Routing and firewall
From Bubble
Note This page has been moved as-is from the previous wiki and need to be reviewed!
[edit]
Rules
| To | |||||
| Node | 10.0.0.0/8 subnet (AODV) | 172.1x.xx.x0/28 (DHCP) | Wired interface | ||
| 4>From | Node | No restriction | |||
| 10.0.0.0/8 subnet (AODV) | ICMP/SSH/HTTP | No restriction | Blocked | Blocked by default (Access can be given with additional rules) | |
| 172.1x.xx.x0/28 (DHCP) | ICMP/SSH/HTTP | No restriction (Masquerade) | N/A | Blocked by default (Access can be given with additional rules) | |
| Wired interface | No restriction | No restriction (Masquerade) | N/A |
[edit]
DiskLess
Notes about the testing done on the DiskLess scripts (DiskLess/add-ons/sources/bulles_skeleton/etc/init.d/rc.firewall.sh?rev=HEAD&content-type=text/vnd.viewcvs-markup View Script)
| To | |||||
| Node | 10.0.0.0/8 subnet (AODV) | 172.1x.xx.x0/28 (DHCP) | Wired interface | ||
| From | Node | OK | |||
| 10.0.0.0/8 subnet (AODV) | OK (AODV works as expected) | Not tested | Not tested | OK (Also tested when the gateways is 'open'; additional FORWARD rule:"$IPTABLES -I FORWARD -i $WIFI_IF -o $LAN_IF -m mac --mac-source 00:02:2D:29:91:6B -j ACCEPT" -- not masqueraded) | |
| 172.1x.xx.x0/28 (DHCP) | OK (DHCP Allocates address as expected) fixed in rc.firewall.sh 1.5 | Not tested | N/A | OK (Same as above) | |
| Wired interface | OK | OK (Masquerade works) | N/A |
