Note:
As the category suggest this is nearly a hack/fun/for testing only.
Per my quest to use ClearOS on a device with a single nic, I thought to my self, why not try clearos with arpspoofing. It is usually used for MITM attacks, but it essentially spoofs the gateway passing all traffic through the device hosting the aprsoof. So in theory you could use a device with one nic +arpspoof+ clear os for gateway services right? Everyone who Ive talk to say no, you can't but they have no reason/proof that it won't work. If you know WHY this won't work, please let me know and I will rest my quest.
The theory around this test is, arpspoof should be working on layer 2 and man in the middle software that is used if not a simple tcpdump works off layer 7, correct. So all if setup correctly, all traffic headed to gateway 192.168.1.254 should go through 192.168.1.154, then off to 192.168.1.254, in which ClearOS gateway services should work.
I have created and tested arpsoof via terminal on ClearOS device. I had to launch three terminals. I used tcpdump and confirmed that if I go to google.com from 192.168.1.100 then it goes through 192.168.1.154(Thinking its gateway), then off to 192.168.1.254(gateway to internet) and vice versa. This setup works.
However if ClearOS as standlone , setup gateways services such as Content Filtering, and blocked google.com IP while the arpsoof is setup via clearOS terminal, content filtering does not block google.com on 192.168.1.100, even through tcpdump see the traffic from 192.168.1.100 to .154 to .254 and vice versa. Could this be a ClearOS Configuration?
Here are my questions.
1.) To use gateway services in ClearOS does the config need to be setup for gateway?
2.) Are there technical documents that share the difference of standalone vs gateway?
Any suggestions? I'll update once I find/test other possible resolutions.
Thanks!
As the category suggest this is nearly a hack/fun/for testing only.
Per my quest to use ClearOS on a device with a single nic, I thought to my self, why not try clearos with arpspoofing. It is usually used for MITM attacks, but it essentially spoofs the gateway passing all traffic through the device hosting the aprsoof. So in theory you could use a device with one nic +arpspoof+ clear os for gateway services right? Everyone who Ive talk to say no, you can't but they have no reason/proof that it won't work. If you know WHY this won't work, please let me know and I will rest my quest.
The theory around this test is, arpspoof should be working on layer 2 and man in the middle software that is used if not a simple tcpdump works off layer 7, correct. So all if setup correctly, all traffic headed to gateway 192.168.1.254 should go through 192.168.1.154, then off to 192.168.1.254, in which ClearOS gateway services should work.
I have created and tested arpsoof via terminal on ClearOS device. I had to launch three terminals. I used tcpdump and confirmed that if I go to google.com from 192.168.1.100 then it goes through 192.168.1.154(Thinking its gateway), then off to 192.168.1.254(gateway to internet) and vice versa. This setup works.
However if ClearOS as standlone , setup gateways services such as Content Filtering, and blocked google.com IP while the arpsoof is setup via clearOS terminal, content filtering does not block google.com on 192.168.1.100, even through tcpdump see the traffic from 192.168.1.100 to .154 to .254 and vice versa. Could this be a ClearOS Configuration?
Here are my questions.
1.) To use gateway services in ClearOS does the config need to be setup for gateway?
2.) Are there technical documents that share the difference of standalone vs gateway?
Any suggestions? I'll update once I find/test other possible resolutions.
Thanks!
Share this post:
Responses (5)
-
Accepted Answer
-
Accepted Answer
@Dave Loper. Correct me if I am wrong. trustedgateway needs two NICs? Seeing I'm doing this with one NIC , if I setup two VLANs via CentOS instructions this would give the appearance of two LANS even thought I have one NIC? Or can I do this is ClearOS webconfig?
trustedgateway is transparent mode right?
What I am reading is that I need to use gateway mode or trustedgateway in order to get the gateway services to work?
VLAN should work .
How do you configure VLAN's in ClearOS? I'm thinking of setting up two NICS - 1 NIC 1 USB NIC. Selecting Gateway during install. Then setting up VLANS as one WAN(V:10) and LAN(V:99). Then ditching the USB NIC. I will then use a switch to test. Now this is only half of the puzzle. Trustedgateway is the answer it looks like. Next step would be to use trustedgateway
If I'm making this way to difficult, please let me know.
Thanks,
Ben. -
Accepted Answer
You may need to employ the hidden 'trustedgateway' mode in order to get it to work.
https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_o_clearbox_as_a_transparent_inline_bridge
https://tracker.clearos.com/view.php?id=10061 -
Accepted Answer
-
Accepted Answer
Well done! 
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »