debian router installed trying to make sense of how its setup

Posted on 2005-04-18
Last Modified: 2010-03-17
i am helping a customer and thier current computer guy has abandon them !
I went in to eval the network and they have two subnet networks.

Main DSL line -> 10/100 SWITCH ->
-> external machine
->external machine
-> internal linux debian router -> .57 network switch -> .100 network switch
all current computers are in the pool of 100 network and are DHCP except one or two.
a few are DHCP and have pcanywhere remote host running and the users use them actively from home to work !

trouble is the debian machine has no cdrom only two usb ports etc...its a slim server case missing the cdrom for security purposes. the bios has removable storage device as first boot then the hard drive.

i was thinking of finding a way to reset the password for the debian machine (root) but even when i accomplish that im unsure where or what would i be looking for ?
this router has two nics one for a static ip and one for the .100 switch

Does anyone know what popular router programs or builtin devices that debian has that this old computer guy might of used ?

My question is where do i start on tracking down what this guy used for a router ?
ip tables ? or something ?

im familar with redhat and fedora distro but i dont use iptables nor have i played much with them ive always purchased a commercial router and used that instead...
any help would be appriceated.
Question by:aot2002
    LVL 6

    Assisted Solution

    I think this guy used iptables (or ipchains that is more probably) for masquerading (NAT) - to let users from internal network use some services from external machines and Internet connection.
    To start looking:
    #ipchains -L -v
    #iptables -L -v
    this will list firewall rules if any.
    when you'll find out which of them that guy used - go to /etc/init.d and try to find firewall script. Most probably it is invoked from /etc/init.d/networking or /etc/init.d/iptables or smth like this.

    LVL 9

    Accepted Solution

    As for resetting the root password, if the machine is using LILO to boot, this method may work:

    When you see the LILO prompt hit shift, then type

    linux init=/bin/bash

    then once the system is up do

    mount / -o remount,rw

    then edit /etc/shadow and delete all the stuff between the first and
    second colons,


    mount / -o remount,ro


    when it comes up login as root (you shouldn't be prompted for a password).
    LVL 9

    Expert Comment

    Atlernatively, you could temporarily run the box w/ the case open and a CD drive hanging out of it/balanced on top, etc...however you have room to plug in the cables and have the drive more or less level.  Then boot from a live cd (knoppix, gentoo, etc...basic procedure will be the same) and do:  (might need to change mount directory name depending on the live cd you use)

    mount /dev/hda /mnt/gentoo
    chroot /mnt/gentoo /bin/bash

    (obviously you'd need to download and burn a live cd first.)

    The same can be done via floppy (much less of a download than a cd iso!) but you didn't mention if it had a floppy drive (of course you could temporarily throw one in just as with the cd).
    LVL 9

    Expert Comment

    by:fixnix has floppy images (grab rescue.bin and root.bin...might not need root.bin but it's been a while since I've messed w/ floppies so you may need both...I just forget)

    dos/windows util to write the floppy image to disk:

    (grab rawrite and read the txt file for instructions)

    then from the root shell you get you can:

    mkdir /mnt/blah
    mount /dev/hda /mnt/blah    (/dev/hda is for IDE, /dev/sda for SCSI)
    chroot /mnt/blah /bin/bash

    just as above.
    LVL 1

    Author Comment

    i have a usb superdisk 120mb on the disk and ive downloaded the damn small linux
    can i use that distro?

    also is there some reason i wouldnt be able to get an internet connection when switching the linux machine into a real router? i've setup the settings for the DSL DNS and static ip info but i couldnt reach the net?
    do i need to shutoff the network switch and reboot the client computers?

    LVL 1

    Author Comment

    i did check the bios for a bootable usb device i just didnt know if a super disk was bootable?
    LVL 9

    Expert Comment

    sometimes superdisks will work like a champ....sometimes they won't...depends mostly on the BIOS.

    You should be able to use damn small linux....and setting your static IP settings should be no problem, but possibly the distro you used improperly identifies the network card or passes the wrong parameters to it leaving it in a configurable but broken state.  You could try to troubleshoot the distro (searching help forums for proper nic parameters to pass at boot with your hardware, usually) or it may be easier just to download a different could go either way :(

    *any* distro (well, any for x86 architecture that matches your hardware.....686 optimized distros won't boot on a 386, obviously) in theory should work just fine....but here in the real world, things don't always go as they "should".  I'd google for "Damn small linux" +realtek (or whatever your nic is) "kernel options" and see what help forum links turn up...if nothing appropriate hits, personally I'd d/l another distro and repeat instead of fidgeting around w/ the DSL you already downloaded.

    Don't LS 120's also read standard 1.44MB floppies?  Try booting to a floppy image I posted above....or floppies from any modern distro (you can use slackware or redhat rescue floppies to fix a debian box.....distro doesn't really matter, all ya gotta do is have a root shell to chroot to & reset the password)
    LVL 1

    Author Comment

    i also have a thumb drive too....1gig ...didnt know if this was something worth using too.
    I also have an USB 2.0 hard drive 6gig blank not sure if this too would work better?

    i dont know alot about linux boot devices so im just wondering what your opinion is on this?

    the nic looks like INTEL well not that it matters much since im only resetting the password.

    most importantly is the fact the entire system is hooked to the net and i need to make sure its quite secure too like hidden users or something?
    is there a command for listing all users beside looking at /etc/password

    i could run checkrootkit too.

    LVL 9

    Expert Comment

    weather or not you can boot to a USB hard drive or thumb drive really won't matter what OS you try to boot to...if your BIOS and device are able to be booted from, then it should boot weather you've got a windows, dos, linux, be, rhapsody, or any other os boot environment.

    I'm not aware of any method of having a user that isn't listed in /etc/passwd.  Having a username and password isn't the only way to have access to the system though.  The prior admin could have, for example, set up a shell that listens on a certain port or calls back to a preconfigured IP address...or even other ports listening for a special packet sequence that trigger binding a shell to a port, etc.  Basically, if you don't trust *anyone* that had root access on the box at *any* time since the OS installation, the box isn't necessarily yours and there's no way to be 100% certain there are *no* backdoors.  You can run a bunch of root kit detectors, boot to a live cd and compare binary file sizes and hashes to your heart's content....but you'll never be able to completely check every script and binary....and even if you could, that wouldn't ensure no unknown exploits have been used.  

    Most would argue that your only course of action if a prior admin left on bad terms is to back up the data and reformat from known good media.  There could be one rarely used command binary that was replaced with one that wipe out the hard drive, an innocent looking cron job that does something similar or even some disasterous event that won't get triggered for 9 months, etc.  The possibilities are endless.  Probably not what you wanted to hear, but that's how it is.

    If you decide not to reformat for whatever reasons, to update debian packages that are currently installed, issue the comands 'apt-get update' and 'apt-get upgrade'.  The first will grab the updated list of packages and the second will upgrade currently installed packages with newer versions available.
    LVL 1

    Author Comment

    ok understandable.....

    i have a 133mhz toshibia sonicwall router/VPN device.....which i was going to replace this router with.
    but after looking at the specs on the linux router in place i see its a 2.4gig P4 512mb RAM etc....

    would a huge performance decrease go or would this router be able to handle this?

    i will check the linux system uptime performance but i would imagine a simple vpn router could handle up to 15 users ?
    were NOT USING VPN AND DONT PLAN TOO, but since they had the router there i assumed it would be a quick replacement for this machine and use the linux box for better purposes.

    Whats your opinion?
    LVL 1

    Author Comment

    ohh i also have a 50 user vpn sonicwall there maybe that would work better?
    LVL 9

    Expert Comment

    if all it's doing is routing (and even VPN for a few users) it doesn't take much power.  I have a 96 meg P75 I have IPCop (very small linux firewall distro configurable via a web interface with lots of 3rd party addons at my old office with about 10 users and 3 VPN tunnels.  It has plenty of breathing room.  Now i you were to use a web proxy or content filtering addon, the resources required would go up substantially, but for just routing and a few VPN's if doesn't take much power.  I know I'm talking from a linux perspective...but I couldn't imagine the sonicwall having much different hardware requirements, especially in a small office like you described.

    Personally, I'd use the 133MHz sonicwall and free up the P4 to do something else (and I'd reformat it since it is unknown what might have been done to it).  Just my opinion.  Thx for the points!  Sounds like you were able to reset the root password okay :)

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
    Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now