Hi. On Fri, Mar 09, 2018 at 04:30:53PM +0200, Johann Spies wrote: > For many years I have used my desktp as a network/firewall server with > two interfaces one facing the internet (through ADSL) and the other the > local network. > > Now I have a fibre connection and for a month both connections will be > available in parallel. > > I have decided to use my Raspberry Pi3 as the firewall/network server in > future but have after many hours failed to do so successfully.
A suboptimal idea IMO. These Broadcom chipsets are only good for video output, their 100Mbps "Ethernet" is actually hardwired to USB, and their WiFi is a PITA (I used Raspberry Pi3 as WiFi AP for half a year. Never again). They make good SPI programmers though. If you need a good Debian-friendly router, I suggest buying Linksys ACM 1200, 1900 or 3200. > First I have tried a similar Shorewall setup that I have on my desktop > and after failing successful connections I tried ufw with no success. > > First ufw: > > $ sudo ufw status verbose > Status: active > Logging: on (low) > Default: deny (incoming), allow (outgoing) > New profiles: skip > > To Action From > -- ------ ---- > Anywhere ALLOW IN 192.168.0.0/24 > > Anywhere ALLOW OUT 192.168.0.0/24 > 53/udp ALLOW OUT 192.168.0.0/24 > 443/tcp ALLOW OUT 192.168.0.0/24 > > (Ihave added the last two lines which I thought should not be > necessary). > > I get this in the log: > > Mar 9 12:14:15 pi3 kernel: [403782.469448] [UFW BLOCK] IN=eth0 > OUT=eth1 > MAC=b8:27:eb:63:94:ea:1c:5a:3e:e0:29:fe:08:00:45:00:00:3c:50:e8:40:00:3f:06:fb:f2 > SRC=192.168.0.10 DST=207.36.95.10 LEN=60 TOS=0x00 PREC=0x00 TTL=63 > ID=20712 DF PROTO=TCP SPT=53337 DPT=443 WINDOW=5840 RES=0x00 SYN > URGP=0 An "iptables-save" output would be welcome. There are many frontends to netfilter, but nothing beats the original "iptables". Reco
