[02:52] <Torikun> anyone good with iptables herE?
[02:52] <akk> I wish I were ... or knew anybody who was that I could pounce on. :)
[02:53] <Torikun> what is your question?
[02:53] <Torikun> Maybe i can help
[02:54] <Torikun> My question is that I drop all incoming connections and allow certian ports. I added rules to block China. does it batter on the order?
[02:54] <akk> I have: laptop on wi-fi, Raspberry Pi connected to laptop via crossover ethernet cable.
[02:54] <akk> I want: a reliable setup so that laptop can ssh to pi, and pi can gateway through laptop.
[02:54] <akk> I have a script I cobbled together from stuff I found on the web, that works sometimes but not always.
[02:54] <akk> I have no idea how to debug it when it fails.
[02:55] <Torikun> all you have to do is forward over right
[02:55] <Torikun> iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE #openvpn
[02:55] <Torikun> that is what I do to bridge my openvpn network
[02:55] <akk> Here's what I do now: https://github.com/akkana/scripts/blob/master/masq
[02:55] <darthrobot> Title: [scripts/masq at master · akkana/scripts · GitHub]
[02:56] <Torikun> looks too complicated
[02:56] <akk> What I'd *really* like to do is: same setup, but have pi think it's on 192.168.1 (even if laptop already is) instead of 192.168.0
[02:56] <akk> but I've gotten the impression that's not possible.
[02:57] <Torikun> openvpn may be a workaround
[02:57] <Torikun> or dhcp server on laptop
[02:58] <akk> I had the impression there was no way for the laptop to have both its wlan0 and its eth0 on 192.168.1.
[02:58] <Torikun> if laptop is a dhcp server, the pi will get 192.168.1.x
[02:59] <Torikun> or you can just use the forward command I posted and try to see if it will get dhcp address from your router
[02:59] <akk> So just by setting up DHCP, it'll broadcast dhcp over both interfaces, and be happy with both interfaces on the same network number?
[03:00] <Torikun> you can have it broadcast on eth only
[03:00] <Torikun> since it is connected to the pi right
[03:00] <akk> Yes, of course I'd want to do that (not give out dhcp over wi-fi)
[03:00] <akk> but it wouldn't mind both interfaces on the same network with dhcp, even though it won't allow it without dhcp?
[03:01] <akk> I don't understand why having a dhcp server fixes that problem.
[03:01] <Torikun> so the pi will pull a 192.168.1.x address
[03:02] <akk> So if I'm on wi-fi with wlan0 as 192.168.1.42 or whatever, I can just ifconfig eth0 to 192.168.1.200 (same network) and get away with it?
[03:02] <akk> When I've tried that before, I always found that wlan0 stopped working
[03:02] <Torikun> no
[03:02] <akk> I assume because it didn't know how to route to the outside any more.
[03:02] <Torikun> the iptables rule I posted is the best and easiest way
[03:02] <Torikun> i have no issues with it on my Raspberry PI openvpn box
[03:03] <akk> So I just need that one rule, plus a dhcp server?
[03:03] <Torikun> https://code.google.com/p/mephistobackup/source/browse/branches/server/firewall
[03:03] <akk> Why do I need the dhcp server -- can't the pi have a fixed address?
[03:03] <darthrobot> Title: [firewall - mephistobackup - Mephisto Backup Utility for Linux - Google Project Hosting]
[03:03] <Torikun> you might wanna try forwarding the interface to another interface or look at my NAT rules
[10:48] <bkerensa> pleia2: if you have a chance at Scale could you take a photo of the Mozilla booth for me? I just want to see how it turned out