[CLUE-Tech] Wakeon LAN shell script

Dave Anselmi anselmi at americanisp.net
Fri Feb 22 19:11:52 MST 2002 

Not to complain, but the script looks incomplete.  It builds the wake
string but never sends it.  I assume it uses something like ncat for that.

Dave

Kevin Cullis wrote:

> Hi all,
>
> Will Stevenson, from OMI, talked about this wakeon LAN shell script
> during the installfest and he passed it on to me to give to you all.
> Here it is:
>
> -----------
>
> #! /bin/sh
>
> # Usage: wake <host> [<MAC address>]
> #
> # <host> can be a host name or a dotted-quad IP address.
> # If the <MAC address> is not given, it is taken from ethers(5).
> # For this to work, if you give a host name as first argument, ethers
> # has to contain host names (as opposed to IP addresses).
> #
> # Unless you have it already, you can build your ethers file like this:
> #
> # nmap -sP -PI 192.168.1.0/24   # prepare ARP cache with a ping-sweep
> # arp -a | awk '$5 == "[ether]" { printf("%s\t%s\n", $4, $1); }' \
> #        | sort >>/etc/ethers
> #
> # The 'magic packet' consists of 6 times 0xFF followed by 16 times
> # the hardware address of the NIC. This sequence can be encapsulated
> # in any kind of packet; I chose UDP to the discard port (9).
>
> if [ $# = 1 ]; then
>   ETHER=`awk "/$1/"' { gsub(":", "", $1); print $1; exit; }'
> /etc/ethers`
>   if [ -z $ETHER ]; then
>     echo "$0: host $1 is not in /etc/ethers" >&2
>     exit 1
>   fi
> else
>   ETHER=$2
> fi
>
> ETHER="${ETHER}${ETHER}${ETHER}${ETHER}"                # 4 x MAC
> ETHER="FFFFFFFFFFFF${ETHER}${ETHER}${ETHER}${ETHER}"    # Preamble + 16
> x MAC
>
> -----------
>
> I'm not a script writer yet, so most of you should understand it.  If
> not, ask away and I'll forward your comments to him.
>
> Kevin
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech


Received: from bombpop.tv (12-253-51-133.client.attbi.com [12.253.51.133])
	by clue.denver.co.us (8.9.3/8.9.3) with ESMTP id RAA10794
	for <clue-tech at clue.denver.co.us>; Fri, 22 Feb 2002 17:10:57 -0700
Received: from win (win [192.168.0.2])
	by bombpop.tv (8.11.6/8.11.2) with SMTP id g1N1OGM01181
	for <clue-tech at clue.denver.co.us>; Fri, 22 Feb 2002 18:24:16 -0700
From: "Chris" <bombpop at attbi.com>
To: "Clue-Tech at Clue.Denver.Co.Us" <clue-tech at clue.denver.co.us>
Date: Fri, 22 Feb 2002 17:21:43 -0700
Message-ID: <BPEAIIDEDDPCCHGPAPKJKEBJCBAA.bombpop at attbi.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Subject: [CLUE-Tech] Firewall
Sender: clue-tech-admin at clue.denver.co.us
Errors-To: clue-tech-admin at clue.denver.co.us
X-BeenThere: clue-tech at clue.denver.co.us
X-Mailman-Version: 2.0beta2
Precedence: bulk
Reply-To: clue-tech at clue.denver.co.us
List-Id: CLUE technical discussions, questions and answers. <clue-tech.clue.denver.co.us>

Hey guys I was wondering if you could help me out.  I'm trying to set up a
firewall for the first time.  Just something simple.  Here is what I have so
far.

============================================================================
=============
/sbin/modprobe iptable_nat

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -N block
iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A block -m state --state NEW -i ! eth0 -j ACCEPT
iptables -A block -j DROP

iptables -A INPUT -j block
iptables -A FORWARD -j block
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit
1/s -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j
ACCEPT
============================================================================
==============

the interface that the world sees is eth0
the interface that ny lan sees is eth1

Does everything look ok so far?

With this set up, I am unable to ssh to my machine from work.  How can I
allow certain ip's to connect, and how can I let certain services pass
through.  I want to let two ips pass connect.
Also say if i want to make a change to entry for nat.  How do I reload it
without having to reboot?
Any ideas?  Thanks.

More information about the clue-tech mailing list