浏览代码

vpn firewall settings appear to be needed for Patchwork to discover local peers

Bob Mottram 7 年前
父节点
当前提交
c9189104d5
共有 1 个文件被更改,包括 16 次插入16 次删除
  1. 16
    16
      src/freedombone-mesh-batman

+ 16
- 16
src/freedombone-mesh-batman 查看文件

@@ -454,22 +454,22 @@ function start {
454 454
     iptables -A INPUT -p tcp --dport 8008 -j ACCEPT
455 455
     iptables -A INPUT -p udp --dport 8010 -j ACCEPT
456 456
     iptables -A INPUT -p tcp --dport 8010 -j ACCEPT
457
-    if [[ "$ethernet_connected" != "0" ]]; then
458
-        # vpn over the internet
459
-        iptables -A INPUT -p tcp --dport 653 -j ACCEPT
460
-        iptables -A INPUT -p udp --dport 653 -j ACCEPT
461
-        iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
462
-        iptables -A INPUT -i tun+ -j ACCEPT
463
-        iptables -A FORWARD -i tun+ -j ACCEPT
464
-        iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
465
-        iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
466
-        iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
467
-        iptables -A OUTPUT -o tun+ -j ACCEPT
468
-        echo 1 > /proc/sys/net/ipv4/ip_forward
469
-        sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
470
-        sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
471
-        sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf
472
-    fi
457
+    # vpn over the internet
458
+    # Note: the vpn firewall settings are needed in order for Patchwork
459
+    # to discover local peers
460
+    iptables -A INPUT -p tcp --dport 653 -j ACCEPT
461
+    iptables -A INPUT -p udp --dport 653 -j ACCEPT
462
+    iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
463
+    iptables -A INPUT -i tun+ -j ACCEPT
464
+    iptables -A FORWARD -i tun+ -j ACCEPT
465
+    iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
466
+    iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
467
+    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
468
+    iptables -A OUTPUT -o tun+ -j ACCEPT
469
+    echo 1 > /proc/sys/net/ipv4/ip_forward
470
+    sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
471
+    sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
472
+    sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf
473 473
 
474 474
     systemctl restart avahi-daemon
475 475