«your servers “lan” interface has no IPv4 address» ok, so how can that be fixed?
«Is this another machine in your network already, or is that a typo?» Probably a typo, I just copied it mindlessly :/. Now I have this:
dhcp-range=192.168.0.25,192.168.0.50,24h
dhcp-option=option:router,192.168.0.1
dhcp-option=option:ntp-server,192.168.0.1
dhcp-option=option:dns-server,192.168.0.1
dhcp-option=option:netmask,255.255.255.0
thanks for your response!
1: the cable was indeed bad (it was brand new, so I wasn't suspecting it), but something else is still wrong
2: sorry for just pasting, I'm not really sure how to interpret it client:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether f0:de:f1:5d:57:0c brd ff:ff:ff:ff:ff:ff
inet6 fe80::29d:f28a:75a7:b5ab/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: wlp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether e2:a8:25:b3:ef:1a brd ff:ff:ff:ff:ff:ff permaddr 00:24:d7:a6:ce:e4
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:0f:11:f5:37 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
server:
1: lo: <LOOPBACK,MULTICAST,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
3: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 6e:10:39:1a:0b:03 brd ff:ff:ff:ff:ff:ff
inet6 fe80::2721:8559:a60d:2e65/64 scope link noprefixroute
valid_lft forever preferred_lft forever
4: enp0s29u1u5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
link/ether 02:48:11:4d:31:03 brd ff:ff:ff:ff:ff:ff
inet 192.168.167.220/24 brd 192.168.167.255 scope global dynamic noprefixroute enp0s29u1u5
valid_lft 3540sec preferred_lft 3540sec
inet6 fe80::6c7f:73bd:fb6c:bacd/64 scope link noprefixroute
valid_lft forever preferred_lft forever
2a: I'm using network manager, it has worked so far. When I try to connect to the wired network manually (normally it does it automatically), nmtui says Could not activate connection: Activation failed: IP configuration could not be reserved (no available address, timeout, etc.). Dnsmasq is running, but I don't know hot to check where is't listening (I tried looking it up, but didn't find anything).
3: it only shows the dummy docker thing; when I connect to the wi-fi hotspot in my phone, it does appear and I can ping it
4: I'm not sure, the nftables config is pasted in the original post
I connect a different device with a cable and I expect it would get an internet connection or at least a local connection. But, well, nothing happens. There are no messages in dmesg or /var/log/messages on both machines either.
Hi!
I'm trying to make a DIY router. I used configs from some online guides (the nftables one is from the project's website), but nothing happens when I connect a different machine. I know that description doesn't say much, so I'd like to know how can I check what's actually wrong. My system (Guix) config is below:
``` (use-modules (gnu)) (use-service-modules cups desktop networking ssh xorg sysctl linux dns)
(define wan "enp0s29u1u5")
(define lan "enp0s25")
(define dnsmasq-config "# Listen on this specific port instead of the standard DNS port
(53). Setting this to zero completely disables DNS function,
leaving only DHCP and/or TFTP.
port=53
Never forward plain names (without a dot or domain part)
domain-needed
Never forward addresses in the non-routed address spaces.
bogus-priv
By default, dnsmasq will send queries to any of the upstream
servers it knows about and tries to favour servers to are known
to be up. Uncommenting this forces dnsmasq to try each query
with each server strictly in the order they appear in
/etc/resolv.conf
strict-order
Set this (and domain: see below) if you want to have a domain
automatically added to simple names in a hosts-file.
expand-hosts
Set the domain for dnsmasq. this is optional, but if it is set, it
does the following things.
1) Allows DHCP hosts to have fully qualified domain names, as long
as the domain part matches this setting.
2) Sets the \"domain\" DHCP option thereby potentially setting the
domain of all systems configured by DHCP
3) Provides the domain part for \"expand-hosts\"
#domain=thekelleys.org.uk domain=example.com
Set Listen address
listen-address=127.0.0.1 # Set to Server IP for network responses
dhcp-range=192.168.3.25,192.168.3.50,24h dhcp-option=option:router,192.168.3.1 dhcp-option=option:ntp-server,192.168.3.5 dhcp-option=option:dns-server,192.168.3.5 dhcp-option=option:netmask,255.255.255.0 ")
(define nftables-config (format #f "flush ruleset
define DEV_PRIVATE = ~a define DEV_WORLD = ~a define NET_PRIVATE = 192.168.0.0/16
table ip global {
chain inbound_world { # accepting ping (icmp-echo-request) for diagnostic purposes. # However, it also lets probes discover this host is alive. # This sample accepts them within a certain rate limit: # # icmp type echo-request limit rate 5/second accept
# allow SSH connections from some well-known internet host ip saddr 81.209.165.42 tcp dport ssh accept }
chain inbound_private { # accepting ping (icmp-echo-request) for diagnostic purposes. icmp type echo-request limit rate 5/second accept
# allow DHCP, DNS and SSH from the private network ip protocol . th dport vmap { tcp . 22 : accept, udp . 53 : accept, tcp . 53 : accept, udp . 67 : accept} }
chain inbound { type filter hook input priority 0; policy drop;
# Allow traffic from established and related packets, drop invalid ct state vmap { established : accept, related : accept, invalid : drop }
# allow loopback traffic, anything else jump to chain for further evaluation iifname vmap { lo : accept, $DEV_WORLD : jump inbound_world, $DEV_PRIVATE : jump inbound_private }
# the rest is dropped by the above policy }
chain forward { type filter hook forward priority 0; policy drop;
# Allow traffic from established and related packets, drop invalid ct state vmap { established : accept, related : accept, invalid : drop }
# connections from the internal net to the internet or to other # internal nets are allowed iifname $DEV_PRIVATE accept
# the rest is dropped by the above policy }
chain postrouting { type nat hook postrouting priority 100; policy accept;
# masquerade private IP addresses ip saddr $NET_PRIVATE oifname $DEV_WORLD masquerade } } " lan wan))
(operating-system (locale "en_GB.utf8") (timezone "Europe/Warsaw") (keyboard-layout (keyboard-layout "pl" "legacy" #:options '("ctrl:nocaps"))) (host-name "router")
(kernel-arguments (list "modprobe.blacklist=pcspkr,snd_pcsp"))
;; The list of user accounts ('root' is implicit). (users (cons* (user-account (name "formbi") (comment "Formbi") (group "users") (home-directory "/home/formbi") (supplementary-groups '("wheel" "netdev" "audio" "video"))) %base-user-accounts))
;; Packages installed system-wide. Users can also install packages ;; under their own account: use 'guix search KEYWORD' to search ;; for packages and 'guix install PACKAGE' to install a package. (packages (append (list (specification->package "nss-certs")) %base-packages))
;; Below is the list of system services. To search for available ;; services, run 'guix system search KEYWORD' in a terminal. (services (append (list (service xfce-desktop-service-type) (service guix-publish-service-type (guix-publish-configuration (port 2137) (advertise? #t))) (service earlyoom-service-type (earlyoom-configuration (avoid-regexp "emacs") (minimum-available-memory 5) (minimum-free-swap 20)))
(service openssh-service-type) (service cups-service-type)
(service dnsmasq-service-type)
(extra-special-file "/etc/dnsmasq.conf" (plain-file "dnsmasq.conf" dnsmasq-config))
(service nftables-service-type (nftables-configuration (ruleset (plain-file "nftables.conf" nftables-config))))
(set-xorg-configuration (xorg-configuration (keyboard-layout keyboard-layout))))
;; This is the default list of services we ;; are appending to. (modify-services %desktop-services
(sysctl-service-type config => (sysctl-configuration (settings (append '(("vm.swappiness" . "10") ("net.ipv4.ip_forward" . "1")) %default-sysctl-settings))))
(network-manager-service-type config => (network-manager-configuration ;(dns "dnsmasq") ))
(guix-service-type config => (guix-configuration (discover? #t))))))
(bootloader (bootloader-configuration (bootloader grub-bootloader) (targets (list "/dev/sda")) (keyboard-layout keyboard-layout))) (swap-devices (list (swap-space (target (uuid "a32aa366-c966-460f-9592-2a08c5cad947")))))
;; The list of file systems that get "mounted". The unique ;; file system identifiers there ("UUIDs") can be obtained ;; by running 'blkid' in a terminal. (file-systems (cons* (file-system (mount-point "/") (device (uuid "30b3a834-f23e-42ad-addf-0cde5538a96f" 'ext4)) (type "ext4")) %base-file-systems))) ```
