Reply To: DNS

Home Page Forums Network Management Networking DNS Reply To: DNS

#53601

I’m running Zeroshell 3.2.1.
They are used Nmap Security Scanner. They let me saw breaking in Wifi.

I make a wifi network like 192.168.192.0/26 DHCP & DNS on Zeroshell machine. Use DNS a free open service (UDP 53) and DHCP/Bootp (UDP 67) like in your example configuration.

Firewall rules is very simple :

Forward : (51..64 is my wifi access points)

1 ETH00 * ACCEPT all opt — in ETH00 out * 0.0.0.0/0 -> 192.168.2.0/24 source IP range 192.168.192.51-192.168.192.64 no
2 ETH00 * ACCEPT all opt — in ETH00 out * 0.0.0.0/0 -> 172.16.0.0/20 source IP range 192.168.192.51-192.168.192.64 no
3 ETH00 * ACCEPT all opt — in ETH00 out * 0.0.0.0/0 -> 0.0.0.0/0 source IP range 192.168.192.51-192.168.192.64 TIME from 00:00:00 to 23:45:00

Input :

1 ETH01 * ACCEPT all opt — in ETH01 out * 0.0.0.0/0 -> 0.0.0.0/0 no
2 ETH00 * ACCEPT all opt — in ETH00 out * 0.0.0.0/0 -> 0.0.0.0/0 source IP range 192.168.192.51-192.168.192.64 no
3 ETH00 * ACCEPT all opt — in ETH00 out * 0.0.0.0/0 -> 0.0.0.0/0 TIME from 07:00:00 to 20:00:00 on Mon,Tue,Wed,Thu,Fri no
4 ETH00 * DROP all opt — in ETH00 out * 0.0.0.0/0 -> 0.0.0.0/0

Output :

1 * * ACCEPT all opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 destination IP range 192.168.192.51-192.168.192.64 no
2 * * ACCEPT all opt — in * out * 0.0.0.0/0 -> 192.168.192.0/22 TIME from 07:00:00 to 20:00:00 on Mon,Tue,Wed,Thu,Fri no
3 * * DROP all opt — in * out * 0.0.0.0/0 -> 192.168.192.0/22

This rules are made to avoid wifi after 8:00 PM and before 7:00 AM.
Between 11:45 PM and 12:00 PM traffic is disabled for Wifi access points to force a reset.

If you want I can send you my config.

Kind regards.