Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Minimig internet issues with Linux firewall #144

Open
sprudel79 opened this issue Apr 8, 2022 · 7 comments
Open

Minimig internet issues with Linux firewall #144

sprudel79 opened this issue Apr 8, 2022 · 7 comments

Comments

@sprudel79
Copy link

Hi everyone,
I connect my Minimig core via Roadshow to the internet, as it is described here:
https://misterfpga.org/viewtopic.php?t=2063
What I have noticed is that if the Linux firewall with default settings is enabled the internet connection within Minimig core seems to be fine (I get a proper IP address) but any connection (e.g. ping) is blocked. If I disable the firewall via stop script it will work again. Did anyone achieve to use internet inside Minimig core while keeping the Linux firewall enabled?
Thanks in advance for any hints.
@sorgelig
Copy link
Member

sorgelig commented Apr 8, 2022

i'm using AmiTCP - it works fine without any changes in Linux.

@sprudel79
Copy link
Author

sprudel79 commented Apr 14, 2022
edited
Loading

@sorgelig : Thanks for your answer, are you sure you have enabled the firewall?
Yesterday evening I was finally able to solve it and I would like to share my changes I did in the "iptables.up.rules" configuration file at /media/fat/Linux. Basically you can keep all existing "INPUT" and "OUTPUT" rules. All "FORWARD" traffic is rejected by default (-A FORWARD -j REJECT) and I had to add the following prior to this line:

-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i ppp+ -o eth0 -j ACCEPT

After a reboot my PPP based internet connection within the Minimig core was fully working.

@sorgelig
Copy link
Member

sorgelig commented Apr 14, 2022
edited
Loading

i would add it into Linux release if you could answer a day ago :)
How iptable.up.rules file is supposed to be run?

@sprudel79
Copy link
Author

sprudel79 commented Apr 14, 2022
edited
Loading

i would add it into Linux release if you could answer a day ago :)

So then it might go into the next release :) It's a big honor for me to contribute to the MISTer community.

How iptable.up.rules file is supposed to be run?

After I did once an update via script to my MISTer I got plenty of scripts from this repos:
https://github.com/MiSTer-devel/Scripts_MiSTer
I have executed especially "security_fixes.sh" which will also enable the firewall (there are also special scripts for turning on/off the Linux firewall).
As I understand the script "firewall_on.sh" creates the default settings for the file "/media/fat/linux/iptables.up.rules" if it's not yet present, see here:
https://github.com/MiSTer-devel/Scripts_MiSTer/blob/1bac7dd4e8f0580c3bbe10b7c4c19003f576ba90/firewall_on.sh#L44
So it looks like the change request should rather go in there?
But in general you don't need to do anything on your side, the file will be picked up correctly by the firewall logic which follows basic Linux standards.

@sorgelig
Copy link
Member

If i guess right, these actions are required only if you use additional scripts like security_fixes.
Did you try how Roadshow works with vanilla Linux without any changes from release?

@sprudel79
Copy link
Author

Correct, if you don't apply any additional scripts or turn off the firewall, Roadmap works without any issues.

@sorgelig
Copy link
Member

i see. Then update should be done in corresponding script, not linux distro.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sorgelig @sprudel79