Monday, May 13, 2013

How to Secure IP Binding for Mac using IPFW

There is an easy way to achieve IP binding on Mac, e.g. to prevent filesharing tools from down/upload in case the VPN connection is lost.

Note that this works with OpenVPN and PPTP protocol. See solutions 1 and 2 below.


Note: Disabling the IPFW firewall (flushing all firewall rules) is done by running "sudo ipfw -f f";
However, this is done by using our scripts, so you only should do this manually in a terminal window when experiencing any kind of connection problems.



Solution 1

First please download this scripts (e.g. rightclick and save as): EnableIPBinding + DisableIPBinding


Now you need to get the IP of the VPN servers you want to set IP binding for - get it e.g. from the bottom of the VPN config files
from http://hidemyass.com/vpn-config/ or from the PPTP server list page in the VPN control panel (it's the same servers)

Take a look at the 11th line from the script EnableIPBinding - it contains the IP of the Phoenix LOC1S1 server.
Now you can duplicate this 11th line and just switch the IP with the ones from your favorite servers, e.g. that the code looks like this:

sudo ipfw add 01002 allow ip from any to 184.171.165.2 dst-port 443,53,1723 out via en*
sudo ipfw add 01002 allow ip from any to 42.121.55.212 dst-port 443,53,1723 out via en*
sudo ipfw add 01002 allow ip from any to 69.242.95.11 dst-port 443,53,1723 out via en*
sudo ipfw add 01002 allow ip from any to 128.95.22.65 dst-port 443,53,1723 out via en*
Save the script after making your changes.
You might still need to make both scripts executable, e.g. by running "chmod u+x EnableIPBinding" and "chmod u+x DisableIPBinding" in terminal.
Of course you need to change into the directory where you saved those files, before you can do this.

Now you can easily enable IP binding by running the script EnableIPBinding,
and disable it by just running the script DisableIPBinding.




Solution 2

First please download this script (e.g. rightclick and save as): bind.sh
Save it into a specific folder where you can find it later, e.g. on the Desktop.

Now you need to get the IP of the VPN servers you want to set IP binding for - get it e.g. from the bottom of the VPN config files
from http://hidemyass.com/vpn-config/ or from the PPTP server list page in the VPN control panel (it's the same servers)

Take a look at the 8th line from the script - it contains the IP of the Phoenix LOC1S1 server. Open it with your favorite text editor.
Now you can duplicate this 8th line and just switch the IP with the ones from your favorite servers, e.g. that the code looks like this:

ipfw add 01002 allow ip from any to 184.171.165.2 dst-port 443,53,1723 out via en*
ipfw add 01002 allow ip from any to 42.121.55.212 dst-port 443,53,1723 out via en*
ipfw add 01002 allow ip from any to 69.242.95.11 dst-port 443,53,1723 out via en*
ipfw add 01002 allow ip from any to 128.95.22.65 dst-port 443,53,1723 out via en*

Now, open a terminal window. Change into the folder where you saved the script earlier (e.g. Desktop)
Then run the script with the parameter "enable" to enable IP binding, e.g.
sudo bash bind.sh enable

To disable it, run
sudo bash bind.sh

No comments:

Post a Comment