Andrew Cooke | Contents | Latest | RSS | Previous | Next

C[omp]ute

Welcome to my blog, which was once a mailing list of the same name and is still generated by mail. Please reply via the "comment" links.

Always interested in offers/projects/new ideas. Eclectic experience in fields like: numerical computing; Python web; Java enterprise; functional languages; GPGPU; SQL databases; etc. Based in Santiago, Chile; telecommute worldwide. CV; email.

Personal Projects

Choochoo Training Diary

Last 100 entries

© 2006-2017 Andrew Cooke (site) / post authors (content).

OpenSuse Leap 15 Network Fixes

From: andrew cooke <andrew@...>

Date: Sat, 23 Jun 2018 14:58:34 -0400

I just updated from Leap 42.3 to 15.0 (no idea why the numbering
changed).

Since I have had the same config that is updated over the years things
slowly slide into disuse.  This time the networking side took a hit.
Here's what I had to do to get things working again:

* ifconfig has disappeared, so use "ip a" instead.

* My network is pppoe (yeah).  That seems to need restarting explcitly
  but still works (systemd start ppp@...).  I still need to
  understand why this doesn't auto-start.

* Both named and dhcpd seemed to be uninstalled.  So I re-installed
  them and restarted them.  The dhcpd config was moved so had to be
  copied back (/etc/dhcpd.config.rpmsave or similar).

* /etc/resolv.conf seemed to have changed, so copied the netconfig
  version into its place.

* The Firewall has changed.  Yast now delegates to firewalld, but there
  is no text GUI so Yast gives a disturbing message.  What you need to
  do is:

  * Install firewalld, firewall-config and firewall-cmd

  * systemctl start firewalld

  * Run firewall-config and put the local interface in internal
    (the one running 10.1.0.0) and the remote interface (ppp0 in
    my case) in external.  Then enable approriate services in
    internal (and none in external).  Enable masquerading on the
    internal too.

  * There's a "runtime" and "permanent" mode.  You do things in
    runtime first to make sure it works but then seem to have to
    duplicate everything in permanent to make it stick across
    firewall restarts.

  * To get full masquerading you need to follow the incantations
    at https://www.centos.org/forums/viewtopic.php?t=53819:

    firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -o eth_ext -j MASQUERADE
    firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i eth_int -o eth_ext -j ACCEPT
    firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i eth_ext -o eth_int -m state --state RELATED,ESTABLISHED -j ACCEPT

    To make those stick, once they appear to work:

    firewall-cmd --direct --permanent --add-rule ipv4 nat POSTROUTING 0 -o eth_ext -j MASQUERADE
    firewall-cmd --direct --permanent --add-rule ipv4 filter FORWARD 0 -i eth_int -o eth_ext -j ACCEPT
    firewall-cmd --direct --permanent --add-rule ipv4 filter FORWARD 0 -i eth_ext -o eth_int -m state --state RELATED,ESTABLISHED -j ACCEPT

With all that, things seem to work.

Andrew

PS Also, the schumacher clean font has changed, making terminals ugly.

SSH Forwarding

From: andrew cooke <andrew@...>

Date: Wed, 11 Jul 2018 20:39:36 -0400

To open port XX to ssh on 22:

  firewall-cmd --zone=external --add-port=XX/tcp
  firewall-cmd --zone=external --add-forward-port=port=XX:proto=tcp:toport=22

with --permanent for permanent

Andrew

You can Masquerade in Firewalld

From: andrew cooke <andrew@...>

Date: Sun, 18 Nov 2018 13:10:27 -0300

There's no need for the --direct rules above, just enable masquerading
in firewall-config.

I have no idea why I didn't do this originally - I think I tried it
and it didn't work, but it does know so...

Andrew

Comment on this post