Torikun | anyone good with iptables herE? | 02:52 |
---|---|---|
akk | I wish I were ... or knew anybody who was that I could pounce on. :) | 02:52 |
Torikun | what is your question? | 02:53 |
Torikun | Maybe i can help | 02:53 |
Torikun | My question is that I drop all incoming connections and allow certian ports. I added rules to block China. does it batter on the order? | 02:54 |
akk | I have: laptop on wi-fi, Raspberry Pi connected to laptop via crossover ethernet cable. | 02:54 |
akk | I want: a reliable setup so that laptop can ssh to pi, and pi can gateway through laptop. | 02:54 |
akk | I have a script I cobbled together from stuff I found on the web, that works sometimes but not always. | 02:54 |
akk | I have no idea how to debug it when it fails. | 02:54 |
Torikun | all you have to do is forward over right | 02:55 |
Torikun | iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE #openvpn | 02:55 |
Torikun | that is what I do to bridge my openvpn network | 02:55 |
akk | Here's what I do now: https://github.com/akkana/scripts/blob/master/masq | 02:55 |
darthrobot | Title: [scripts/masq at master · akkana/scripts · GitHub] | 02:55 |
Torikun | looks too complicated | 02:56 |
akk | What I'd *really* like to do is: same setup, but have pi think it's on 192.168.1 (even if laptop already is) instead of 192.168.0 | 02:56 |
akk | but I've gotten the impression that's not possible. | 02:56 |
Torikun | openvpn may be a workaround | 02:57 |
Torikun | or dhcp server on laptop | 02:57 |
akk | I had the impression there was no way for the laptop to have both its wlan0 and its eth0 on 192.168.1. | 02:58 |
Torikun | if laptop is a dhcp server, the pi will get 192.168.1.x | 02:58 |
Torikun | or you can just use the forward command I posted and try to see if it will get dhcp address from your router | 02:59 |
akk | So just by setting up DHCP, it'll broadcast dhcp over both interfaces, and be happy with both interfaces on the same network number? | 02:59 |
Torikun | you can have it broadcast on eth only | 03:00 |
Torikun | since it is connected to the pi right | 03:00 |
akk | Yes, of course I'd want to do that (not give out dhcp over wi-fi) | 03:00 |
akk | but it wouldn't mind both interfaces on the same network with dhcp, even though it won't allow it without dhcp? | 03:00 |
akk | I don't understand why having a dhcp server fixes that problem. | 03:01 |
Torikun | so the pi will pull a 192.168.1.x address | 03:01 |
akk | So if I'm on wi-fi with wlan0 as 192.168.1.42 or whatever, I can just ifconfig eth0 to 192.168.1.200 (same network) and get away with it? | 03:02 |
akk | When I've tried that before, I always found that wlan0 stopped working | 03:02 |
Torikun | no | 03:02 |
akk | I assume because it didn't know how to route to the outside any more. | 03:02 |
Torikun | the iptables rule I posted is the best and easiest way | 03:02 |
Torikun | i have no issues with it on my Raspberry PI openvpn box | 03:02 |
akk | So I just need that one rule, plus a dhcp server? | 03:03 |
Torikun | https://code.google.com/p/mephistobackup/source/browse/branches/server/firewall | 03:03 |
akk | Why do I need the dhcp server -- can't the pi have a fixed address? | 03:03 |
darthrobot | Title: [firewall - mephistobackup - Mephisto Backup Utility for Linux - Google Project Hosting] | 03:03 |
Torikun | you might wanna try forwarding the interface to another interface or look at my NAT rules | 03:03 |
bkerensa | pleia2: if you have a chance at Scale could you take a photo of the Mozilla booth for me? I just want to see how it turned out | 10:48 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!