Formbi
1y ago
•
100%
«your servers “lan” interface has no IPv4 address» ok, so how can that be fixed?
«Is this another machine in your network already, or is that a typo?» Probably a typo, I just copied it mindlessly :/. Now I have this:
dhcp-range=192.168.0.25,192.168.0.50,24h
dhcp-option=option:router,192.168.0.1
dhcp-option=option:ntp-server,192.168.0.1
dhcp-option=option:dns-server,192.168.0.1
dhcp-option=option:netmask,255.255.255.0
Formbi
1y ago
•
0%
thanks for your response!
1: the cable was indeed bad (it was brand new, so I wasn't suspecting it), but something else is still wrong
2: sorry for just pasting, I'm not really sure how to interpret it client:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether f0:de:f1:5d:57:0c brd ff:ff:ff:ff:ff:ff
inet6 fe80::29d:f28a:75a7:b5ab/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: wlp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether e2:a8:25:b3:ef:1a brd ff:ff:ff:ff:ff:ff permaddr 00:24:d7:a6:ce:e4
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:0f:11:f5:37 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
server:
1: lo: <LOOPBACK,MULTICAST,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
3: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 6e:10:39:1a:0b:03 brd ff:ff:ff:ff:ff:ff
inet6 fe80::2721:8559:a60d:2e65/64 scope link noprefixroute
valid_lft forever preferred_lft forever
4: enp0s29u1u5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
link/ether 02:48:11:4d:31:03 brd ff:ff:ff:ff:ff:ff
inet 192.168.167.220/24 brd 192.168.167.255 scope global dynamic noprefixroute enp0s29u1u5
valid_lft 3540sec preferred_lft 3540sec
inet6 fe80::6c7f:73bd:fb6c:bacd/64 scope link noprefixroute
valid_lft forever preferred_lft forever
2a: I'm using network manager, it has worked so far. When I try to connect to the wired network manually (normally it does it automatically), nmtui says Could not activate connection: Activation failed: IP configuration could not be reserved (no available address, timeout, etc.). Dnsmasq is running, but I don't know hot to check where is't listening (I tried looking it up, but didn't find anything).
3: it only shows the dummy docker thing; when I connect to the wi-fi hotspot in my phone, it does appear and I can ping it
4: I'm not sure, the nftables config is pasted in the original post
Formbi
1y ago
•
100%
I connect a different device with a cable and I expect it would get an internet connection or at least a local connection. But, well, nothing happens. There are no messages in dmesg or /var/log/messages on both machines either.
Hi! I'm trying to make a DIY router. I used configs from some online guides (the nftables one is from the project's website), but nothing happens when I connect a different machine. I know that description doesn't say much, so I'd like to know how can I check what's actually wrong. My system (Guix) config is below: ``` (use-modules (gnu)) (use-service-modules cups desktop networking ssh xorg sysctl linux dns) (define wan "enp0s29u1u5") (define lan "enp0s25") (define dnsmasq-config "# Listen on this specific port instead of the standard DNS port # (53). Setting this to zero completely disables DNS function, # leaving only DHCP and/or TFTP. port=53 # Never forward plain names (without a dot or domain part) domain-needed # Never forward addresses in the non-routed address spaces. bogus-priv # By default, dnsmasq will send queries to any of the upstream # servers it knows about and tries to favour servers to are known # to be up. Uncommenting this forces dnsmasq to try each query # with each server strictly in the order they appear in # /etc/resolv.conf strict-order # Set this (and domain: see below) if you want to have a domain # automatically added to simple names in a hosts-file. expand-hosts # Set the domain for dnsmasq. this is optional, but if it is set, it # does the following things. # 1) Allows DHCP hosts to have fully qualified domain names, as long # as the domain part matches this setting. # 2) Sets the \"domain\" DHCP option thereby potentially setting the # domain of all systems configured by DHCP # 3) Provides the domain part for \"expand-hosts\" #domain=thekelleys.org.uk domain=example.com # Set Listen address listen-address=127.0.0.1 # Set to Server IP for network responses dhcp-range=192.168.3.25,192.168.3.50,24h dhcp-option=option:router,192.168.3.1 dhcp-option=option:ntp-server,192.168.3.5 dhcp-option=option:dns-server,192.168.3.5 dhcp-option=option:netmask,255.255.255.0 ") (define nftables-config (format #f "flush ruleset define DEV_PRIVATE = ~a define DEV_WORLD = ~a define NET_PRIVATE = 192.168.0.0/16 table ip global { chain inbound_world { # accepting ping (icmp-echo-request) for diagnostic purposes. # However, it also lets probes discover this host is alive. # This sample accepts them within a certain rate limit: # # icmp type echo-request limit rate 5/second accept # allow SSH connections from some well-known internet host ip saddr 81.209.165.42 tcp dport ssh accept } chain inbound_private { # accepting ping (icmp-echo-request) for diagnostic purposes. icmp type echo-request limit rate 5/second accept # allow DHCP, DNS and SSH from the private network ip protocol . th dport vmap { tcp . 22 : accept, udp . 53 : accept, tcp . 53 : accept, udp . 67 : accept} } chain inbound { type filter hook input priority 0; policy drop; # Allow traffic from established and related packets, drop invalid ct state vmap { established : accept, related : accept, invalid : drop } # allow loopback traffic, anything else jump to chain for further evaluation iifname vmap { lo : accept, $DEV_WORLD : jump inbound_world, $DEV_PRIVATE : jump inbound_private } # the rest is dropped by the above policy } chain forward { type filter hook forward priority 0; policy drop; # Allow traffic from established and related packets, drop invalid ct state vmap { established : accept, related : accept, invalid : drop } # connections from the internal net to the internet or to other # internal nets are allowed iifname $DEV_PRIVATE accept # the rest is dropped by the above policy } chain postrouting { type nat hook postrouting priority 100; policy accept; # masquerade private IP addresses ip saddr $NET_PRIVATE oifname $DEV_WORLD masquerade } } " lan wan)) (operating-system (locale "en_GB.utf8") (timezone "Europe/Warsaw") (keyboard-layout (keyboard-layout "pl" "legacy" #:options '("ctrl:nocaps"))) (host-name "router") (kernel-arguments (list "modprobe.blacklist=pcspkr,snd_pcsp")) ;; The list of user accounts ('root' is implicit). (users (cons* (user-account (name "formbi") (comment "Formbi") (group "users") (home-directory "/home/formbi") (supplementary-groups '("wheel" "netdev" "audio" "video"))) %base-user-accounts)) ;; Packages installed system-wide. Users can also install packages ;; under their own account: use 'guix search KEYWORD' to search ;; for packages and 'guix install PACKAGE' to install a package. (packages (append (list (specification->package "nss-certs")) %base-packages)) ;; Below is the list of system services. To search for available ;; services, run 'guix system search KEYWORD' in a terminal. (services (append (list (service xfce-desktop-service-type) (service guix-publish-service-type (guix-publish-configuration (port 2137) (advertise? #t))) (service earlyoom-service-type (earlyoom-configuration (avoid-regexp "emacs") (minimum-available-memory 5) (minimum-free-swap 20))) (service openssh-service-type) (service cups-service-type) (service dnsmasq-service-type) (extra-special-file "/etc/dnsmasq.conf" (plain-file "dnsmasq.conf" dnsmasq-config)) (service nftables-service-type (nftables-configuration (ruleset (plain-file "nftables.conf" nftables-config)))) (set-xorg-configuration (xorg-configuration (keyboard-layout keyboard-layout)))) ;; This is the default list of services we ;; are appending to. (modify-services %desktop-services (sysctl-service-type config => (sysctl-configuration (settings (append '(("vm.swappiness" . "10") ("net.ipv4.ip_forward" . "1")) %default-sysctl-settings)))) (network-manager-service-type config => (network-manager-configuration ;(dns "dnsmasq") )) (guix-service-type config => (guix-configuration (discover? #t)))))) (bootloader (bootloader-configuration (bootloader grub-bootloader) (targets (list "/dev/sda")) (keyboard-layout keyboard-layout))) (swap-devices (list (swap-space (target (uuid "a32aa366-c966-460f-9592-2a08c5cad947"))))) ;; The list of file systems that get "mounted". The unique ;; file system identifiers there ("UUIDs") can be obtained ;; by running 'blkid' in a terminal. (file-systems (cons* (file-system (mount-point "/") (device (uuid "30b3a834-f23e-42ad-addf-0cde5538a96f" 'ext4)) (type "ext4")) %base-file-systems))) ```