Web lists-archives.com

Re: Help needed with home network configuration




On Friday 09 March 2018 10:18:23 Reco wrote:

> 	Hi.
>
> On Fri, Mar 09, 2018 at 04:30:53PM +0200, Johann Spies wrote:
> > For many years I have used my desktp as a network/firewall server
> > with two interfaces one facing the internet (through ADSL) and the
> > other the local network.
> >
> > Now I have a fibre connection and for a month both connections will
> > be available in parallel.
> >
> > I have decided to use my Raspberry Pi3 as the firewall/network
> > server in future but have after many hours failed to do so
> > successfully.
>
> A suboptimal idea IMO. These Broadcom chipsets are only good for video
> output, their 100Mbps "Ethernet" is actually hardwired to USB, and
> their WiFi is a PITA (I used Raspberry Pi3 as WiFi AP for half a year.
> Never again). They make good SPI programmers though.
>
> If you need a good Debian-friendly router, I suggest buying Linksys
> ACM 1200, 1900 or 3200.

I will also highly recommend the higher end Buffalo's. I have a $70 mail 
order Netfinity, now quite a few years old, reprogrammed with the real 
dd-wrt. It has bounced every attack now for around 8 years. And I mean 
every. I do not have its radio enabled unless my boys are on site with 
their smartphones. And its not bridged to my local net anyway, only to 
the internet.

> > First I have tried a similar Shorewall setup that I have on my
> > desktop and after failing successful connections I tried ufw with no
> > success.
> >
> > First ufw:
> >
> > $ sudo ufw status verbose
> > Status: active
> > Logging: on (low)
> > Default: deny (incoming), allow (outgoing)
> > New profiles: skip
> >
> > To                         Action      From
> > --                         ------      ----
> > Anywhere                   ALLOW IN    192.168.0.0/24
> >
> > Anywhere                   ALLOW OUT   192.168.0.0/24
> > 53/udp                     ALLOW OUT   192.168.0.0/24
> > 443/tcp                    ALLOW OUT   192.168.0.0/24
> >
> > (Ihave added the last two lines which I thought should not be
> > necessary).
> >
> > I get this in the log:
> >
> > Mar  9 12:14:15 pi3 kernel: [403782.469448] [UFW BLOCK] IN=eth0
> > OUT=eth1
> > MAC=b8:27:eb:63:94:ea:1c:5a:3e:e0:29:fe:08:00:45:00:00:3c:50:e8:40:0
> >0:3f:06:fb:f2 SRC=192.168.0.10 DST=207.36.95.10 LEN=60 TOS=0x00
> > PREC=0x00 TTL=63 ID=20712 DF PROTO=TCP SPT=53337 DPT=443 WINDOW=5840
> > RES=0x00 SYN URGP=0
>
> An "iptables-save" output would be welcome. There are many frontends
> to netfilter, but nothing beats the original "iptables".
>
> Reco



-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>