Steamymoomilk
@Steamymoomilk@sh.itjust.works
Linux hobbyist, Machinist and Craftsman
- Comment on New MAGA acronym interpretation 4 days ago:
Malice Assholes Grift Again
- Comment on I can not over express how happy I am with having setup my NAS from scratch. 4 days ago:
Grammer is for english class or grammer community’s. Who cares
- Comment on Help with iptables, using nixos setting up a wiregaurd server for friends 4 days ago:
so for example, setting 192.168.8.170 on the clients as the only allowed IP aswell as the server would do what i need? thanks for helping trying to navigate my labyrinth of networking :P
- Comment on Help with iptables, using nixos setting up a wiregaurd server for friends 4 days ago:
neat web app! the drawings kinda suck tho, but thats just a skill issue on my part :P
- Comment on Help with iptables, using nixos setting up a wiregaurd server for friends 4 days ago:
so if i understand this correctly, it runs a docker container to which runs the wireguard server and then you just specify hostname/ip adress for the services, then when sombody tunnels in they have acess to only the services specifide in config file? if so looks pretty useful!, i just question what happens to the rest of the traffic? is it locally routed in my network or client side? im not very familiar with proxys, i know what they are but have never really messed with one. Thanks for sharing
- Comment on Help with iptables, using nixos setting up a wiregaurd server for friends 4 days ago:
ok ill try to explain to the best of my ability and simply it.
i no longer want to use tailscale, because of accounts. i used to use tailscale for the minecraft server i want my friends to be able to acess only 192.168.8.170 on my local network and all other traffic to not be routed through my vpn but my friends to have acess to there internet on there LAN. example, we can play minecraft on the server on my network and we can be in a group call in signal. meaning friend 1 and 2 are using there internet connection locally, and only 192.168.8.170 being routed.
We also had some connectivity issues with tailscale, where friend 1 would be on and friend 2 would lag out of the server randomly. when if we played a game through steam we wouldnt have any connection issues. my friend is also very forgetful and cant log into his tailscale account, which is another reason why i wanna ditch tailscale.
- Comment on Help with iptables, using nixos setting up a wiregaurd server for friends 4 days ago:
so my friends wiregaurd config is
“[Interface] Address = 10.0.0.3/24 ListenPort = 51820 PrivateKey = magic numbers
[Peer] PublicKey = magic numbers PresharedKey = magic numbers AllowedIPs = 0.0.0.0/0, ::/0 Endpoint = magic numbers”
So if i understand the article correctly, i need to change it to
"[Interface] Address = 10.0.0.3/24 ListenPort = 51820 PrivateKey = magic numbers
[Peer] PublicKey = magic numbers PresharedKey = magic numbers AllowedIPs = 0.0.0.0/0, ::/0 Endpoint = magic numbers"
Split tunneling: Exclude certain traffic from the VPN
PostUp = ip rule add from 192.168.50.0/24 table main PostDown = ip rule delete from 192.168.50.0/24 table main
my friends LAN is 192.168.50.0/0 so im assuming were just trying to tell wireguard that anything within my friends subnet doesnt get routed? which means he will still be able to reach HigherGround@192.168.8.170? and all of his other traffic will be local to him and go through his router?
im confused what “table” and “main” are im assuming its apart of iptables rules? im pretty new to IP tables so forgive me for my lack of understanding. i know its basically a linux purest firewall LMAO,
Then on my server i would edit
This allows the wireguard server to route your traffic to the internet and hence be like a VPN
postUp = '' ${pkgs.iptables}/bin/iptables -A FORWARD -i cavein0 -j ACCEPT ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o enp5s0 -j MASQUERADE ''; # Undo the above preDown = '' ${pkgs.iptables}/bin/iptables -D FORWARD -i cavein0 -j ACCEPT ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -o enp5s0 -j MASQUERADE '';
And make it like this?
This allows the wireguard server to route your traffic to the internet and hence be like a VPN
postUp = '' ${pkgs.iptables}/bin/iptables -A FORWARD -i cavein0 -j ACCEPT ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o enp5s0 -j MASQUERADE ${pkgs.busybox/bin/ip rule add from 192.168.50.0/24 table main ''; # Undo the above preDown = '' ip rule add from 192.168.1.0/24 table main ${pkgs.iptables}/bin/iptables -D FORWARD -i cavein0 -j ACCEPT ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -o enp5s0 -j MASQUERADE ${pkgs.busybox/bin/ip rule delete from 192.168.50.0/24 table main '';
Right? or is step 4 on the client still? its not very clear in the article thanks for helping out!
- Comment on Help with iptables, using nixos setting up a wiregaurd server for friends 4 days ago:
Image gronk use ms paint to describe. gronk bad at explaining so he draws pretty pictures :P
- Submitted 4 days ago to selfhosted@lemmy.world | 16 comments
- Comment on RTX On 1 week ago:
1000000495 DEAR GOD THE 9090 RELEASE JENSON PLEASE!
- Comment on Ahahah, it's too late Batman, I've already released an uncountable amount of PFAS into Gotham's water supply! 2 months ago:
Woops Im tired lol
- Comment on You did it. You broken the conditioning. 2 months ago:
Now you gotta tie him to the track and do a kickflip and ollie with the train
- Comment on AAAAAHHHHH 2 months ago:
“Run, run for your lives, save your self”
- Comment on Ahahah, it's too late Batman, I've already released an uncountable amount of PFAS into Gotham's water supply! 2 months ago:
“nyhahaha your to late batman! I have the transit app”
looses lte internet
“Shit, shit shit NOO BATMAN PLEASE AGHHGHGGGG”
- Comment on With Core ONE, Prusa's Open Source Hardware Dream Quietly Dies | Hackaday 2 months ago:
Bamboo is a pretty good company for printers, do not lump them in with the glue drinkers at stratasys. Ive worked st many companys that own products from them, there the HP inkjet subscription nightmares. You gotta buy the speciality filliment from them that come in chartrages with a chip to verify its geninue filliment. You must buy the plastic replacment beds, which are 1 time use and roughly $5-$10 for them. Aswell the history of FFF is stalled by stratasys. They copy righted 3d printing in the late 80’s and actively striked down competitors by sueing them or buying them out. Until early 2000 where there patent started to ware out and the reprap movement took place.
I will never buy a stratasys
- Comment on D-Link refuses to patch yet another security flaw, suggests users just buy new routers — D-Link told users to replace NAS last week 2 months ago:
There right you and i should just buy a new one
Of a diffrent brand
- Comment on YouTube ads have ruined the good, old-fashioned Rick Roll. 2 months ago:
I know theres a github page. I believe its shatterdisk? When i was in school they firewalled youtube. So i found alternatives to rick roll.
Where there is a rick roll There is a rick way
- Comment on Where can I buy a mosquito laser system? 2 months ago:
Yes
- Comment on DOJ to ask judge to force Google to sell off Chrome, Bloomberg reports 2 months ago:
Oh go figure, my bad :P
- Comment on DOJ to ask judge to force Google to sell off Chrome, Bloomberg reports 2 months ago:
Its based on debian now :(
Depending on what version
- Comment on Answer very carefully 2 months ago:
Federal Bacon Industys joins the call
- Comment on Inflation is hitting hard these days 2 months ago:
Just wait till she pull out the star bucks tablet.
TIP AMOUNT
25% 50% 100%
- Comment on FTC to launch investigation into Microsoft’s cloud business 2 months ago:
Micro-scoff
- Comment on A Netflix exclusive 2 months ago:
Agreed Tyson still whipped his ass, hes double the age and paul won by 4 little taps.
- Comment on AI tool that sounds like elderly grandmother created to waste scammers' time 3 months ago:
“My sorry dave, i cannot open the door”
- Comment on My little buddy (pack of 12) 3 months ago:
I miss the old Michael reeves
- Comment on You've Boned the Wrong Woman! 3 months ago:
💀💀💀💀💀
- Comment on New song just dropped 3 months ago:
Wireless Acess Point
- Comment on Apple teases “week of announcements” about the Mac starting on Monday 3 months ago:
- Comment on Lack of D 3 months ago:
SystemD
