[ale] OT: What the hell is XSS in Comcast land?

Ron Frazier (ALE) atllinuxenthinfo at techstarship.com
Mon Aug 12 20:46:59 EDT 2013



Alex Carver <agcarver+ale at acarver.net> wrote:

>On 8/12/2013 17:16, Jim Lynch wrote:
>> On 08/12/2013 04:36 PM, Alex Carver wrote:
>>> Consumer firmware is exactly why I replaced the firmware in the
>router
>>> the moment I bought it.  It's especially important considering I use
>>> features that Linksys' own firmware does not support (changing port
>>> number when mapping, supporting multiple IPs on WAN, etc.)
>Installing
>>> is fairly trivial now, plenty of tools for multiple operating
>systems
>>> and OpenWRT now has Lua scripts to give you a web configuration
>system
>>> so you technically don't have to fiddle with terminal access.  It
>took
>>> me almost as much time to set up the wiring for the firmware as it
>did
>>> to install the firmware itself.  Customizing took a little time but
>>> for most applications it's not bad.
>> I'm still running the original firmware because, if I understand
>OpenWRT
>> it uses iptables, which is probably the most non intuitive, complex
>and
>> frustrating software on the planet.  The firmware for the Linksys has
>> the right idea.  Fill in the blanks for what ports you want routed to
>> where, and block the rest, not some arcane stuff like:
>>
>> # iptables -A INPUT -i eth0 -s x.y.z.s/32 -j DROP
>> iptables -A INPUT -i eth0 -s x.y.z.c/32 -j DROP
>> iptables -A INPUT -i eth0 -s 192.168.0.0/24 -j DROP
>> iptables -A INPUT -i eth0 -s 127.0.0.0/8 -j DROP
>> # iptables -A INPUT -i eth0 -s x.y.z.s/32 -j DROP
>> iptables -A INPUT -i eth0 -s x.y.z.c/32 -j DROP
>> iptables -A INPUT -i eth0 -s 192.168.0.0/24 -j DROP
>> iptables -A INPUT -i eth0 -s 127.0.0.0/8 -j DROP
>>
>> Total unnecessary gibberish.  Designed to keep sys admins employed!
>
>Eh, you get used to it.  Unfortunately Linksys' firmware does not allow
>
>port remapping, just 1-to-1 mapping.  For example, if I want to have a 
>web server on public IP port 8080, the internal host has to be running
>a 
>web server also on port 8080 because Linksys' firmware won't let me 
>change it on the fly.  However, iptables does let me change it so my 
>internal server can use the default 80 (good for viewing the server
>from 
>another internal machine without remembering which port I used) while 
>the external link can stay at 8080.
>
>However, the OpenWRT project DID create Lua/web scripting that
>automates 
>the whole iptables process so it looks very much like what you describe
>
>of Linksys' firmware interface so you don't have to touch the bare 
>command line if you don't want to.

I think my netgear and asus consumer routers can do port remapping with stock firmware.  I'd have to check to be sure.

Ron



--

Sent from my Android Acer A500 tablet with bluetooth keyboard and K-9 Mail.
Please excuse my potential brevity if I'm typing on the touch screen.

(PS - If you email me and don't get a quick response, you might want to
call on the phone.  I get about 300 emails per day from alternate energy
mailing lists and such.  I don't always see new email messages very quickly.)

Ron Frazier
770-205-9422 (O)   Leave a message.
linuxdude AT techstarship.com
Litecoin: LZzAJu9rZEWzALxDhAHnWLRvybVAVgwTh3
Bitcoin: 15s3aLVsxm8EuQvT8gUDw3RWqvuY9hPGUU




More information about the Ale mailing list