Re: Help needed with home network configuration
On Fri, Mar 09, 2018 at 04:30:53PM +0200, Johann Spies wrote:
> For many years I have used my desktp as a network/firewall server with
> two interfaces one facing the internet (through ADSL) and the other the
> local network.
> Now I have a fibre connection and for a month both connections will be
> available in parallel.
> I have decided to use my Raspberry Pi3 as the firewall/network server in
> future but have after many hours failed to do so successfully.
A suboptimal idea IMO. These Broadcom chipsets are only good for video
output, their 100Mbps "Ethernet" is actually hardwired to USB, and their
WiFi is a PITA (I used Raspberry Pi3 as WiFi AP for half a year. Never
again). They make good SPI programmers though.
If you need a good Debian-friendly router, I suggest buying Linksys ACM
1200, 1900 or 3200.
> First I have tried a similar Shorewall setup that I have on my desktop
> and after failing successful connections I tried ufw with no success.
> First ufw:
> $ sudo ufw status verbose
> Status: active
> Logging: on (low)
> Default: deny (incoming), allow (outgoing)
> New profiles: skip
> To Action From
> -- ------ ----
> Anywhere ALLOW IN 192.168.0.0/24
> Anywhere ALLOW OUT 192.168.0.0/24
> 53/udp ALLOW OUT 192.168.0.0/24
> 443/tcp ALLOW OUT 192.168.0.0/24
> (Ihave added the last two lines which I thought should not be
> I get this in the log:
> Mar 9 12:14:15 pi3 kernel: [403782.469448] [UFW BLOCK] IN=eth0
> OUT=eth1 MAC=b8:27:eb:63:94:ea:1c:5a:3e:e0:29:fe:08:00:45:00:00:3c:50:e8:40:00:3f:06:fb:f2
> SRC=192.168.0.10 DST=22.214.171.124 LEN=60 TOS=0x00 PREC=0x00 TTL=63
> ID=20712 DF PROTO=TCP SPT=53337 DPT=443 WINDOW=5840 RES=0x00 SYN
An "iptables-save" output would be welcome. There are many frontends to
netfilter, but nothing beats the original "iptables".