[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | |||
howtos:network_services:running_an_access_point_from_a_slackware_box [2023/01/20 09:43 (UTC)] – [4.3 DNS and DHCP Servers] fix typos tim | howtos:network_services:running_an_access_point_from_a_slackware_box [2023/01/20 09:57 (UTC)] (current) – [4.4 Firewalling] fix typos tim | ||
---|---|---|---|
Line 262: | Line 262: | ||
COMMIT | COMMIT | ||
- | NOTE *: Clamping MSS to PMTU can get internet browsing from your LAN working but can brake VPN packets. The proposed workaround has been made necessary by the increasing tendency of failing to find PMTU. It is not always necessary for you to activate the workaround but be warned that it can equally inadvertently stop working leaving you with an intermittent | + | NOTE *: Clamping MSS to PMTU can get internet browsing from your LAN working but can break VPN packets. The proposed workaround has been made necessary by the increasing tendency of failing to find PMTU. It is not always necessary for you to activate the workaround but be warned that it can equally inadvertently stop working leaving you with an intermittent |
I generally put the content above in / | I generally put the content above in / | ||
Line 269: | Line 269: | ||
/ | / | ||
If you're going to share internet connection you might want to stop ssh access from internet by adding a firewall rule to regulate it or making sshd bind only to the address assigned to br0. The config shown above will not allow incoming ssh traffic from the internet link (by the connection tracking rule) but you may want to back that up with further safety. | If you're going to share internet connection you might want to stop ssh access from internet by adding a firewall rule to regulate it or making sshd bind only to the address assigned to br0. The config shown above will not allow incoming ssh traffic from the internet link (by the connection tracking rule) but you may want to back that up with further safety. | ||
- | Longer | + | Longer |
ListenAddress 192.168.0.1 | ListenAddress 192.168.0.1 | ||
At this point you should be able to associate clients to the AP. | At this point you should be able to associate clients to the AP. | ||
With the above iptables rules client with MAC 0a: | With the above iptables rules client with MAC 0a: | ||
- | client with MAC 00: | + | client with MAC 00: |
- | An other way to implement even more complex MAC ACL to decide who manages AP, who can only route trough | + | Another |
Line 308: | Line 308: | ||
If you start going crazy over transferring large files over fast networks for a problem that seems like mtu related but is not you might want to consider turning net.ipv4.tcp_sack off. | If you start going crazy over transferring large files over fast networks for a problem that seems like mtu related but is not you might want to consider turning net.ipv4.tcp_sack off. | ||
- | If your ISP gives you some sort of traffic quota you may want to add some quotas to your firewall configuration. You may fully understand the consequences of streaming on your ISP quota but maybe the rest of the family may not: giving them a quota might save you a fit when you need to do an urgent job that requires internet connection. There a re various ways you could go about putting quotas on specific clients on your LAN just keep in mind a few things: | + | If your ISP gives you some sort of traffic quota you may want to add some quotas to your firewall configuration. You may fully understand the consequences of streaming on your ISP quota but maybe the rest of the family may not: giving them a quota might save you a fit when you need to do an urgent job that requires internet connection. There are various ways you could go about putting quotas on specific clients on your LAN just keep in mind a few things: |
* rules with quotas stop matching once quota is exceeded | * rules with quotas stop matching once quota is exceeded | ||
* flushing your tables will reset all quota counters | * flushing your tables will reset all quota counters |