8 år sedan · c9189104d5
--- a/src/freedombone-mesh-batman
+++ b/src/freedombone-mesh-batman
@@ -454,22 +454,22 @@ function start {
 
				     iptables -A INPUT -p tcp --dport 8008 -j ACCEPT
			
 
				     iptables -A INPUT -p udp --dport 8010 -j ACCEPT
			
 
				     iptables -A INPUT -p tcp --dport 8010 -j ACCEPT
			
 
				-    if [[ "$ethernet_connected" != "0" ]]; then
			
 
				-        # vpn over the internet
			
 
				-        iptables -A INPUT -p tcp --dport 653 -j ACCEPT
			
 
				-        iptables -A INPUT -p udp --dport 653 -j ACCEPT
			
 
				-        iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
			
 
				-        iptables -A INPUT -i tun+ -j ACCEPT
			
 
				-        iptables -A FORWARD -i tun+ -j ACCEPT
			
 
				-        iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
			
 
				-        iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
			
 
				-        iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
			
 
				-        iptables -A OUTPUT -o tun+ -j ACCEPT
			
 
				-        echo 1 > /proc/sys/net/ipv4/ip_forward
			
 
				-        sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
			
 
				-        sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
			
 
				-        sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf
			
 
				-    fi
			
 
				+    # vpn over the internet
			
 
				+    # Note: the vpn firewall settings are needed in order for Patchwork
			
 
				+    # to discover local peers
			
 
				+    iptables -A INPUT -p tcp --dport 653 -j ACCEPT
			
 
				+    iptables -A INPUT -p udp --dport 653 -j ACCEPT
			
 
				+    iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
			
 
				+    iptables -A INPUT -i tun+ -j ACCEPT
			
 
				+    iptables -A FORWARD -i tun+ -j ACCEPT
			
 
				+    iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
			
 
				+    iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
			
 
				+    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
			
 
				+    iptables -A OUTPUT -o tun+ -j ACCEPT
			
 
				+    echo 1 > /proc/sys/net/ipv4/ip_forward
			
 
				+    sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
			
 
				+    sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
			
 
				+    sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf
			
 
				 
			
 
				     systemctl restart avahi-daemon