New user's registration have been closed due to high spamming and low trafic on this forum. Please contact forum admins directly if you need an account. Thanks !
Search found 1526 matches
- 25 Nov 2011, 04:57
- Forum: Howtos
- Topic: IPsec HowTo
- Replies: 1
- Views: 7146
IPsec HowTo
Yes, I know there is a Wiki on this, but this is something else and I should probably therefore call it (Yet) Another IPsec HowTo. I won't, and I will also not write my own Wiki on this because frankly I cannot be certain if what I'm writing here will be fully complete. If someone can verify that th...
- 24 Nov 2011, 13:03
- Forum: B2 & B3 Support
- Topic: Bugs in IPSec HowTO (on wiki) and some questions
- Replies: 10
- Views: 14179
Re: Bugs in IPSec HowTO (on wiki) and some questions
I'll start a draft of what I (think I) did on the Howtos forum.
Should probably be a different wiki item anyway, since I'm now using OpenSwan instead of StrongSwan (FeatureComparison)
Should probably be a different wiki item anyway, since I'm now using OpenSwan instead of StrongSwan (FeatureComparison)
- 24 Nov 2011, 10:05
- Forum: B2 & B3 Support
- Topic: Bugs in IPSec HowTO (on wiki) and some questions
- Replies: 10
- Views: 14179
Re: Bugs in IPSec HowTO (on wiki) and some questions
Hi Johannes, I was actually misreading Morgan's post in thinking that he was already at it. Problem is that I already changed so much on my B3, that in most cases I could no longer be sure that anything I'd put on the wiki would be complete (and no, I'm not about to reset it to factory and retrace w...
- 23 Nov 2011, 13:24
- Forum: B2 & B3 Support
- Topic: Bugs in IPSec HowTO (on wiki) and some questions
- Replies: 10
- Views: 14179
Re: Bugs in IPSec HowTO (on wiki) and some questions
Warnings are quite normal when compiling the kernel. Most often you'll see things like something something defined but never used. I agree with that it is a shame that you need to compile the kernel, but there should actually not be a need for recompiling all the modules that are already there. You ...
- 21 Nov 2011, 13:49
- Forum: B2 & B3 Support
- Topic: /admin path hijacked for all hostnames
- Replies: 7
- Views: 8579
Re: /admin path hijacked for all hostnames
Should probably make this a feature request, to have all the bubba stuff consolidated to the bubba vhost definition. If I can add to this, it would also be nice to have the https section in a separate vhost definition file.
- 19 Nov 2011, 17:18
- Forum: B2 & B3 Feature Requests
- Topic: Decent iptables script
- Replies: 31
- Views: 38051
Re: Decent iptables script
ah yeah, i meant that... *dumb* Kinda weird: the last time i did a ifdown br0; ifup br0 it started looking for a dhcp server, even though there is no mention of dhcp in interfaces for br0 or eth1. I recognize that. Can be quite confusing and I am currently struggling with a rather important server ...
- 19 Nov 2011, 16:22
- Forum: B2 & B3 Feature Requests
- Topic: Decent iptables script
- Replies: 31
- Views: 38051
Re: Decent iptables script
Nope. eth0 is the WAN interface. You need to add br0 for LAN (and wireless) access. Adding eth1 does nothing.Ubi wrote:You mean the INPUT -i eth0 -j accept?
I added the eth1 hoping *something* would improve
- 19 Nov 2011, 15:46
- Forum: B2 & B3 Feature Requests
- Topic: Decent iptables script
- Replies: 31
- Views: 38051
Re: Decent iptables script
@gordon: sorry did not work. Strange, it should have. But your firewall script is wrong. I'm guessing this one belongs to B2 or B3 withouth WiFi since it has a rule for eth1, but this interface doesn't have an IP of its own since it's paired with wlan0 to form bridge br0. It's the bridge interface ...
- 19 Nov 2011, 12:02
- Forum: B2 & B3 Feature Requests
- Topic: Decent iptables script
- Replies: 31
- Views: 38051
Re: Decent iptables script
If you have SSH you can try the following:
On the B3:
On the Windows workstation:
This should enable you to access the admin page by accessing [B3-LAN-IP] with your web browser.
On the B3:
Code: Select all
ip route replace [WAN-net] dev eth0 src [LAN-IP]
Code: Select all
route add [B3-LAN-IP] mask 255.255.255.255 [B3-WAN-IP]
- 18 Nov 2011, 07:35
- Forum: B2 & B3 Feature Requests
- Topic: Decent iptables script
- Replies: 31
- Views: 38051
Re: Decent iptables script
Did you guys agree on a feature request here, that I should add to my list? I briefly read up on shorewall, but coming from a hardware background I can't say i understand the benefits for users other than the tech savvy like you, who would take advantage of the under-the-hood capabilities. Do I mis...
- 18 Nov 2011, 04:29
- Forum: B2 & B3 Feature Requests
- Topic: Decent iptables script
- Replies: 31
- Views: 38051
Re: Decent iptables script
My bad; won't do it again.
Still something good has come out of this. I learned some new Swedish words and am intrigued by surströmming. Should definitely try to get my hands on some.
Still something good has come out of this. I learned some new Swedish words and am intrigued by surströmming. Should definitely try to get my hands on some.
- 18 Nov 2011, 02:32
- Forum: B2 & B3 Feature Requests
- Topic: Decent iptables script
- Replies: 31
- Views: 38051
Re: Decent iptables script
I have absolutely no idea. A mod joke?RandomUsername wrote:OT but; falukorv?
- 17 Nov 2011, 17:40
- Forum: B2 & B3 Feature Requests
- Topic: Decent iptables script
- Replies: 31
- Views: 38051
Re: Decent iptables script
Thing is that Shorewall will break up the tables by defining directions between what is called zones: where do you come from and where do you want to go? Every rule you create thereafter is based on one of these directions and you never ever get to touch the original INPUT, OUTPUT, FORWARD, PREROUTI...
- 17 Nov 2011, 13:48
- Forum: B2 & B3 Feature Requests
- Topic: Decent iptables script
- Replies: 31
- Views: 38051
Re: Decent iptables script
Depends on your definition of ´simple setup´. It has a ´trusted´ (LAN) and a 'non-trusted' (WAN) interface, so it has all the elements in it that Shorewall is designed for. I know you are an advocate of the Keep-It-Simple policy, but there's also a thing called oversimplifying which is a main cause ...
- 17 Nov 2011, 12:40
- Forum: B2 & B3 Feature Requests
- Topic: Decent iptables script
- Replies: 31
- Views: 38051
Re: Decent iptables script
Sorry to say, but *every* firewall script may eventually cause you to be locked out. I must admit though that this one is particularly stupid in that it saves dynamically/user added rules on shutdown. The trouble with standard firewall settings is that are too general. This was the case with ipfw, w...