Free ip addresses software for linux

ipset pakcage is a framework inside the Linux 2.4.x and 2.6.x kernel, which can be administered by the ipset utility.
Depending on the type, currently an IP set may store IP addresses, (TCP/UDP) port numbers or IP addresses with MAC addresses in a way, which ensures lightning speed when matching an entry against a set.
If you want to:
store multiple IP addresses or port numbers and match against the collection by iptables at one swoop
dynamically update iptables rules against IP addresses or ports without performance penalty
express complex IP address and ports based rulesets with one single iptables rule and benefit from the speed of IP sets
then ipset may be the proper tool for you.
Main features:
ipmap
- The ipmap set type uses a memory range, where each bit represents one IP address and can store up to 65535 (B-class network) entries. You can store same size network addresses in an ipset as well and an IP address will be in the set if the network address it belongs to can be found in the set.
macipmap
- The macipmap set type uses a memory range, where each 8 bytes represents one IP and a MAC addresses. A macipmap set type can store up to 65535 (B-class network) IP addresses with MAC.
portmap
- The portmap set type uses a memory range, where each bit represents one port. A portmap type of set can store up to 65535 ports.
iphash
- The iphash set type uses a hash to store IP addresses where clashing is resolved by double-hashing and, as a last resort, by dynamically growing the hash. Same size network addresses can be stored in an iphash as well.
nethash
- The nethash set type also uses a hash to store CIDR netblocks, which may be of different sizes. The same techique is used to avoid clashes as at the iphash set type.
iptree
- The iptree set type uses a tree to store IP addresses, optionally with timeout values.
Bindings
IP sets allows you to bind an entry in a set to another set, which forms a relationship between the set element and the set it is bound to. The sets may have a default binding, which is valid for every set element for which there is no binding defined at all.
The bindings have no special meaning at the set level. However, you can benefit from them when using the set match of iptables. The set match will follow the bindings and will return a true (matched) value only if the packet parameters match all bindings it found.
Lets see an example:
# ipmap set storing the IP addresses of two machines
ipset -N servers ipmap --network 192.168.0.0/16
ipset -A servers 192.168.0.1
ipset -A servers 192.168.0.2
# portmap set storing the allowed ports for 192.168.0.2
ipset -N ports portmap --from 1 --to 1024
ipset -A ports 21
ipset -A ports 22
ipset -A ports 25
# Binding, which attaches ports to 192.168.0.2
ipset -B servers 192.168.0.2 -b ports
# iptables rule using the set match
...
iptables -A FORWARD -m set --set servers dst,dst -j ACCEPT
iptables -A FORWARD -j DROP
Now according to the iptables rules, sets and binding, the firewall will allow trough packets destined to any port on 192.168.0.1, while for 192.168.0.2 only the ports 21, 22 and 25 will be reachable.

IP Bandwidth Watchdog (ipband) is a pcap based IP traffic monitor. It tallies per-subnet traffic and bandwidth usage and starts detailed logging if specified threshold for the specific subnet is exceeded. If traffic has been high for a certain period of time, the report for that subnet is generated which can be appended to a file or e-mailed. When bandwidth usage drops below the threshold, detailed logging for the subnet is stopped and memory is freed.

This utility could be handy in a limited bandwidth WAN environment (frame relay, ISDN etc. circuits) to pinpoint offending traffic source if certain links become saturated to the point where legitimate packets start getting dropped.

It also can be used to monitor internet connection when specifying the range of local ip addresses (to avoid firing reports about non-local networks).

GenIP is a small utility, based on the NMap target specification code, for quickly and easily generating lists of IP addresses.

Usage:

genip [ -h ] [ -i filename ] [ < target-spec > ... ]
genip -r < ipaddress > < ipaddress >

Options:

-h
Display uage information.
-i
Read target specifications from the give filename. If a filename of "-" used, target specifications are read from standard in. Target specifications read from input files are processed in NMap mode regardless of the presence of the -r option.
-r
Specify range mode (see below).

Modes:

GenIP has two modes of operation that are detailed below:

NMap Mode (Default)

In this mode genip will expand all target specifications listed on the command line. Since genip is essentially just the NMap target parsing code it functions in exactly the same way. Here is what the NMap documentation has to say about target specification:

Everything that isnt an option (or option argument) is treated as a target host specification. The simplest case is listing single hostnames or IP addresses on the command line. If you want to scan a subnet of IP addresses, you can append /mask to the hostname or IP address. mask must be between 0 (scan the whole Internet) and 32 (scan the single host specified). Use /24 to scan a class "C" address and /16 for a class "B". There is also a more powerful notation which lets you specify an IP address using lists/ranges for each element. Thus you can scan the whole class "B" network 192.168.*.* by specifying "192.168.*.*" or "192.168.0-255.0-255" or even "192.168.1-50,51-255.1,2,3,4,5-255". And of course you can use the mask notation: "192.168.0.0/16". These are all equivalent. If you use asterisks ("*"), remember that most shells require you to escape them with back slashes or protect them with quotes.

Range Mode

In this mode two (and only two!) IP addresses must be specified, in dotted quad notation, and the output is all the addresses between the two (inclusive). This mode can be used to cross class boundaries.

Example:

In its most basic form genip simply echos the IP addresses listed on the command line:

> genip 10.1.1.1 10.3.4.5
10.1.1.1
10.3.4.5

By use one of the many expansion methods detailed above a large number of IP addresses can be generated from simple command line specifications:

> genip 10.1.1.1-3
10.1.2.0
10.1.2.1
10.1.2.2

By selecting range mode (with the use of the -r flag) it is a simple matter to generate address lists that cross class boundaries:

> genip -r 10.1.1.254 10.1.2.2
10.1.1.254
10.1.1.255
10.1.2.0
10.1.2.1
10.1.2.2

libipgeo library is written on top of the IP2LOCATION database allowing the user to do geo-targeting of IP addresses. For a given IPv4 address, libipgeo can lookup the following:

Country Code
Country
Region
City
Latitude
Longitude
ISP

NEW:libipgeo now searchs the IP2LOCATION database in O(lg n) and is TONS faster!

Included with the libipgeo distribution is a simple traceroute client that does IPv4 targeting:

[rounder:Projects/libipg/sample] root# ./trig -ien1 -LlCry 4.2.2.2 ../../IP-COUNTRY-REGION-CITY-LATITUDE-LONGITUDE-ISP-FULL/
IP-COUNTRY-REGION-CITY-LATITUDE-LONGITUDE-ISP.CSV
Trig 1.0 [geo-targeting traceroute scanner]
01: 66.123.162.113 US SAN RAMON CALIFORNIA 37.7661 -121.9730
02: 63.203.35.65 US SAN FRANCISCO CALIFORNIA 37.7002 -122.4060
03: 63.203.35.17 US SAN FRANCISCO CALIFORNIA 37.7002 -122.4060
04: 64.161.1.30 CA MONTREAL QUEBEC 45.5000 -73.5830
05: 64.161.1.54 CA MONTREAL QUEBEC 45.5000 -73.5830
06: 144.223.242.81 US KANSAS CITY MISSOURI 39.1749 -94.5804
07: 209.245.146.245 US UNKNOWN UNKNOWN 0.0000 0.0000
08: 209.244.3.137 US BROOMFIELD COLORADO 39.9135 -105.0930
09: 64.159.4.74 US SAN CLEMENTE CALIFORNIA 33.4322 -117.5780
10: 4.24.9.142 EG CAIRO AL QAHIRAH 30.0500 31.2500
11: 4.2.2.2 US PROVIDENCE RHODE ISLAND 41.8231 -71.4204

IP::Anonymous is a Perl port of Crypto-PAn to provide anonymous IP addresses.

SYNOPSIS

use IP::Anonymous;
@key = (0..31);
my $object = new IP::Anonymous(@key);
print $object->anonymize("192.0.2.0")."n";

This is a Perl port of Crypto-PAn. Crypto-PAn is a cryptography-based sanitization tool for network trace or log data. The tool has the following properties:

One-to-one

The mapping from original IP addresses to anonymized IP addresses is one-to-one.

Prefix-preserving

The IP address anonymization is prefix-preserving. That is, if two original IP addresses share a k-bit prefix, their anonymized mappings will also share a k-bit prefix.

Consistent across traces

Multiple traces can be sanitized in a consistent way, over time and across locations, even though the traces might be sanitized separately at different time and/or at different locations.

Cryptography-based

To sanitize traces, trace owners provide a secret key. Anonymization consistency across multiple traces is achieved by the use of the same key. The construction of IP::Anonymous preserves the secrecy of the key and the (pseudo)randomness of the mapping from an original IP address to its anonymized counterpart.

This Perl port of Crypto-PAn uses similar logic to that found in Crypto-PAn 1.0, but most importantly maintains consistency in the process so that regardless of implementation, using the same key in each will give consistent results.

USAGE

$object = new IP::Anonymous(@key)

Initializes the electronic codebook object with a 32 8-bit decimal array. This array, consisting of 32 decimals between 0 and 255 inclusive, is the user defined private key for this anonymization session. This 256 bit key should be kept private. The key can be used across sessions to maintain consistent mappings between the original and the anonymized IP addresses.

$object->anonymize($address)

Called with a dotted quad IP address string (e.g. 192.0.2.0). Returns an anonymized version of that IP address as a dotted quad string.

Linvpn is a secure socket layer for pppd. Linvpn project allows creation of virtual private networks by using an IP routing system between PPP network interfaces.

Cryptography is done by libgcrypts 3DES or blowfish, and Initialization Vector (IV) is changed in each packet transmission.

As linvpn works as client and server, and communication is a single TCP connection, it allows creation of secure tunnels even in complex network layouts, when one or both endpoints are behind a firewall or NAT, with or without dynamic IP addresses.
Linvpn has been tested under Linux, FreeBSD, NetBSD and OpenBSD.

IPplan is a free (GPL), web based, multilingual, TCP IP address management software and tracking tool written in php 4, simplifying the administration of your IP address space. IPplan can manage and track your IP address and has many other useful features.
IPplan goes beyond TCPIP address management including DNS administration, configuration file management, circuit management (customizable via templates) and storing of hardware information (customizable via templates).
IPplan can handle a single network or cater for multiple networks and customers with overlapping address space. Makes managing ip addresses and managing ip address space simple and easy!
Main features:
- internationalization
- importing network definitions from routing tables
- importing definitions from TAB delimited files and NMAP?s XML format
- multiple administrators with different access profiles (per group, allowing access per customer, per network etc.)
- define address space authority boundaries per group
- finding free address space across a range
- split and join networks to make them smaller and larger - ip definitions remain intact
- display overlapping address space between networks
- search capabilities
- an audit log
- statistics
- keeping track of and sending SWIP/RIPE/APNIC registrar information
- DNS administration (forward and reverse zones, import existing zones via zone transfer)
- template system to extend IPplan to contain site specific information like circuit data, host configuration data, asset information
- device configuration file management
- link addresses together via pointers - ideal for NAT
- external stylesheet to change display look
- triggers - every user event can call a user defined function - useful to execute backend DNS scripts
- external poller - scan subnets for active addresses to gather usage statistics
- IP address request system - allows users to request static IP addresses from the database