Use PiHole for Guest Network on OpenWRT router - openwrt

I followed this tutorial to create a guest wifi, which is working great.
My PiHole is filtering out ads on my main wifi at 192.168.1.1.
However, if I add 6,192.168.1.2 (which is my PiHole's static address) as the DHCP Option to the guest interface's advanced settings under the DHCP tab, none of my devices connected to the guest wifi are able to connect to the internet, e.g. ping google.com.
LAN is setup as 192.168.1.1
GUEST is setup as 192.168.3.1
My current firewall settings look like this:
Guest => WAN: Input (Reject), Output (Allow), Forward (Reject)
I added Traffic Rules according to the tutorial mentioned above, for port 53 and port 67.
I probably need to add some firewall rule but I am not too savvy with OpenWRT's firewall. Possibly there is another solution too?

Here is what I did to solve this issue:
Essentially, I added a traffic rule in the OpenWrt firewall to allow UDP packets from my Guest LAN to my main LAN 192.168.1.2 on port 53.
These are the steps I took, when adding a new Traffic Rule:
Protocol: UDP only
Source Zone: Guest
Destination IP: 192.168.1.2
Destination Port: 53
All other values/options were left untouched
Now, all connected devices to the Guest network are being filtered through PiHole as well.

Related

Can't open port in digitalocean

I’m using digitalocean to host my website and I'm trying to open the port 8832 and 587 without any success. I created a firewall in the control panel and added these to the inbound and outbound rules:
Custom TCP 587 All IPv4 All IPv6
Custom TCP 8832 All IPv4 All IPv6
HTTP TCP 80 All IPv4 All IPv6
HTTPS TCP 443 All IPv4 All IPv6
I also disabled ufw in my droplet:
ufw status verbose
Status: inactive
I also rebooted the droplet. However it seems to still block the ports 587 and 8832. Interestingly the ports 443 and 80 for the webserver are open. Can someone tell my why I can’t open these specific ports?
this affects the ip: 165.232.76.115
I figured out how to solve it by myself. I had to remove the firewall in the control panel and used the ufw software firewall instead. Don’t know why the control panel firewall didn’t work properly or maybe I used it wrong.

Port Forwarding for compute engine google cloud platform

I'm trying to open port TCP 28016 and UDP 28015 for a game server in my compute engine VM running on Microsoft Windows Server 2016.
I've tried opening the opening inside my server using RDP, going to Windows Firewall setting and creating new inbound rules for both TCP 28016 and UDP 28015.
Also done setting firewall rules on my Cloud Platform Firewall Rules for both port.
When running my game server application, running netstat didn't show any of the port being used / not listening . Not even shows up. What did i do wrong ?
Edit : it now shows up on netstat -a -b , but didn't have LISTENING
If it doesn't show as LISTENING, it's not a firewall or "port forwarding" issue; rather, the application either isn't running, or is running but isn't configured to listen for connections on that port.

Portforwarding not working

I recently tried to portforward port 80 on my local IP, but as the tutorial said, it should be open on my external IP, which it's not. But it is open on my local ip thought.
I have portforwarded port 80, range 80 UDP and TCP on my local IP: 192.168.1.170
This is the tutorial i followed: https://www.youtube.com/watch?v=RZTYqTGqtjI
I portforwarded my IP in the router settings.
https://image.ibb.co/hGW4fm/Sk_rmbild_345.png
https://image.ibb.co/exWFmR/Sk_rmbild_344.png
IF THE suggested METHOD DOESN'T WORK FOR YOU , DO THIS :-
GOTO -> SECURITY TAB -> REMOTE MANAGEMENT
Enable the Remote Management (or enter 255.255.255.255 in the field) .
This will enable the you to access your LAN from WAN.
For the record :-
Internal Port is the PORT on which the device in your LAN is serving .
External Port is the port which the user enters in the browser . exp :- 127.184.184.19:8080 .
Here 8080 is the external port . And if a device in your LAN runs a http web server at port 80 , then the internal port would be 22.
If the Above methods don't work , then your ISP might be using Carrier NAT which means you would have a different PUBLIC and WAP ip address .
In this case , you should use the WAN ip address shown in your router configuration page to access your LAN from internet. s
Kindly Try to open same URL from different Internet Connection other than LAN

route all traffic over gre tunnel

I have an openvswitch sw1 with subnet 10.207.39.0/24 that has lxc containers attached and I have the same on another physical server and I have successfully connected these using a GRE tunnel. However, the lxc containers have additional ports on additional openvswitches, e.g. sw4 with subnet 192.220.39.0/24 and I want to push that traffic over the single gre tunnel on sw1 because there is only one physical interface and it's not possible to have multiple gre tunnels on each openvswitch with the same physical interface IP addr endpoints. Is it possible to push the traffic on the other openvswitches over the gre tunnel on sw1? Or is there a better way to connect multiple subnets in lxc containers on two physical hosts? Thanks.
I solved this "myself" - with help from two links provided below - (after sleeping on it and relentless google searches over several frustrating days).
I realize the solution is pretty simple and would be clear to a networking professional. I am an Oracle DBA and only know as much networking as I need to work with orabuntu-lxc software, LXC containers, and Oracle software, so please keep that in mind if the below is "obvious" - it wasn't obvious to me in my network ignorance.
I got the clue on how to solve the actual steps from this blog post:
http://www.cnblogs.com/popsuper1982/p/3800548.html
I confirmed that any subnet should be routable over a GRE tunnel from this blog post (which gave me hope to keep working towards a solution):
https://supportforums.adtran.com/thread/1408
In particular the author stated in the adtran comment that "GRE tunnels have no limitation on the types of traffic which can traverse it. It can route multiple subnets without multiple tunnels."
That post told me that the solution was likely a routing solution and that only one GRE tunnel would be needed for this use case.
Note that this feature of "no limitation" on the types of traffic is great for Oracle RAC because we need to be able to send multicast over the GRE tunnel for RAC.
This use case:
I am building an Oracle RAC infrastructure to run in LXC Linux containers. I have a public network 10.207.39.0/24 on openvswitch sw1 and a private RAC interconnect network 192.220.39.0/24 on openvswitch sw4. I want to be able to build the RAC in LXC linux containers that span multiple physical hosts and so I created a GRE tunnel to connect the 10.207.39.1 tunnel endpoint on colossus to 10.207.39.5 tunnel endpoint on guardian.
Here is the setup details:
Host "guardian":
LAN wireless physical network interface: wlp4s0 (IP 192.168.1.11)
sw1 10.207.39.5
sw4 192.220.39.5
Host "colossus":
LAN wireless physical network interface: wlp4s0 (IP 192.168.1.15)
sw1 10.207.39.1
sw4 192.220.39.1
Step 1:
Create GRE tunnel between sw1 openvswitches on both physical hosts with physical wireless LAN network interface end points:
Host "guardian": Create gre tunnel phys hosts (guardian --> colossus).
sudo ovs-vsctl add-port sw1 gre0 -- set interface gre0 type=gre options:remote_ip=192.168.1.15
Host "colossus": Create gre tunnel phys hosts (colossus --> guardian).
sudo ovs-vsctl add-port sw1 gre0 -- set interface gre0 type=gre options:remote_ip=192.168.1.11
Step 2:
Route the 192.220.39.0/24 network over the established GRE tunnel as shown below:
Host "guardian": route 192.220.39.0/24 openvswitch sw4 over GRE tunnel:
sudo route add -net 192.220.39.0/24 gw 10.207.39.5 dev sw1
Host "colossus": route 192.220.39.0/24 openvswitch sw4 over GRE tunnel:
sudo route add -net 192.220.39.0/24 gw 10.207.39.1 dev sw1
Note: To add additional subnets repeat step 2 for each subnet.
Note on MTU:
Also, you have to allow for GRE encapsulation in MTU if you want to ssh over these tunnels.
Therefore in the above example for the main GRE tunnel connecting the hosts, we need MTU to be set to 1420 to allow 80 for the GRE header.
MTU on the LXC container virtual interfaces on the sw1 switches need to be set to MTU=1420 in the LXC container config files.
MTU on the LXC container virtual interfaces on the sw4 switches need to be set to MTU=1420 in the LXC container config files.
Note that the MTU on the openvswitches sw1 and sw4 should automatically set to the MTU on the LXC intefaces as long as ALL LXC virtual interfaces are set to the new lower MTU values, so explicitly setting MTU on the openvswitches sw1 and sw4 themselves should not be necessary.
If run into issues still with SSH over the tunnels, but ping works cross-hosts cross-containers, then re-check all MTU settings on the virtual interfaces and openvswitches and recheck.

Centos 7 minimal install can't talk to internet

Newbie trying to install/set up Centos 7. Can ping other machines in the domain, but can't ping gateway, google.com etc. Gets destination host unreachable for gateway and unknown host google.com when pinging google.com
Please advice.
etc/sysconfig/network-scripts:
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=enp4s0
iUUID=c39e3407-a566-4586-8fb9-fd4e3bfc4617
DEVICE=enp4s0
ONBOOT=yes
IPADDR="192.168.192.150"
GATEWAY="208.67.254.41"
DNS1="8.8.8.8"
DNS2="8.8.4.4"
etc/resolv.conf
# Generated by NetworkManager
nameserver 8.8.8.8
nameserver 8.8.4.4
etc/sysconfig/network
# Created by anaconda
NETWORKING=yes
HOSTNAME=centos7
GATEWAY=208.67.254.41
Since it says unknown host google.com the machine is not able to route request to internet DNS server(8.8.8.8) to resolve google ip and when you ping the gateway it destination host not reachable
For a machine to connect to other machine their the machine should be within lan if not on lan then there should be a machine which acts a gateway machine within lan in your case you have pointed gateway to 208.67.254.41 obviously it is not on lan so this machine 208.67.254.41 should be accessible from some machine in lan to do so use route command
which add a routing entry in machines routing table
route add -host gw dev
In your case command goes like
route add -host 208.67.254.41 gw dev
eg : route add -host 192.168.12.45 gw 192.168.12.1 dev eth0
Comment entries if ipv6 is not used
Make sure to keep ip forwarding on in the gateway machine in /etc/sysclt.conf on gateway machine
Have you disabled Network Manager?
Command line:
service NetworkManager status

Resources