3 Jun
2018
3 Jun
'18
8:43 p.m.
Altougt it seems not the case as per this line of code
https://github.com/libremesh/lime-packages/blob/develop/packages/lime-syste…
files/usr/lib/lua/lime/network.lua#L108
It is probably because the DNS queries are resolved inside the network, some
parts of anygw (one of functionalities libremesh default configuration offers)
could interfere in what you are trying to do
Take a look at your client configuration to see what DNS server address they
get assigned when they connect, if it is the same as the gateway my anygw
hipotesys may be correct
Anyway I believe you could still use libremesh without anygw, or adapt anygw
to your situation (it should't be difficult)
Cheers!
Gio
On Sunday, 3 June 2018 16:22:32 CEST Hiure Queiroz wrote:
Hi Nicolas,
Thank you for answered, I try restrict access to DNS like it said here
(https://wiki.openwrt.org/doc/howto/wireless.hotspot.nodogsplash), I put
this line in /etc/config/nodogsplash
list preauthenticated_users 'allow udp port 53 to 208.67.222.222'
list preauthenticated_users 'allow udp port 53 to 208.67.220.220'
But its doesn't work. I am not sure, but I think the packages are being
accepted before this rules apply.
I try put some rules in /etc/config/firewall but it doesn't work too.
How is the right way for put some rules for port 22 in libremesh system?
Em 2018-06-03 10:17, Nicolas Pace escreveu:
You could try to filter packages to the port 21
other than the
routers.
That way they would need to go through your dns... Making it reeeally
slow for them.
Also you can limit the size of dns packets in openwrt to ensure they
don't have too much bandwidth through your dns.
On June 3, 2018 7:47:22 AM CDT, Hiure Queiroz <hiure(a)riseup.net>
wrote:
> Hello World!
>
> My name is Hiure, I am a member of coolab ( coolab.org). This is the
> first time I write to this list , I am a beginner on administrate
> networks and configure equipments.
>
> By initiative from COOLAB we are starting a few community networks
> around Brazil. One of them is where I live , in a rural community
> in
> the city of Monteiro Lobato, State of São Paulo. Here we start
> since the
> creation of a association to formalize the communitary network and
> create a model to guide on the other COOLAB installations.
>
> We arre using the last version of libremesh , cooking it in the
> cooker.
> As we still in a test phase we have only six nodes , the gateway is
> a
> tplink wdr3500. With a captive portal, we are running this adapt
> version
> to nodogsplash (http://wiki.coolab.org/index.). This system is
> fundamental to keep the network sustainable, without it we can not
> finance the connection and technical support for the network.
>
> The problem is, in the last months some people found a way to hack
> this
> system. What I understood so far: There is a cellphone app that
> create
> tunnels for diferent ports and instead of swap packages DNS it
> tunell
> all the packages by there. I know just a few things about how
> firewall,
> iptables, ebtables, etc, i have been studying it in the last months
> ,
> but it seens much more complicated because it look that in
> libremesh,
> with so many interfaces, its get hard to understand and to execute a
> rule that can solve this problem.
>
> If someone can help me with some tips on t do it , or sending some
> material where I can study to understand better this questions, it
> would be great
>
> bests
> Hiure
>
> -------------------------
>
> lime-users mailing list
> lime-users(a)lists.libremesh.org
> https://lists.libremesh.org/mailman/listinfo/lime-users
_______________________________________________
lime-users mailing list
lime-users(a)lists.libremesh.org
https://lists.libremesh.org/mailman/listinfo/lime-users