New user's registration have been closed due to high spamming and low trafic on this forum. Please contact forum admins directly if you need an account. Thanks !

Search found 1526 matches

by Gordon
25 Nov 2011, 04:57
Forum: Howtos
Topic: IPsec HowTo
Replies: 1
Views: 7146

IPsec HowTo

Yes, I know there is a Wiki on this, but this is something else and I should probably therefore call it (Yet) Another IPsec HowTo. I won't, and I will also not write my own Wiki on this because frankly I cannot be certain if what I'm writing here will be fully complete. If someone can verify that th...
by Gordon
24 Nov 2011, 13:03
Forum: B2 & B3 Support
Topic: Bugs in IPSec HowTO (on wiki) and some questions
Replies: 10
Views: 14179

Re: Bugs in IPSec HowTO (on wiki) and some questions

I'll start a draft of what I (think I) did on the Howtos forum.

Should probably be a different wiki item anyway, since I'm now using OpenSwan instead of StrongSwan (FeatureComparison)
by Gordon
24 Nov 2011, 10:05
Forum: B2 & B3 Support
Topic: Bugs in IPSec HowTO (on wiki) and some questions
Replies: 10
Views: 14179

Re: Bugs in IPSec HowTO (on wiki) and some questions

Hi Johannes, I was actually misreading Morgan's post in thinking that he was already at it. Problem is that I already changed so much on my B3, that in most cases I could no longer be sure that anything I'd put on the wiki would be complete (and no, I'm not about to reset it to factory and retrace w...
by Gordon
23 Nov 2011, 13:24
Forum: B2 & B3 Support
Topic: Bugs in IPSec HowTO (on wiki) and some questions
Replies: 10
Views: 14179

Re: Bugs in IPSec HowTO (on wiki) and some questions

Warnings are quite normal when compiling the kernel. Most often you'll see things like something something defined but never used. I agree with that it is a shame that you need to compile the kernel, but there should actually not be a need for recompiling all the modules that are already there. You ...
by Gordon
21 Nov 2011, 13:49
Forum: B2 & B3 Support
Topic: /admin path hijacked for all hostnames
Replies: 7
Views: 8579

Re: /admin path hijacked for all hostnames

Should probably make this a feature request, to have all the bubba stuff consolidated to the bubba vhost definition. If I can add to this, it would also be nice to have the https section in a separate vhost definition file.
by Gordon
19 Nov 2011, 17:18
Forum: B2 & B3 Feature Requests
Topic: Decent iptables script
Replies: 31
Views: 38051

Re: Decent iptables script

ah yeah, i meant that... *dumb* Kinda weird: the last time i did a ifdown br0; ifup br0 it started looking for a dhcp server, even though there is no mention of dhcp in interfaces for br0 or eth1. I recognize that. Can be quite confusing and I am currently struggling with a rather important server ...
by Gordon
19 Nov 2011, 16:22
Forum: B2 & B3 Feature Requests
Topic: Decent iptables script
Replies: 31
Views: 38051

Re: Decent iptables script

Ubi wrote:You mean the INPUT -i eth0 -j accept?
I added the eth1 hoping *something* would improve
Nope. eth0 is the WAN interface. You need to add br0 for LAN (and wireless) access. Adding eth1 does nothing.
by Gordon
19 Nov 2011, 15:46
Forum: B2 & B3 Feature Requests
Topic: Decent iptables script
Replies: 31
Views: 38051

Re: Decent iptables script

@gordon: sorry did not work. Strange, it should have. But your firewall script is wrong. I'm guessing this one belongs to B2 or B3 withouth WiFi since it has a rule for eth1, but this interface doesn't have an IP of its own since it's paired with wlan0 to form bridge br0. It's the bridge interface ...
by Gordon
19 Nov 2011, 12:02
Forum: B2 & B3 Feature Requests
Topic: Decent iptables script
Replies: 31
Views: 38051

Re: Decent iptables script

If you have SSH you can try the following:

On the B3:

Code: Select all

ip route replace [WAN-net] dev eth0 src [LAN-IP]
On the Windows workstation:

Code: Select all

route add [B3-LAN-IP] mask 255.255.255.255 [B3-WAN-IP]
This should enable you to access the admin page by accessing [B3-LAN-IP] with your web browser.
by Gordon
18 Nov 2011, 07:35
Forum: B2 & B3 Feature Requests
Topic: Decent iptables script
Replies: 31
Views: 38051

Re: Decent iptables script

Did you guys agree on a feature request here, that I should add to my list? I briefly read up on shorewall, but coming from a hardware background I can't say i understand the benefits for users other than the tech savvy like you, who would take advantage of the under-the-hood capabilities. Do I mis...
by Gordon
18 Nov 2011, 04:29
Forum: B2 & B3 Feature Requests
Topic: Decent iptables script
Replies: 31
Views: 38051

Re: Decent iptables script

My bad; won't do it again.

Still something good has come out of this. I learned some new Swedish words and am intrigued by surströmming. Should definitely try to get my hands on some.
by Gordon
18 Nov 2011, 02:32
Forum: B2 & B3 Feature Requests
Topic: Decent iptables script
Replies: 31
Views: 38051

Re: Decent iptables script

RandomUsername wrote:OT but; falukorv?
I have absolutely no idea. A mod joke?
by Gordon
17 Nov 2011, 17:40
Forum: B2 & B3 Feature Requests
Topic: Decent iptables script
Replies: 31
Views: 38051

Re: Decent iptables script

Thing is that Shorewall will break up the tables by defining directions between what is called zones: where do you come from and where do you want to go? Every rule you create thereafter is based on one of these directions and you never ever get to touch the original INPUT, OUTPUT, FORWARD, PREROUTI...
by Gordon
17 Nov 2011, 13:48
Forum: B2 & B3 Feature Requests
Topic: Decent iptables script
Replies: 31
Views: 38051

Re: Decent iptables script

Depends on your definition of ´simple setup´. It has a ´trusted´ (LAN) and a 'non-trusted' (WAN) interface, so it has all the elements in it that Shorewall is designed for. I know you are an advocate of the Keep-It-Simple policy, but there's also a thing called oversimplifying which is a main cause ...
by Gordon
17 Nov 2011, 12:40
Forum: B2 & B3 Feature Requests
Topic: Decent iptables script
Replies: 31
Views: 38051

Re: Decent iptables script

Sorry to say, but *every* firewall script may eventually cause you to be locked out. I must admit though that this one is particularly stupid in that it saves dynamically/user added rules on shutdown. The trouble with standard firewall settings is that are too general. This was the case with ipfw, w...