Archivio

Posts Tagged ‘firewall’

Come avere un ip pubblico con qualsiasi ISP (Fastweb, Telecom, Tiscali ecc ecc) 2

gennaio 30, 2011 41 commenti

Ho già parlato su come avere un ip pubblico con qualsiasi ISP (Fastweb, Telecom, Tiscali ecc ecc) ed ho scritto come è possibile usare la nuova (beh oramai non tanto nuova) tecnologia ipv6 per fare un tunnel ed avere un ip pubblico. Il problema con quella guida era che una volta impostato il tunnel, solo le altre persone che hanno ipv6 possono accedere al vostro server.

Dopo varie ricerche ho trovato un metodo per aggirare definitivamente questo problema: avere un indirizzo ipv6 ed essere raggiugibile da qualsiasi host connesso ad internet (ovvero far accedere al nostro server anche client ipv4). La seguente guida si basa su ubuntu Maverick e successive.

Per prima cosa bisogna installare il pacchetto gogoc. Basta installarlo da synaptic o aptitudeapt-get. Il pacchetto può essere installato anche dal terminale scrivendo:


sudo apt-get install gogoc

A gogoc sarà in grado di stabilire il tunnel ipv6 e farvi avere un ip pubblico. Per avere sempre lo stesso ipv6 pubblico però è indispensabile registrarsi su freenet6.net. Dopo esservi registrati potete registrarvi al servizio di ipv6 previa autenticazione. Questo vi assicurerà di avere sempre lo stesso indirizzo ipv6 ogni volta che vi collegate. Alla fine otterete due parametri: una username e una password.

E’ arrivato il momento di impostare i dati appena ottenuti nel file di configurazione di gogoc che si occuperà di stabilire il tunnel. Il file di configurazione di gogoc è /etc/gogoc/gogoc.conf. Il file deve essere simile al seguente:

#-----------------------------------------------------------------------------
# $Id: gogoc.conf.in,v 1.1 2009/11/20 16:53:12 jasminko Exp $
#-----------------------------------------------------------------------------

##########################      READ ME!      ################################
#
# Welcome to the gogoCLIENT configuration file.
# In order to use the client, you need to modify the 'userid', 'passwd' and
# 'server' parameters below depending on which of these situations applies:
#
# 1. If you created a Freenet6 account, enter your userid and password below.
#    Change the server name to "broker.freenet6.net" and auth_method to 'any'.
# 2. If you would like to use Freenet6 without creating an account,
#    do not make any modifications and close this file.
# 3. If this software was provided by your ISP, enter the userid, password and
#    server name provided by your ISP below.
#

########################## BASIC CONFIGURATION ################################

#
# User Identification and Password:
#   Specify your user name and password as provided by your ISP or Freenet6.
#   If you plan to connect anonymously, leave these values empty.
#   NOTE: Change auth_method option if you are using a username/password.
#
#   userid=
#   passwd=
#
userid=xxx <--- inserire qui l'username
passwd=xxx <--- inserire qui la password

#
# gogoSERVER:
#   Specify a gogoSERVER name or IP address (provided by your ISP or
#   Freenet6). An optional port number can be added; the default port number
#   is 3653.
#
#   Examples:
#     server=hostname # FQDN
#     server=A.B.C.D  # IPv4 address
#     server=[X:X::X:X] # IPv6 address
#     server=hostname:port_number
#     server=A.B.C.D:port_number
#     server=[X:X::X:X]:port_number
#
#   Freenet6 account holders should enter authenticated.freenet6.net,
#   otherwise use anonymous.freenet6.net.
#   Your ISP may provide you with a different server name.
#
#server=anonymous.freenet6.net
#server=authenticated.freenet6.net
server=amsterdam.freenet6.net

#
# Authentication Method:
#
#  auth_method=
#
#   anonymous:      Sends no username or password
#
#   any:            The most secure method will be used.
#   passdss-3des-1: The password is sent encrypted.
#   digest-md5:     The password is sent encrypted.
#   plain:          Both username and password are sent as plain text.
#
# Recommended values:
#   - any:          If you are authenticating a username / password.
#   - anonymous:    If you are connecting anonymously.
#
#auth_method=anonymous
auth_method=any

########################## ROUTING CONFIGURATION ##############################
# Use these parameters when you wish the client to act as a router and provide
# IPv6 connectivity to IPv6-capable devices on your network.

#
# Local Host Type:
#   Change this value to 'router' to enable IPv6 advertisements.
#
#   host_type=
#
host_type=host

#
# Prefix Length:
#   Length of the requested prefix. Valid values range between 0 and 64 when
#   using V6*V4 tunnel modes, and between 0 and 32 when using V4V6 tunnel mode.
#
#   prefixlen=
#
prefixlen=64

#
# Advertisement Interface Prefix:
#   Name of the interface that will be configured to send router advertisements.
#   This is an interface index on Windows (ex: 4) and a name on Linux
#   and BSD (ex: eth1 or fxp1).
#
#   if_prefix=
#
if_prefix=

#
# DNS Server:
#   A DNS server list to which the reverse prefix will be delegated. Servers
#   are separated by the colon(:) delimiter.
#
#   Example: dns_server=ns1.domain:ns2.domain:ns3.domain
#
dns_server=

######################### ADVANCED CONFIGURATION ##############################

#
# gogoCLIENT Installation Directory:
#   Directory where the gogoCLIENT will be installed. This value has been
#   set during installation.
#
gogoc_dir=

#
# Auto-Retry Connect, Retry Delay and Max Retry Delay:
#  When auto_retry_connect=yes, the gogoCLIENT will attempt to reconnect
#  after a disconnection occurred. The time to wait is 'retry_delay' and that
#  delay is doubled at every 3 failed consecutive reconnection attempt.
#  However, the wait delay will never exceed retry_delay_max.
#
#
#   auto_retry_connect=
#   retry_delay=
#   retry_delay_max=
#
#   Recommended values: "yes", 30, 300
#
auto_retry_connect=yes
retry_delay=30
retry_delay_max=300

#
# Keepalive Feature and Message Interval:
#   Indicates if and how often the client will send data to keep the tunnel
#   active.
#
#   keepalive=
#   keepalive_interval=
#
#   Recommended values: "yes" and 30
#
keepalive=yes
keepalive_interval=30

#
# Tunnel Encapsulation Mode:
#   v6v4:    IPv6-in-IPv4 tunnel.
#   v6udpv4: IPv6-in-UDP-in-IPv4 tunnel (for clients behind a NAT).
#   v6anyv4: Lets the broker choose the best mode for IPv6 tunnel.
#   v4v6:    IPv4-in-IPv6 tunnel.
#
#   Recommended value: v6anyv4
#
tunnel_mode=v6anyv4

#
# Tunnel Interface Name:
#   The interface name assigned to the tunnel. This value is O/S dependent.
#
#   if_tunnel_v6v4 is the tunnel interface name for v6v4 encapsulation mode
#   if_tunnel_v6udpv4 is the tunnel interface name for v6udpv4 encapsulate mode
#   if_tunnel_v4v6 is the tunnel interface name for v4v6 encapsulation mode
#
#   Default values are set during installation.
#
if_tunnel_v6v4=sit1
if_tunnel_v6udpv4=tun0
if_tunnel_v4v6=sit0

#
# Local IP Address of the Client:
#   Allows you to set a specific address as the local tunnel endpoint.
#
#   client_v4=
#   client_v6=
#     auto: The gogoCLIENT will find the local IP address endpoint.
#
#   Recommended value: auto
#
client_v4=auto
client_v6=auto

#
# Script Name:
#   File name of the script to run to install the tunnel interface. The
#   scripts are located in the template directory under the client
#   installation directory.
#
#   template=
#
#   Default value is set during installation.
#
template=linux

#
# Proxy client:
#   Indicates that this client will request a tunnel for another endpoint,
#   such as a Cisco router.
#
#   proxy_client=
#
#   NOTE: NAT traversal is not possible in proxy mode.
#
proxy_client=no

############################ BROKER REDIRECTION ###############################

#
# Broker List File Name:
#   The 'broker_list' directive specifies the filename where the broker
#   list received during broker redirection will be saved.
#
#   broker_list=
#
broker_list=/var/lib/gogoc/tsp-broker-list.txt

#
# Last Server Used File Name:
#   The 'last_server' directive specifies the filename where the address of
#   the last broker to which a connection was successfully established will
#   be saved.
#
#   last_server=
#
last_server=/var/lib/gogoc/tsp-last-server.txt

#
# Always Use Last Known Working Server:
#   The value of the 'always_use_same_server' directive determines whether the
#   client should always try to connect to the broker found in the
#   'last_server' directive filename.
#
#   always_use_same_server=
#
always_use_same_server=yes

#################################### LOGGING ##################################

#
# Log Verbosity Configuration:
#   The format is 'log_=level', where possible values for
#   'destination' are:
#
#   - console  (logging to the console [AKA stdout])
#   - stderr   (logging to standard error)
#   - file     (logging to a file)
#   - syslog   (logging to syslog [Unix only])
#
#   and 'level' is a digit between 0 and 3. A 'level' value of 0 disables
#   logging to the destination, while values 1 to 3 request increasing levels
#   of log verbosity and detail. If 'level' is not specified, a value of 1 is
#   assumed.
#
#   Example:
#     log_file=3   (Maximal logging to a file)
#     log_stderr=0 (Logging to standard error disabled)
#     log_console= (Minimal logging to the console)
#
#   - Default configuration on Windows platforms:
#
#     log_console=0
#     log_stderr=0
#     log_file=1
#
#   - Default configuration on Unix platforms:
#
#     log_console=0
#     log_stderr=1
#     log_file=0
#     log_syslog=0
#
#log_console=
log_stderr=0
#log_file=
#log_syslog=

#
# Log File Name:
#   When logging to file is requested using the 'log_file' directive, the name
#   and path of the file to use may be specified using this directive.
#
#   log_filename=
#
log_filename=/var/log/gogoc/gogoc.log

#
# Log File Rotation:
#   When logging to file is requested using the 'log_file' directive, log file
#   rotation may be enabled. When enabled, the contents of the log file will
#   be moved to a backup file just before it reaches the maximum log file size
#   specified via this directive.
#
#   The name of the backup file is the name of the original log file with
#   '.' inserted before the file extension. If the file does not
#   have an extension, '.' is appended to the name of the original
#   log file. The timestamp specifies when the rotation occurred.
#
#   After the contents of the log file have been moved to the backup file, the
#   original file is cleared, and logging resumes at the beginning of the file.
#
#   log_rotation=
#
log_rotation=yes

#
# Log File Rotation Size:
#   The 'log_rotation_size' directive specifies the maximum size a log file may
#   reach before rotation occurs, if enabled. The value is expressed in
#   kilobytes.
#
#   log_rotation_size=
#
log_rotation_size=32

#
# Deletion of rotated log files:
#   The 'log_rotation_delete' directive specifies that no log backup will be
#   kept. When rotation occurs, the file is immediately wiped out and a new
#   log file is started.
#
#   log_rotation_delete=
#
log_rotation_delete=no

#
# Syslog Logging Facility [Unix Only]:
#   When logging to syslog is requested using the 'log_syslog' directive, the
#   facility to use may be specified using this directive.
#
#   syslog_facility=
#
syslog_facility=USER

# end of gogoc.conf
#------------------------------------------------------------------------------

Fatto ciò basta accettare i nuovi certificati e riavviare gogoc. Basta aprire un terminale e scrivere:

sudo /etc/init.d/gogoc stop
sudo gogoc -yn

Aspettate qualche secondo/minuto fintanto che l’output del comando ifconfig non vi ritorna, tra tutti i risultati, questo:

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet6 addr: 2001:5c0:1400:b::71c7/128 Scope:Global
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1280  Metric:1
          RX packets:2085 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2084 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:1236056 (1.2 MB)  TX bytes:188816 (188.8 KB)

Questo significa che gogoc ha accettato le firme digitali del server e ha stabilito il tunnel adesso potete spegnere gogoc digitando CTRL+C nel terminale in cui avete fatto partire gogoc -yn e infine digitare:


sudo /etc/init.d/gogoc stop

sudo /etc/init.d/gogoc start

Dopo pochi secondi il vostro tunnel tornerà online, potete verificarlo come prima con il comando ifconfig. Manca davvero poco: oramai avete il vostro ip pubblico ma è sconveniente accedervi tramite il servizio offerto da freenet6 che si avvale dell’alias http://username.broker.freenet6.net. E’ molto più pratico usare un dominio da associare al nostro neo server con ip pubblico. Basta andare su dot.tk free domain per fare richiesta di un dominio .tk. Io per esempio ho registrato il dominio goshawk.tk a cui è possibile vedere il mio server casalingo.

Spero questa guida sia stata utile. Se si, cliccate il pulsante “Like” 🙂

A presto.

Fastweb: trovato il metodo per aggirare il firewall/nat ed avere un ip pubblico

maggio 11, 2010 7 commenti

UPDATE: L’articolo che spiega come fare è qui

Ho appena trovato il metodo per aggirare il firewall/nat di fastweb ed avere un indirizzo ip pubblico senza comprarlo.
Il metodo funziona su qualsiasi piattaforma e necessita di un piccolo upgrade tecnologico supportato sia da Linux che Windows (dall’xp in poi) che Mac os x.
In questo momento non ho tempo per fare un articolo dettagliato. Presto pubblicherò una guida.

%d blogger hanno fatto clic su Mi Piace per questo: