free
/
freedombone
关注 1
点赞 0
派生 0
代码 工单 0 合并请求 0 版本发布 0 百科 动态
浏览代码

vpn firewall settings appear to be needed for Patchwork to discover local peers

Bob Mottram 7 年前
父节点
df33a12702
当前提交
c9189104d5
共有 1 个文件被更改,包括 16 次插入16 次删除
分列视图 显示文件统计
  1. 16
    16
      src/freedombone-mesh-batman

+ 16
- 16
src/freedombone-mesh-batman 查看文件 

@@ -454,22 +454,22 @@ function start {
454 454 
     iptables -A INPUT -p tcp --dport 8008 -j ACCEPT
455 455 
     iptables -A INPUT -p udp --dport 8010 -j ACCEPT
456 456 
     iptables -A INPUT -p tcp --dport 8010 -j ACCEPT
457 
-    if [[ "$ethernet_connected" != "0" ]]; then
458 
-        # vpn over the internet
459 
-        iptables -A INPUT -p tcp --dport 653 -j ACCEPT
460 
-        iptables -A INPUT -p udp --dport 653 -j ACCEPT
461 
-        iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
462 
-        iptables -A INPUT -i tun+ -j ACCEPT
463 
-        iptables -A FORWARD -i tun+ -j ACCEPT
464 
-        iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
465 
-        iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
466 
-        iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
467 
-        iptables -A OUTPUT -o tun+ -j ACCEPT
468 
-        echo 1 > /proc/sys/net/ipv4/ip_forward
469 
-        sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
470 
-        sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
471 
-        sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf
472 
-    fi
457 
+    # vpn over the internet
458 
+    # Note: the vpn firewall settings are needed in order for Patchwork
459 
+    # to discover local peers
460 
+    iptables -A INPUT -p tcp --dport 653 -j ACCEPT
461 
+    iptables -A INPUT -p udp --dport 653 -j ACCEPT
462 
+    iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
463 
+    iptables -A INPUT -i tun+ -j ACCEPT
464 
+    iptables -A FORWARD -i tun+ -j ACCEPT
465 
+    iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
466 
+    iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
467 
+    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
468 
+    iptables -A OUTPUT -o tun+ -j ACCEPT
469 
+    echo 1 > /proc/sys/net/ipv4/ip_forward
470 
+    sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
471 
+    sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
472 
+    sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf
473 473
474 474 
     systemctl restart avahi-daemon
475 475