mar
/
sysadmin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

changes & fixes to router docs & freeswitch

master
Mario Alegre 5 years ago
parent
7d31a9a9be
commit
d96a867978
3 changed files with 57 additions and 26 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 14
      linux/router/dnsmasq.md
  2. 54
      linux/router/nftables.md
  3. 15
      linux/voip/freeswitch.md

14
linux/router/dnsmasq.md
View File

@ -27,8 +27,16 @@ local=/mar.alemor.org/
# Repeat the line for more than one interface. # Repeat the line for more than one interface.
interface=lan0 interface=lan0
# If you don't want dnsmasq to read /etc/hosts, uncomment the
# following line.
no-hosts
# Set this (and domain: see below) if you want to have a domain
# automatically added to simple names in a hosts-file.
expand-hosts
# Set a domain for a particular subnet # Set a domain for a particular subnet
domain=mar.alemor.org,192.168.80.0/24 domain=mar.alemor.org,192.168.82.0/24
# Uncomment this to enable the integrated DHCP server, you need # Uncomment this to enable the integrated DHCP server, you need
# to supply the range of addresses available for lease and optionally # to supply the range of addresses available for lease and optionally
@ -53,9 +61,9 @@ dhcp-authoritative
# If you want to disable negative caching, uncomment this. # If you want to disable negative caching, uncomment this.
no-negcache no-negcache
``` ```
after you've set the config you want, reload with `service dnsmasq restart` after you've set the config you want, reload with `service dnsmasq restart`.
- hosts in `/etc/hosts` and MAC addresses in `/etc/ethers` Put your static hosts in `/etc/dnsmasq.d/hosts`.
## make interface static ## make interface static

54
linux/router/nftables.md
View File

@ -30,67 +30,75 @@ in `/etc/nftables.conf`:
# flush only my tables # flush only my tables
table inet myfilter table inet myfilter
delete table inet myfilter delete table inet myfilter
table ip mynatv4 table ip mynat
delete table ip mynatv4 delete table ip mynat
table inet myfilter { table inet myfilter {
chain myinput { chain input {
# use the "input" hook for this chain
# accepts packets by default, because we don't want # accepts packets by default, because we don't want
# to have to keep track of all interfaces we don't want # to have to keep track of all interfaces we don't want
# firewalled (lan0, wlan0, lxdbr0, veths, etc) # firewalled (lan0, wlan0, bridges, veths, etc)
type filter hook input priority 0; policy accept; type filter hook input priority 0; policy accept;
# allow established/related connections
ct state {established, related} accept
# drop invalid connections # drop invalid connections
ct state invalid drop ct state invalid drop
# packets that are received on a firewalled interface # packets that are received on a firewalled interface
# are sent to the firewall chain for evaluation # are sent to the firewall chain for evaluation
iifname "wan0" jump myfirewall iifname wan0 jump firewall
} }
chain myfirewall { # handle firewall chain firewall {
# allow established/related connections
ct state {established, related} accept
# accept incoming HTTP(s) connections # accept incoming HTTP(s) connections
tcp dport {http, https} accept tcp dport {80, 443} accept
# accept incoming SSH connections # accept incoming SSH connections
tcp dport 4322 accept tcp dport 4322 accept
# accept incoming SSH connections for gitea
tcp dport 4323 accept
# accept incoming minecraft MP connections
udp dport {19132, 19133} accept
tcp dport {19132, 19133} accept
# block mDNS broadcasts
udp dport 5353 drop
# reject everything else # reject everything else
reject with icmpx type port-unreachable reject
} }
chain myforward { chain forward {
# forward everything by default # forward everything by default
type filter hook forward priority 0; policy accept; type filter hook forward priority 0; policy accept;
# forward incoming on wan0 for established/related connections # drop invalid connections
iifname wan0 ct state {established, related} accept ct state invalid drop
# drop everything else
iifname wan0 drop
# send packets recieved on WAN to firewall chain
iifname wan0 jump firewall
} }
chain myoutput { chain output {
# let everything out by default # let everything out by default
type filter hook output priority 0; policy accept; type filter hook output priority 0; policy accept;
# block outgoing mDNS broadcasts # block outgoing mDNS broadcasts
udp dport 5353 drop udp dport 5353 drop
} }
} }
table ip mynatv4 { table ip mynat {
chain myprerouting { chain prerouting {
type nat hook prerouting priority -100; type nat hook prerouting priority -100;
# if I wanted to do port forwarding I could do it like this: # if I wanted to do port forwarding I could do it like this:
# forward http to 192.168.82.10 # forward http to 192.168.82.10
#tcp dport http dnat to 192.168.82.10 #tcp dport http dnat to 192.168.82.10
} }
chain mypostrouting { chain postrouting {
type nat hook postrouting priority 100; type nat hook postrouting priority 100;
# masquerade outbound packets going to WAN # masquerade outbound packets going to WAN

15
linux/voip/freeswitch.md
View File

@ -0,0 +1,15 @@
# install and configure freeswitch
## install from apt repo
add repo:
```
apt-get update && apt-get install -y gnupg2 wget lsb-release
wget -O - https://files.freeswitch.org/repo/deb/debian-release/fsstretch-archive-keyring.asc | apt-key add -
echo "deb http://files.freeswitch.org/repo/deb/debian-release/ `lsb_release -sc` main" > /etc/apt/sources.list.d/freeswitch.list
echo "deb-src http://files.freeswitch.org/repo/deb/debian-release/ `lsb_release -sc` main" >> /etc/apt/sources.list.d/freeswitch.list
```
install package:
```
apt update && apt install freeswitch-meta-all
```
Write Preview
Loading…
Cancel
Save