Formbi

joined 1 year ago
[โ€“] [email protected] 1 points 1 year ago (1 children)

thanks for your response!

1: the cable was indeed bad (it was brand new, so I wasn't suspecting it), but something else is still wrong

2: sorry for just pasting, I'm not really sure how to interpret it client:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope global lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether f0:de:f1:5d:57:0c brd ff:ff:ff:ff:ff:ff
    inet6 fe80::29d:f28a:75a7:b5ab/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: wlp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether e2:a8:25:b3:ef:1a brd ff:ff:ff:ff:ff:ff permaddr 00:24:d7:a6:ce:e4
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:0f:11:f5:37 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever

server:

1: lo: <LOOPBACK,MULTICAST,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope global lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
3: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 6e:10:39:1a:0b:03 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::2721:8559:a60d:2e65/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
4: enp0s29u1u5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
    link/ether 02:48:11:4d:31:03 brd ff:ff:ff:ff:ff:ff
    inet 192.168.167.220/24 brd 192.168.167.255 scope global dynamic noprefixroute enp0s29u1u5
       valid_lft 3540sec preferred_lft 3540sec
    inet6 fe80::6c7f:73bd:fb6c:bacd/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

2a: I'm using network manager, it has worked so far. When I try to connect to the wired network manually (normally it does it automatically), nmtui says Could not activate connection: Activation failed: IP configuration could not be reserved (no available address, timeout, etc.). Dnsmasq is running, but I don't know hot to check where is't listening (I tried looking it up, but didn't find anything).

2b: http://ix.io/4z3X/text

3: it only shows the dummy docker thing; when I connect to the wi-fi hotspot in my phone, it does appear and I can ping it

4: I'm not sure, the nftables config is pasted in the original post

[โ€“] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

I connect a different device with a cable and I expect it would get an internet connection or at least a local connection. But, well, nothing happens. There are no messages in dmesg or /var/log/messages on both machines either.

 

Hi!

I'm trying to make a DIY router. I used configs from some online guides (the nftables one is from the project's website), but nothing happens when I connect a different machine. I know that description doesn't say much, so I'd like to know how can I check what's actually wrong. My system (Guix) config is below:

(use-modules (gnu))
(use-service-modules cups desktop networking ssh xorg sysctl linux dns)

(define wan "enp0s29u1u5")

(define lan "enp0s25")

(define dnsmasq-config
  "# Listen on this specific port instead of the standard DNS port
# (53). Setting this to zero completely disables DNS function,
# leaving only DHCP and/or TFTP.
port=53
# Never forward plain names (without a dot or domain part)
domain-needed
# Never forward addresses in the non-routed address spaces.
bogus-priv
# By  default,  dnsmasq  will  send queries to any of the upstream
# servers it knows about and tries to favour servers to are  known
# to  be  up.  Uncommenting this forces dnsmasq to try each query
# with  each  server  strictly  in  the  order  they   appear   in
# /etc/resolv.conf
strict-order
# Set this (and domain: see below) if you want to have a domain
# automatically added to simple names in a hosts-file.
expand-hosts
# Set the domain for dnsmasq. this is optional, but if it is set, it
# does the following things.
# 1) Allows DHCP hosts to have fully qualified domain names, as long
#     as the domain part matches this setting.
# 2) Sets the \"domain\" DHCP option thereby potentially setting the
#    domain of all systems configured by DHCP
# 3) Provides the domain part for \"expand-hosts\"
#domain=thekelleys.org.uk
domain=example.com

# Set Listen address
listen-address=127.0.0.1 # Set to Server IP for network responses

dhcp-range=192.168.3.25,192.168.3.50,24h
dhcp-option=option:router,192.168.3.1
dhcp-option=option:ntp-server,192.168.3.5
dhcp-option=option:dns-server,192.168.3.5
dhcp-option=option:netmask,255.255.255.0
")

(define nftables-config
  (format #f
	  "flush ruleset

define DEV_PRIVATE = ~a
define DEV_WORLD = ~a
define NET_PRIVATE = 192.168.0.0/16

table ip global {

    chain inbound_world {
        # accepting ping (icmp-echo-request) for diagnostic purposes.
        # However, it also lets probes discover this host is alive.
        # This sample accepts them within a certain rate limit:
        #
        # icmp type echo-request limit rate 5/second accept

        # allow SSH connections from some well-known internet host
        ip saddr 81.209.165.42 tcp dport ssh accept
    }

    chain inbound_private {
        # accepting ping (icmp-echo-request) for diagnostic purposes.
        icmp type echo-request limit rate 5/second accept

        # allow DHCP, DNS and SSH from the private network
        ip protocol . th dport vmap { tcp . 22 : accept, udp . 53 : accept, tcp . 53 : accept, udp . 67 : accept}
    }

    chain inbound {
        type filter hook input priority 0; policy drop;

        # Allow traffic from established and related packets, drop invalid
        ct state vmap { established : accept, related : accept, invalid : drop }

        # allow loopback traffic, anything else jump to chain for further evaluation
        iifname vmap { lo : accept, $DEV_WORLD : jump inbound_world, $DEV_PRIVATE : jump inbound_private }

        # the rest is dropped by the above policy
    }

    chain forward {
        type filter hook forward priority 0; policy drop;

        # Allow traffic from established and related packets, drop invalid
        ct state vmap { established : accept, related : accept, invalid : drop }

        # connections from the internal net to the internet or to other
        # internal nets are allowed
        iifname $DEV_PRIVATE accept

        # the rest is dropped by the above policy
    }

    chain postrouting {
        type nat hook postrouting priority 100; policy accept;

        # masquerade private IP addresses
        ip saddr $NET_PRIVATE oifname $DEV_WORLD masquerade
    }
}
" lan wan))

(operating-system
 (locale "en_GB.utf8")
 (timezone "Europe/Warsaw")
 (keyboard-layout (keyboard-layout "pl" "legacy" #:options '("ctrl:nocaps")))
 (host-name "router")

 (kernel-arguments
  (list
   "modprobe.blacklist=pcspkr,snd_pcsp"))
 
 ;; The list of user accounts ('root' is implicit).
 (users (cons* (user-account
                (name "formbi")
                (comment "Formbi")
                (group "users")
                (home-directory "/home/formbi")
                (supplementary-groups '("wheel" "netdev" "audio" "video")))
               %base-user-accounts))

 ;; Packages installed system-wide.  Users can also install packages
 ;; under their own account: use 'guix search KEYWORD' to search
 ;; for packages and 'guix install PACKAGE' to install a package.
 (packages
  (append (list (specification->package "nss-certs"))
                   %base-packages))

 ;; Below is the list of system services.  To search for available
 ;; services, run 'guix system search KEYWORD' in a terminal.
 (services
  (append (list
	   (service xfce-desktop-service-type)
	   (service guix-publish-service-type
		    (guix-publish-configuration
		     (port 2137)
		     (advertise? #t)))
	   (service earlyoom-service-type
		    (earlyoom-configuration
		     (avoid-regexp "emacs")
		     (minimum-available-memory 5)
		     (minimum-free-swap 20)))

           (service openssh-service-type)
           (service cups-service-type)

	   (service dnsmasq-service-type)

	   (extra-special-file "/etc/dnsmasq.conf"
			       (plain-file "dnsmasq.conf" dnsmasq-config))

	   (service nftables-service-type
		    (nftables-configuration
		     (ruleset (plain-file "nftables.conf" nftables-config))))


	   (set-xorg-configuration
            (xorg-configuration (keyboard-layout keyboard-layout))))

          ;; This is the default list of services we
          ;; are appending to.
	  (modify-services
	   %desktop-services
	   
	   (sysctl-service-type
	    config =>
	    (sysctl-configuration
	     (settings (append '(("vm.swappiness" . "10")
				 ("net.ipv4.ip_forward" . "1"))
			       %default-sysctl-settings))))

	   (network-manager-service-type
	    config =>
	    (network-manager-configuration
					;(dns "dnsmasq")
	     ))
	   
	   (guix-service-type
	    config =>
	    (guix-configuration
	     (discover? #t))))))
 
 (bootloader (bootloader-configuration
              (bootloader grub-bootloader)
              (targets (list "/dev/sda"))
              (keyboard-layout keyboard-layout)))
 (swap-devices (list (swap-space
                      (target (uuid
                               "a32aa366-c966-460f-9592-2a08c5cad947")))))

 ;; The list of file systems that get "mounted".  The unique
 ;; file system identifiers there ("UUIDs") can be obtained
 ;; by running 'blkid' in a terminal.
 (file-systems (cons* (file-system
                       (mount-point "/")
                       (device (uuid
                                "30b3a834-f23e-42ad-addf-0cde5538a96f"
                                'ext4))
                       (type "ext4")) %base-file-systems)))