Search found 1408 matches

by Gordon
30 Nov 2011, 04:39
Forum: B2 & B3 Support
Topic: OpenVPN / PPTP
Replies: 8
Views: 5556

Re: OpenVPN / PPTP

I'm not fully getting the 'hide behind another IP' bit? As far as limiting what services can pass through the tunnel that would be managed by netfilter (iptables/xtables) rules. A complicating factor in this might be that some of the services are strictly bound to the internal network interface (eth...
by Gordon
25 Nov 2011, 04:58
Forum: Howtos
Topic: IPsec HowTo
Replies: 1
Views: 4142

Installing OpenSwan with KLIPS

Let's start with some cut-and-paste from the 'Make Strongswan start on a B3' Wiki page. Note: I'm switching display definition for easy copying of the commands. If you see a Number Sign ('#') mentioned in a code box then what follows is a comment and will also be treated as such if you copy it on th...
by Gordon
25 Nov 2011, 04:57
Forum: Howtos
Topic: IPsec HowTo
Replies: 1
Views: 4142

IPsec HowTo

Yes, I know there is a Wiki on this, but this is something else and I should probably therefore call it (Yet) Another IPsec HowTo. I won't, and I will also not write my own Wiki on this because frankly I cannot be certain if what I'm writing here will be fully complete. If someone can verify that th...
by Gordon
24 Nov 2011, 13:03
Forum: B2 & B3 Support
Topic: Bugs in IPSec HowTO (on wiki) and some questions
Replies: 10
Views: 5397

Re: Bugs in IPSec HowTO (on wiki) and some questions

I'll start a draft of what I (think I) did on the Howtos forum.

Should probably be a different wiki item anyway, since I'm now using OpenSwan instead of StrongSwan (FeatureComparison)
by Gordon
24 Nov 2011, 10:05
Forum: B2 & B3 Support
Topic: Bugs in IPSec HowTO (on wiki) and some questions
Replies: 10
Views: 5397

Re: Bugs in IPSec HowTO (on wiki) and some questions

Hi Johannes, I was actually misreading Morgan's post in thinking that he was already at it. Problem is that I already changed so much on my B3, that in most cases I could no longer be sure that anything I'd put on the wiki would be complete (and no, I'm not about to reset it to factory and retrace w...
by Gordon
23 Nov 2011, 13:24
Forum: B2 & B3 Support
Topic: Bugs in IPSec HowTO (on wiki) and some questions
Replies: 10
Views: 5397

Re: Bugs in IPSec HowTO (on wiki) and some questions

Warnings are quite normal when compiling the kernel. Most often you'll see things like something something defined but never used. I agree with that it is a shame that you need to compile the kernel, but there should actually not be a need for recompiling all the modules that are already there. You ...
by Gordon
21 Nov 2011, 13:49
Forum: B2 & B3 Support
Topic: /admin path hijacked for all hostnames
Replies: 7
Views: 2860

Re: /admin path hijacked for all hostnames

Should probably make this a feature request, to have all the bubba stuff consolidated to the bubba vhost definition. If I can add to this, it would also be nice to have the https section in a separate vhost definition file.
by Gordon
19 Nov 2011, 17:18
Forum: B2 & B3 Feature Requests
Topic: Decent iptables script
Replies: 31
Views: 10976

Re: Decent iptables script

ah yeah, i meant that... *dumb* Kinda weird: the last time i did a ifdown br0; ifup br0 it started looking for a dhcp server, even though there is no mention of dhcp in interfaces for br0 or eth1. I recognize that. Can be quite confusing and I am currently struggling with a rather important server ...
by Gordon
19 Nov 2011, 16:22
Forum: B2 & B3 Feature Requests
Topic: Decent iptables script
Replies: 31
Views: 10976

Re: Decent iptables script

Ubi wrote:You mean the INPUT -i eth0 -j accept?
I added the eth1 hoping *something* would improve
Nope. eth0 is the WAN interface. You need to add br0 for LAN (and wireless) access. Adding eth1 does nothing.
by Gordon
19 Nov 2011, 15:46
Forum: B2 & B3 Feature Requests
Topic: Decent iptables script
Replies: 31
Views: 10976

Re: Decent iptables script

@gordon: sorry did not work. Strange, it should have. But your firewall script is wrong. I'm guessing this one belongs to B2 or B3 withouth WiFi since it has a rule for eth1, but this interface doesn't have an IP of its own since it's paired with wlan0 to form bridge br0. It's the bridge interface ...
by Gordon
19 Nov 2011, 12:02
Forum: B2 & B3 Feature Requests
Topic: Decent iptables script
Replies: 31
Views: 10976

Re: Decent iptables script

If you have SSH you can try the following:

On the B3:

Code: Select all

ip route replace [WAN-net] dev eth0 src [LAN-IP]
On the Windows workstation:

Code: Select all

route add [B3-LAN-IP] mask 255.255.255.255 [B3-WAN-IP]
This should enable you to access the admin page by accessing [B3-LAN-IP] with your web browser.
by Gordon
18 Nov 2011, 07:35
Forum: B2 & B3 Feature Requests
Topic: Decent iptables script
Replies: 31
Views: 10976

Re: Decent iptables script

Did you guys agree on a feature request here, that I should add to my list? I briefly read up on shorewall, but coming from a hardware background I can't say i understand the benefits for users other than the tech savvy like you, who would take advantage of the under-the-hood capabilities. Do I mis...
by Gordon
18 Nov 2011, 04:29
Forum: B2 & B3 Feature Requests
Topic: Decent iptables script
Replies: 31
Views: 10976

Re: Decent iptables script

My bad; won't do it again.

Still something good has come out of this. I learned some new Swedish words and am intrigued by surströmming. Should definitely try to get my hands on some.
by Gordon
18 Nov 2011, 02:32
Forum: B2 & B3 Feature Requests
Topic: Decent iptables script
Replies: 31
Views: 10976

Re: Decent iptables script

RandomUsername wrote:OT but; falukorv?
I have absolutely no idea. A mod joke?
by Gordon
17 Nov 2011, 17:40
Forum: B2 & B3 Feature Requests
Topic: Decent iptables script
Replies: 31
Views: 10976

Re: Decent iptables script

Thing is that Shorewall will break up the tables by defining directions between what is called zones: where do you come from and where do you want to go? Every rule you create thereafter is based on one of these directions and you never ever get to touch the original INPUT, OUTPUT, FORWARD, PREROUTI...