Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bitnode - sometimes the NAT rules gets messed up or gets lost #136

Open
tingox opened this issue Nov 14, 2019 · 5 comments
Open

bitnode - sometimes the NAT rules gets messed up or gets lost #136

tingox opened this issue Nov 14, 2019 · 5 comments
Labels
bug

Comments

@tingox
Copy link
Contributor

tingox commented Nov 14, 2019

The containers on bitnode (currently mediawik is the only active one) needs NAT rules in order to have working network routing. Sometimes (when the server is rebooted?) the nat rules gets lost or messed up. We should figure out what the problem is, and fix it. We should also document the needed NAT rules.
@tingox tingox added the bug label Nov 14, 2019
@tingox
Copy link
Contributor Author

tingox commented Nov 14, 2019

When the system is working, the NAT rules looks like this:

tingo@bitnode:~$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  10.13.39.0/24        anywhere            
MASQUERADE  all  --  10.13.39.0/24        anywhere            
MASQUERADE  all  --  10.13.39.0/24        anywhere

not sure why the same line is repeated.

@tingox
Copy link
Contributor Author

tingox commented Mar 26, 2021

Not sure it matters, because of this:

��� ufw.service - LSB: start firewall
   Loaded: loaded (/etc/init.d/ufw; generated; vendor preset: enabled)
   Active: active (exited) since Thu 2021-03-25 23:48:57 CET; 1h 21min ago
     Docs: man:systemd-sysv-generator(8)
    Tasks: 0
   Memory: 0B
      CPU: 0
   CGroup: /system.slice/ufw.service

Mar 25 23:48:57 bitnode ufw[388]: Skip starting firewall: ufw (not enabled)...done.

the rules never gets applied, as systemd thinks ufw is not enabled.

@tingox
Copy link
Contributor Author

tingox commented Mar 26, 2021

The setup in all the files in /etc/ufw and subdirectories look complex, and might not be correct for our server. We need to audit and test it - there is a lot more there than what is needed for webserver, ssh and s on.
For now, I manually applied sudo iptables -t nat -A POSTROUTING -s 10.13.39.0/24 -o eth0 -j MASQUERADE.
That fixes wiki login.

@tingox
Copy link
Contributor Author

tingox commented Oct 14, 2022

bitnode got rebooted after size upgrade, so I had to manually apply the
sudo iptables -t nat -A POSTROUTING -s 10.13.39.0/24 -o eth0 -j MASQUERADE
fix again.

@tingox
Copy link
Contributor Author

tingox commented Dec 17, 2024

I upgraded bitnode to Debian Bullseye (11.11) and had to apply

sudo iptables -t nat -A POSTROUTING -s 10.13.39.0/24 -o eth0 -j MASQUERADE

manually again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tingox