Re: Help needed with home network configuration
- Date: Fri, 9 Mar 2018 12:31:35 -0500
- From: Gene Heskett <gheskett@xxxxxxxxxxx>
- Subject: Re: Help needed with home network configuration
On Friday 09 March 2018 10:18:23 Reco wrote:
> On Fri, Mar 09, 2018 at 04:30:53PM +0200, Johann Spies wrote:
> > For many years I have used my desktp as a network/firewall server
> > with two interfaces one facing the internet (through ADSL) and the
> > other the local network.
> > Now I have a fibre connection and for a month both connections will
> > be available in parallel.
> > I have decided to use my Raspberry Pi3 as the firewall/network
> > server in future but have after many hours failed to do so
> > successfully.
> A suboptimal idea IMO. These Broadcom chipsets are only good for video
> output, their 100Mbps "Ethernet" is actually hardwired to USB, and
> their WiFi is a PITA (I used Raspberry Pi3 as WiFi AP for half a year.
> Never again). They make good SPI programmers though.
> If you need a good Debian-friendly router, I suggest buying Linksys
> ACM 1200, 1900 or 3200.
I will also highly recommend the higher end Buffalo's. I have a $70 mail
order Netfinity, now quite a few years old, reprogrammed with the real
dd-wrt. It has bounced every attack now for around 8 years. And I mean
every. I do not have its radio enabled unless my boys are on site with
their smartphones. And its not bridged to my local net anyway, only to
> > First I have tried a similar Shorewall setup that I have on my
> > desktop and after failing successful connections I tried ufw with no
> > success.
> > First ufw:
> > $ sudo ufw status verbose
> > Status: active
> > Logging: on (low)
> > Default: deny (incoming), allow (outgoing)
> > New profiles: skip
> > To Action From
> > -- ------ ----
> > Anywhere ALLOW IN 192.168.0.0/24
> > Anywhere ALLOW OUT 192.168.0.0/24
> > 53/udp ALLOW OUT 192.168.0.0/24
> > 443/tcp ALLOW OUT 192.168.0.0/24
> > (Ihave added the last two lines which I thought should not be
> > necessary).
> > I get this in the log:
> > Mar 9 12:14:15 pi3 kernel: [403782.469448] [UFW BLOCK] IN=eth0
> > OUT=eth1
> > MAC=b8:27:eb:63:94:ea:1c:5a:3e:e0:29:fe:08:00:45:00:00:3c:50:e8:40:0
> >0:3f:06:fb:f2 SRC=192.168.0.10 DST=22.214.171.124 LEN=60 TOS=0x00
> > PREC=0x00 TTL=63 ID=20712 DF PROTO=TCP SPT=53337 DPT=443 WINDOW=5840
> > RES=0x00 SYN URGP=0
> An "iptables-save" output would be welcome. There are many frontends
> to netfilter, but nothing beats the original "iptables".
Cheers, Gene Heskett
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>