Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "firewalld"
## Building my own router
So after poor luck with mPCIe in my miniPC I decided to go with USB wifi solutions. So I got the https://aliexpress.com/item/... , hooked it up and started setting things up. Took me a day to figure out that firewalld (CentOS7/8 firewall) is not directly compatible with raw iptables commands. Damn it! But hey, a lesson learnt is time well spent!
Installed named, dhcpd, hostapd, disabled NetworkManager for my wifi card, etc.. And had to learn another lesson -- if a netowrk interface is bridged then iptables sees the bridge rather than the raw interface. That's another 2 hours well spent :)
In the end I have a working AP!!! It's still hooked in to my router via RJ45, but it does work and does work quite well!
Here's some comparison for now:
via router (2.4): https://speedtest.net/result/...
via router (5): https://speedtest.net/result/...
via miniPC (2.4): https://speedtest.net/result/...
via miniPC (5): <TBD>
Not that bad, aye?
All in all I'm happy with my decision to build a miniPC based router. Now I have the modularity I wanted so mush and a complete control on my networking! Can't wait for wifi6 USB dongles to be released :)4
IDK man, it took me a while to finally learn iptables and now switch to firewalld? Oh come on. It's not that I'm against learning new things, no. It's just that firewalld looks a bit.. crappy. If I get a server provisioned and run
firewall-cmd --add-port=53/udp --permanent
and I get my ssh connection killed that's no good news, no sir! I mean come on, how can I rely on a tool this critical when a single line in its config file can make my machine inaccessible. Even better -- this config file is managed by that tool entirely!!! My commands passed all the tool's checks and they worked, but when I wanted to make those commands permanent and reload state from the config -- the tool starts spitting bile and blood and says "fuck off, it's my server now!"
IDK man.. It's just way too fishy. The good ol' iptables works very well and I'm kicking its retard younger brother out of the server.
shoosh you dirty pig firewalld, shoosh!8
Someone send help. IBM has taken over my village. They're brainwashing the children; they wont use any packages that don't end in 'd'!2
At this point of my side project I wanted to check out openresty for dynamic proxy creation in nginx.
Happy to check it out I installed centos 7 as guest using new command I just learned virt-builder that would automate vm creation.
Spend 10 hours debugging why I can ping and ssh but cannot get to application port from any network.
Checked iptables, restarted network, reinstalled vm again 3 times with different methods.
Scrolled trough whole internet and it’s mostly outdated problems.
Learned bunch of new commands without new results.
Results were always the same:
No route to host.
Turned out firewalld is fucking thing now.
systemctl firewalld stop helped
Now I know that systemd would kill me at some point for sure.
What I can add at this point ?
Please add more distros, differences, standards and programming languages so world definitely would be better place.
I need a short break now to actually start making shit that I wanted to start at 4-5pm on Saturday.
It’s Sunday 3:30am and time for breakfast.
At least I am happy it started working.2