kuckucksmuehle:hackerspace:firewall

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
kuckucksmuehle:hackerspace:firewall [2018/02/26 19:02] kimparkerkuckucksmuehle:hackerspace:firewall [2018/03/22 18:20] (current) – add information how to handle network disturbance kimparker
Line 28: Line 28:
 Outbound Nat Rules make sure that no traffic from the internal network is sent to the internet when the VPN is not up Outbound Nat Rules make sure that no traffic from the internal network is sent to the internet when the VPN is not up
  
-=============================== +==== Handle Network Disturbances ====
-We have at the moment a Debain running on a Z-Box (will be changed in the future). And configured the rules with "ferm":http://ferm.foo-projects.org/.+
  
-There are several configurations in the ''/etc/ferm'' directory that can be loaded with ''ferm [filename]''+Sometimes it is required to check which device is responsible for traffic. In rare circumstances it is also required to shut that device off.
  
-''/etc/ferm/default.conf'' +  - Login to https://192.168.1.1 
- +  - Open "Interfaces/Diagnostics/ARP Table" on a separate tab 
-This file is loaded every time the VPN connection state changes with a udev ruleIt ensures that traffic is only forwarded through the VPN and never leaves the box unless it is VPN traffic or DNS traffic to a limited set of servers+  - Open "Reporting/Insight" on a separate tab 
- +  - Open "Reporting/Traffic Graph", Select LAN 
-''/etc/ferm/admin.conf'' +  - Find the device causing traffic, look up the IP in the arp-table (gives more info like manufacturer) 
- +  - Open "Firewall/Traffic Shaper/Settings" -> Rules 
-This file is used to unlock the restrictive firewall during administration. This allows the firewall to connect to the distribution repositories and download updates. +  - Duplicate the BAD GUI rule and enter the IP addressname the new rule and click apply
- +
-''/etc/cron.d/toggle_uplink.sh'' +
- +
-This script is used to switch between uplinks (satellite or DSL) using a cron job. It is configured to shut down the VPN, set a different configuration (TCP for satellite, UDP for DSL) and trigger the reconnect. The VPN provider is instructed to provide a fixed IP so running downloads should continue. +
- +
-''crontab -e as root'' +
- +
-At the moment the router switches at night to the sateliteto use the flatrate of the satelite between 0:00-6:00  UTC + 1.+
  
  • kuckucksmuehle/hackerspace/firewall.1519668120.txt.gz
  • Last modified: 2018/02/26 19:02
  • by kimparker