sorgelig
commented
2 years ago i'm using AmiTCP - it works fine without any changes in Linux.
Open sprudel79 opened 2 years ago
sorgelig
commented
2 years ago i'm using AmiTCP - it works fine without any changes in Linux.
sprudel79
commented
2 years ago @sorgelig : Thanks for your answer, are you sure you have enabled the firewall?
Yesterday evening I was finally able to solve it and I would like to share my changes I did in the "iptables.up.rules" configuration file at /media/fat/Linux. Basically you can keep all existing "INPUT" and "OUTPUT" rules. All "FORWARD" traffic is rejected by default (-A FORWARD -j REJECT) and I had to add the following prior to this line:
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i ppp+ -o eth0 -j ACCEPT
After a reboot my PPP based internet connection within the Minimig core was fully working.
sorgelig
commented
2 years ago i would add it into Linux release if you could answer a day ago :) How iptable.up.rules file is supposed to be run?
sprudel79
commented
2 years ago i would add it into Linux release if you could answer a day ago :)
So then it might go into the next release :) It's a big honor for me to contribute to the MISTer community.
How iptable.up.rules file is supposed to be run?
After I did once an update via script to my MISTer I got plenty of scripts from this repos: https://github.com/MiSTer-devel/Scripts_MiSTer I have executed especially "security_fixes.sh" which will also enable the firewall (there are also special scripts for turning on/off the Linux firewall). As I understand the script "firewall_on.sh" creates the default settings for the file "/media/fat/linux/iptables.up.rules" if it's not yet present, see here: https://github.com/MiSTer-devel/Scripts_MiSTer/blob/1bac7dd4e8f0580c3bbe10b7c4c19003f576ba90/firewall_on.sh#L44 So it looks like the change request should rather go in there? But in general you don't need to do anything on your side, the file will be picked up correctly by the firewall logic which follows basic Linux standards.
sorgelig
commented
2 years ago If i guess right, these actions are required only if you use additional scripts like security_fixes. Did you try how Roadshow works with vanilla Linux without any changes from release?
sprudel79
commented
2 years ago Correct, if you don't apply any additional scripts or turn off the firewall, Roadmap works without any issues.
sorgelig
commented
2 years ago i see. Then update should be done in corresponding script, not linux distro.
Hi everyone, I connect my Minimig core via Roadshow to the internet, as it is described here: https://misterfpga.org/viewtopic.php?t=2063 What I have noticed is that if the Linux firewall with default settings is enabled the internet connection within Minimig core seems to be fine (I get a proper IP address) but any connection (e.g. ping) is blocked. If I disable the firewall via stop script it will work again. Did anyone achieve to use internet inside Minimig core while keeping the Linux firewall enabled? Thanks in advance for any hints.