Software projects/OS/Slackware/Advanced usage/Firewall
From Pandora Wiki
Network interfaces
- eth0 is the interface that shows up when you plug an USB to ethernet adapter. A list of compatible ones is located here.
- wlan0 is the embedded Wi-fi interface.
- wlan1 is the name of a Wi-fi dongle.
- usb0 is the big USB port (not sure, may be the first plugged).
- usb1 is the small USB port (not sure).
- If you connect an OP with another using an USB cable, the OP at the little end of the cable will dramatically drain the current from the other OP's big USB port.
- To avoid this, at the little end, type as root:
echo 0 > /sys/class/power_supply/twl4030_usb/enable
- there's also a bluetooth interface, but until now i never used it, so can't tell much about it.
- These interface numbers may vary, depending which one you plug first.
- The numbers can be fixed using the /etc/udev/rules.d/70-persistent-net.rules file.
- This file is deleted at each shutdown. To make use of it, edit /etc/rc.d/rc.local_shutdown , and comment this line:
rm /etc/udev/rules.d/70-persistent-net.rules
into
#rm /etc/udev/rules.d/70-persistent-net.rules
Firewall
- I shipped some default firewall configurations for eth0, wlan0 and usb0. I generated them using the easy firewall generator.
- I didn't test them as i use a router, so it's up to you to try it.
- If you want to use a firewall, ie. for eth0, then do:
cp /etc/rc.d/rc.firewall.eth0 /etc/rc.d/rc.firewall chmod +x /etc/rc.d/rc.firewall /etc/rc.d/rc.firewall start
Gateway
- To use the OP as a simple gateway
chmod +x /etc/rc.d/rc.ip_forward /etc/rc.d/rc.ip_forward start
NAT Router
- It also uses a /etc/rc.d/rc.firewall script.
- I don't provide any because everyone have a different setup.
- Create it yourself with the easy firewall generator.
- Then save it as /etc/rc.d/rc.firewall and do this:
chmod +x /etc/rc.d/rc.firewall /etc/rc.d/rc.firewall start
QoS
- For now, a recompiled kernel is necessary.
- A basic setting consists of packet mangling who changes the ToS field in the packets, through rc.firewall rules. A simple example:
iptables -A PREROUTING -t mangle -p tcp --sport ftp -j TOS --set-tos Minimize-Delay iptables -A PREROUTING -t mangle -p tcp --dport ftp -j TOS --set-tos Minimize-Delay iptables -A PREROUTING -t mangle -p tcp --sport ftp-data -j TOS --set-tos Maximize-Throughput iptables -A PREROUTING -t mangle -p tcp --dport ftp-data -j TOS --set-tos Maximize-Throughput
- A more advanced setup makes use of dedicated kernel modules. The most known script is the outdated wondershaper.