On Mon, 11 Sep 2017 10:26:22 -0500
Christopher Snell <chris.snell@gmail.com> wrote:
> Hi,
>
> I have an AT&T fiber connection at home that relies on a crappy,
> proprietary, and insecure [1] router that does proprietary
> authentication with upstream equipment via EAP over 802.1x. Some
> folks have figured out how to bypass it by putting the AT&T router
> behind their actual firewalls and proxying the 802.1x packets to/from
> the AT&T device, thus faking out the upstream gateway.
>
> Unfortunately, the common solution [2] for this is Linux-specific and
> relies on their PF_RING stuff. I was hoping to proxy this protocol in
> OpenBSD without having to use something slow like pcap. As far as I
> can tell from reading man pages, PF does not support this network
> layer protocol (0x888E). Does anybody have any ideas on how I might
> efficiently capture these packets and copy them to another interface?
>
> Chris
>
> [1] https://www.nomotion.net/blog/sharknatto/
> [2] https://github.com/jaysoffian/eap_proxy
Hi,
not exactly answer to your question, but:
I have similar situation, where my ISP gives me crappy device whose
uplink is ADSL, and downlink is ethernet. By default, it does
PAP-authenticated ppooe, NAT and ingress filtering on uplink.
I managed to configure this device in 'bridge mode', and put
two-nic (PC Engines' APU2) OpenBSD firewall behind it, which
calls pppoe, NATs, filters, etc. The rest of my home LAN plugs into
internal interface of mentioned firewall.
ISP--adsl
I still can't secure ISP's device, but I can filter traffic which
enters and leaves my LAN.
Regards,
--
Before enlightenment - chop wood, draw water.
After enlightenment - chop wood, draw water.
Marko Cupać
https://www.mimar.rs/
No comments:
Post a Comment