GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    受不了包 (shibao@misskey.bubbletea.dev)'s status on Wednesday, 16-Oct-2024 08:31:50 JST 受不了包 受不了包

    so i've decided to give up on the iptables but if you'd like to help debug then here's the config. yes, they're executed in order by wg-quickPostUp = iptables -A INPUT -p tcp -m multiport --dports 22,8889,1883,1935,25565,443,5222,5223,5269,5443,80,8384,8887 -j ACCEPT PostUp = iptables -A INPUT -p tcp -m multiport --dports 22000,4001,56460,58846,64738,8080,8883,8888 -j ACCEPT PostUp = iptables -A INPUT -p udp -m multiport --dports 22000,4001,56460,58846,64738,8080,8883,8888,21027,3478,51820 -j ACCEPT # PostUp = iptables -A INPUT -j REJECT PostUp = iptables -A FORWARD -p tcp -m multiport --dports 8889,1883,1935,25565,443,5222,5223,5269,5443,80,8384,8887 -j ACCEPT PostUp = iptables -A FORWARD -p tcp -m multiport --dports 22000,4001,56460,58846,64738,8080,8883,8888 -j ACCEPT PostUp = iptables -A FORWARD -p udp -m multiport --dports 22000,4001,56460,58846,64738,8080,8883,8888,21027,3478,51820 -j ACCEPT # PostUp = iptables -A FORWARD -j REJECT PostUp = iptables -t nat -A PREROUTING -p tcp -m multiport --dports 8889,1883,1935,25565,443,5222,5223,5269,5443,80,8384,8887 -j DNAT --to-destination 10.10.10.2 PostUp = iptables -t nat -A PREROUTING -p tcp -m multiport --dports 22000,4001,56460,58846,64738,8080,8883,8888 -j DNAT --to-destination 10.10.10.2 PostUp = iptables -t nat -A PREROUTING -p udp -m multiport --dports 22000,4001,56460,58846,64738,8080,8883,8888,21027,3478,51820 -j DNAT --to-destination 10.10.10.2 PostUp = iptables -t nat -A POSTROUTING -d 10.10.10.2 -j SNAT --to-source 10.10.10.1 PostDown = iptables -t nat -F PostDown = iptables -Funcommenting any of the commented lines will completely torpedo the connection. I know for a fact that there isn't a problem with the multiport syntax because it works for the POSTROUTING rules.

    In conversation about a month ago from misskey.bubbletea.dev permalink
    • Embed this notice
      受不了包 (shibao@misskey.bubbletea.dev)'s status on Wednesday, 16-Oct-2024 09:07:09 JST 受不了包 受不了包
      in reply to
      • mr64bit

      @mr64bit@p.mr64.net i can test really easily if you have an idea

      In conversation about a month ago permalink
    • Embed this notice
      mr64bit (mr64bit@p.mr64.net)'s status on Wednesday, 16-Oct-2024 09:07:10 JST mr64bit mr64bit
      in reply to
      @shibao wait durrr, hang on, lemme test something
      In conversation about a month ago permalink
    • Embed this notice
      mr64bit (mr64bit@p.mr64.net)'s status on Wednesday, 16-Oct-2024 09:07:11 JST mr64bit mr64bit
      in reply to
      @shibao If you're trying to do what I think you are, you need masquerade rules, not DNAT. (SNAT isn't needed with masquerade)
      In conversation about a month ago permalink
    • Embed this notice
      受不了包 (shibao@misskey.bubbletea.dev)'s status on Wednesday, 16-Oct-2024 09:07:11 JST 受不了包 受不了包
      in reply to
      • mr64bit

      @mr64bit@p.mr64.net the DNAT and SNAT already works and SNAT is better for static ips, although masquerade would work also

      In conversation about a month ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.