by Morta » Thu Jul 04, 2019 5:14 pm
A little update to bring dnsmasq as router
The switch of espressobin v7 is working correctly.
It's little bit difusing that the wan port is left nearby USB3 Port
So the client gets IP-Address from the Router and the dns look up working but no Internet Traffic
The hint was:
Updating the espressobin to the latest version of all pacman packages
pacman -Syu
cat /etc/resolv.conf
$this->bbcode_second_pass_quote('', '
')nameserver 8.8.8.8
nameserver 8.8.4.4
cat /etc/systemd/resolved.conf
$this->bbcode_second_pass_quote('', '[')Resolve]
DNS=172.104.136.243 51.15.98.97 2a01:7e01::f03c:91ff:febc:322 2a00:dcc0:eda:88:>
FallbackDNS=1.1.1.1 9.9.9.10 8.8.8.8 2606:4700:4700::1111 2620:fe::10 2001:4860>
#Domains=
#LLMNR=yes
#MulticastDNS=yes
#DNSSEC=allow-downgrade
#DNSOverTLS=no
#Cache=yes
#DNSStubListener=yes
#ReadEtcHosts=yes
DNSStubListener=no # make happend thats port 53 is free for dnsmasq
cat /etc/dnsmasq.conf
$this->bbcode_second_pass_quote('', '
')...
# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
interface=br0
# Or you can specify which interface _not_ to listen on
#except-interface=
# Or which to listen on by address (remember to include 127.0.0.1 if
# you use this.)
listen-address=127.0.0.1
listen-address=192.168.1.1
.....
# Uncomment this to enable the integrated DHCP server, you need
# to supply the range of addresses available for lease and optionally
# a lease time. If you have more than one network, you will need to
# repeat this for each network on which you want to supply DHCP
# service.
dhcp-range=192.168.1.5,192.168.1.250,255.255.255.0,24h
....
# Do the same thing, but using the option name
dhcp-option=option:router,192.168.1.1
....
I take Iptables for the first test and is working!
$this->bbcode_second_pass_code('', '
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -t raw -F
iptables -t raw -X
iptables -A FORWARD -i br0 -s 192.168.1.0/255.255.255.0 -j ACCEPT
iptables -A FORWARD -i wan -d 192.168.1.0/255.255.255.0 -j ACCEPT
iptables -t nat -A POSTROUTING -o wan -j MASQUERADE
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -I INPUT 1 -i br0 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
')
The only problem is there i have only 300 MBit/s IN and OUTPUT can me someon help to get Gbit Speed?