -            -               -               -               root
ACCEPT:INFO(uid)     $FW             net             tcp     -            -               -               -               _apt
ACCEPT:INFO(uid)     $FW             net             udp     -            -               -               -               _apt
ACCEPT:INFO(uid)     $FW             net             icmp    -            -               -               -               _apt
========= rules =========

========= shorewall.conf =========
STARTUP_ENABLED=Yes
....
========= shorewall.conf =========

========= zones =========
fw			firewall
net			ipv4
wifi		ipv4
========= zones =========

...