Details are included in the preliminary document. In short, we would like someone to create a prototype using one of several cheap microdevices (listed in document) that can be attached in-line to an existing device with an Ethernet connection and "share" the connection as well as secure (and re-route) specific types of communications. There are good reasons why a micro-VPN is not what we would like and this is NOT for a man-in-the-middle attack (otherwise, we'd just purchase a bunch of packet-squirrels), this, as explained in the document and which I am happy to explain further, so that we can secure legacy devices which for a number of reasons we cannot update and for which VPN appliances are impractical and/or not desired.
NOTE: If you are able to meet most or all of the functional requirements by simply setting up bridge and/or tunnel interfaces and setting up the appropriate ebtables or iptables rules (which should be possible), we would still like s prototype which can reasonably be configured, preferably by a program (c, c++, Python, etc.) and not a series of bash scripts.
Language is not important, but the ability to understand Ethernet transport layer and TCP/IP and UDP is.
Part one is JUST the portion that allows for sharing the Ethernet connection (IP address and MAC) of the attached device. If I can connect the SECBOX to DEV and NET, have it behave as a transparent bridge except for the communications with specific interface:source:dest combinations and if I can have a process on SECBOX send and receive communication to and from those special addresses using the MAC and IP of the DEV. That's all for part one.
I think that this can mostly be done by setting up a bridge, possibly a tun device (depending on how you want to do it, I don't really care), some ebtables/iptables rules and some routing rules.
Delivery is just what is needed to set this up on any Linux device (not just OpenWRT, of pfSense, for example) and something that shows we can send and receive to special addresses without those packets/frames getting to DEV.
Bonus: Show that SECBOX can make a DNS request without making it impossible for DEV to make a DNS request.
I have a few working prototypes:
One in pure c
One in pure python
One using python to configure iptables/ebtables with bridge/tunnel setup
The pure python/c ones worked well and did almost everything, but outside of kernel space, so they drop/miss packets and can't do the kernel based routing.
The ebtables/iptables version is not working any more and I don't want to debug / figure this out.
Parts TWO and THREE are the more involved implementations with the mini-firewall setup, and reconfiguration [login to view URL] then NAT puch-through and rendezvous capabilities both of which are further down the road. After having some back and forth with some colleague and my adviser on Freelancer, I think I need to write them (parts two and three) out as separate bids. I may even be posting them as time and material.
NOTE: The intention is to eventually take this to a custom SOC implementation with the "link sharing" portion being FPGA programmed in and the rest (SPROC(s) in the doc) running on an ARM with a mcro linux kernel.
origintal: oldbox-----Internet new: oldbox---SECBOX---internet I can develop this in my office I have a free linux server with multiple nics to use for development (dellrc200) to use as SECBOX-DEV . I will us Daha Fazla
Bu iş için 10 freelancer ortalamada $1547 teklif veriyor
Hi there, I have checked the details I have great experience with Computer Security, Linux, Network Administration, Python. Please start the chat so we can discuss this job more in detail. Thanks