Comment on Best secure router for home use?
Semi-Hemi-Demigod@kbin.social 1 year agoI did mine by just adding some iptables rules to set up NAT. It's all of four commands:
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
iptables –t nat -s 192.168.0.0/16 –A POSTROUTING –o $wan0 -j MASQUERADE
iptables –A FORWARD –i $wan0 –o $lan0 –m state --state RELATED, ESTABLISHED -j ACCEPT
iptables –A FORWARD –i $lan0 –o $wan0 –j ACCEPT
Just set $lan0 and $wan0 to your LAN and WAN interfaces. For wifi I've got a couple Unifi access points around the house for good coverage.
Yes, I know IPv6 is better and yadda yadda yadda but I can't remember the addresses let alone type them so I'm not changing anything.
d13@programming.dev 1 year ago
I did this as well, but I’m wondering if it was the wrong call. It’s harder to work with firewalls (particularly if docker is involved), and I’ve struggled with stuff like SyncThing.
Most likely more learning could solve it, but I wonder if I should switch to a dedicated router OS where more support resources are available.
Semi-Hemi-Demigod@kbin.social 1 year ago
I've got almost all of my services running on a separate, bigger system and only have a couple ports open on this one. Iptables isn't too hard once you understand the shorthand.