tools network revision

author: Silvino Silva <silvino@bk.ru> 2016-10-16 23:24:52 +0100
committer: Silvino Silva <silvino@bk.ru> 2016-10-16 23:24:52 +0100
commit: 630e965343803e90cdbeeb30a06cae9edc61db4e (patch)
tree: 807641d6e882778902d0b56ae3930fd8e28ae466
parent: 3bb8eb0ec4f32c4a09a0d5324e9bd464fb1fe0dd (diff)
download: doc-630e965343803e90cdbeeb30a06cae9edc61db4e.tar.gz
6 files changed, 37 insertions, 19 deletions
diff --git a/core/conf/iptables/rules.v4 b/core/conf/iptables/rules.v4
index cbaa347..848603c 100644
--- a/core/conf/iptables/rules.v4
+++ b/core/conf/iptables/rules.v4
@@ -48,7 +48,7 @@ COMMIT
 #
 
 # Allow established from dns server
--A INPUT -i wlp7s0 -p udp -m udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+#-A INPUT -i wlp7s0 -p udp -m udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
 
 # INPUT accept passive
 -A INPUT -i wlp7s0 -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
@@ -79,6 +79,7 @@ COMMIT
 
 # INPUT accept from wlp7s0 to dns server
 -A INPUT -i wlp7s0 -p udp -m udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
+
 # INPUT accept from wlp7s0 to https server
 -A INPUT -i wlp7s0 -p tcp -m tcp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
 # INPUT accept from wlp7s0 to ssh server
@@ -97,7 +98,7 @@ COMMIT
 -A OUTPUT -o br0 -j ACCEPT
 
 # Allow dns
--A OUTPUT -o wlp7s0 -p udp -m udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
+#-A OUTPUT -o wlp7s0 -p udp -m udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
 
 # Allow to rsync server
 -A OUTPUT -o wlp7s0 -p tcp -m tcp --sport 1024:65535 --dport 873 -m state --state NEW,ESTABLISHED -j ACCEPT
@@ -125,6 +126,7 @@ COMMIT
 -A OUTPUT -o wlp7s0 -p tcp -m tcp --sport 2222 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
 # Allow from dns server
 -A OUTPUT -o wlp7s0 -p udp -m udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+
 -A OUTPUT -j LOG --log-prefix "iptables: OUTPUT: " --log-level 7
 COMMIT
 # Completed on Sat Oct 15 17:20:41 2016
diff --git a/tools/conf/etc/dnsmasq.conf b/tools/conf/etc/dnsmasq.conf
index f09b6a6..dc48d99 100644
--- a/tools/conf/etc/dnsmasq.conf
+++ b/tools/conf/etc/dnsmasq.conf
@@ -112,6 +112,8 @@ interface=br0
 
 # Or you can specify which interface _not_ to listen on
 except-interface=wlp7s0
+except-interface=enp8s0
+
 # Or which to listen on by address (remember to include 127.0.0.1 if
 # you use this.)
 listen-address=127.0.0.1
diff --git a/tools/conf/etc/rc.d/dnscrypt-proxy b/tools/conf/etc/rc.d/dnscrypt-proxy
index 3f4feea..0874fa6 100755
--- a/tools/conf/etc/rc.d/dnscrypt-proxy
+++ b/tools/conf/etc/rc.d/dnscrypt-proxy
@@ -16,15 +16,10 @@ USER=nobody
 PATH=/usr/sbin:/usr/bin:/sbin:/bin
 DAEMON=/usr/sbin/dnscrypt-proxy
 NAME=dnscrypt-proxy
+RESOLVER=dnscrypt.eu-dk
 ADDRESS1=77.66.84.233
-ADDRESS2=176.56.237.171
-ADDRESS3=77.66.84.233.443
 PNAME1=2.dnscrypt-cert.resolver2.dnscrypt.eu
-PNAME2=2.dnscrypt-cert.resolver1.dnscrypt.eu
 PKEY1=3748:5585:E3B9:D088:FD25:AD36:B037:01F5:520C:D648:9E9A:DD52:1457:4955:9F0A:9955
-PKEY2=67C0:0F2C:21C5:5481:45DD:7CB4:6A27:1AF2:EB96:9931:40A3:09B6:2B8D:1653:1185:9C66
-PKEY2=67C0:0F2C:21C5:5481:45DD:7CB4:6A27:1AF2:EB96:9931:40A3:09B6:2B8D:1653:1185:9C66
-PKEY2=3748:5585:E3B9:D088:FD25:AD36:B037:01F5:520C:D648:9E9A:DD52:1457:4955:9F0A:9955
 
 case "$1" in
   start)
@@ -33,7 +28,7 @@ case "$1" in
 	    --resolver-address=$ADDRESS3 \
 	    --provider-name=$PNAME1 \
 	    --provider-key=$PKEY3 \
-	    --resolver-name="dnscrypt.eu-dk"
+	    --resolver-name=$RESOLVER
     ;;
   stop)
     echo "Stopping $NAME"
diff --git a/tools/conf/etc/resolv.conf b/tools/conf/etc/resolv.conf
new file mode 100644
index 0000000..b568a6c
--- /dev/null
+++ b/tools/conf/etc/resolv.conf
@@ -0,0 +1,9 @@
+# Generated by dhcpcd from wlp7s0.dhcp
+# /etc/resolv.conf.head can replace this line
+nameserver 127.0.0.1
+# CCC server
+# nameserver 213.73.91.35
+# OpenNIC Servers
+# nameserver 192.71.249.83
+# nameserver 5.135.183.146
+# /etc/resolv.conf.tail can replace this line
diff --git a/tools/dnsmasq.html b/tools/dnsmasq.html
index ce22d76..c431c30 100644
--- a/tools/dnsmasq.html
+++ b/tools/dnsmasq.html
@@ -10,6 +10,9 @@
 
         <h1>Dnscrypt and Dnsmasq</h1>
 
+        <p>Configure your resolver with a server that don't
+        censorship there for respect your freedom and privacy.
+        Read <a href="https://trac.torproject.org/projects/tor/wiki/doc/DnsResolver/PublicDnsResolvers#PublicDNSServers">Tor Dns Resolver</a> for more information.</p>
 
         <h2 id="dnscrypt">1. Dnscrypt</h2>
 
@@ -17,23 +20,26 @@
         $ prt-get depinst dnscrypt
         </pre>
 
-        <p>Dnscrypt by default resolves to dnscrypt.eu-nl, file
-        /usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv
-        contains list of compatible serers. Sysdoc dnscrypt-proxy port
-        contains init script configured to use DNSCrypt.eu resolver and
-        run as nobody user. Basic usage example;</p>
+        <p>Dnscrypt by default resolves to dnscrypt.eu-nl, check file
+        /usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv for a list of
+        compatible servers. Dnscrypt-proxy port from c9-ports contains
+        <a href="conf/etc/rc.d/dnscrypt-proxy">dnscrypt-proxy</a> init
+        script configured to use dnscrypt.eu-dk resolver and run as 
+        nobody user. Basic usage example;</p>
 
         <pre>
-        $ sudo  dnscrypt-proxy --daemonize --resolver-name=&lt;resolver name&gt;
+        $ sudo -u nobody  dnscrypt-proxy --daemonize --resolver-name=&lt;resolver name&gt;
         </pre>
 
         <h2 id="dnsmasq">2. Dnsmasq</h2>
 
-        <p>Edit <a href="../conf/etc/resolv.conf">resolv.conf</a>;</p>
+        <p>Edit <a href="conf/etc/resolv.conf">resolv.conf</a>;</p>
 
         <pre>
-        # Local dnsmasq server
+        # /etc/resolv.conf.head can replace this line
         nameserver 127.0.0.1
+        # CCC server
+        # nameserver 213.73.91.35
         # OpenNIC Servers
         # nameserver 192.71.249.83
         # nameserver 5.135.183.146
@@ -48,8 +54,8 @@
 
         <p>Dnsmasq provides dns caching and dhcpd, example configuration
         files:
-        <a href="../conf/etc/dnsmasq.conf">dnsmasq.conf</a> (change interface),
-        <a href="../conf/etc/hosts.dnsmasq">hosts.dnsmasq</a>.</p>
+        <a href="conf/etc/dnsmasq.conf">dnsmasq.conf</a> (change interface),
+        <a href="conf/etc/hosts.dnsmasq">hosts.dnsmasq</a>.</p>
 
         <a href="index.html">Tools Index</a>
 
diff --git a/tools/network.html b/tools/network.html
index 5e4a481..43e4616 100644
--- a/tools/network.html
+++ b/tools/network.html
@@ -10,6 +10,10 @@
 
         <h1>Network Tools</h1>
 
+        <p>Ethernet and wireless connections to router are configured
+        by <a href="../core/network.html">net and wlan</a> scripts, they
+        allow to connect to the internet in the most common environments.</p>
+
         <h2 id="bridge">Bridges</h2>
 
         <p>See <a href="conf/etc/rc.d/blan">/etc/rc.d/blan</a> on
author	Silvino Silva <silvino@bk.ru>	2016-10-16 23:24:52 +0100
committer	Silvino Silva <silvino@bk.ru>	2016-10-16 23:24:52 +0100
commit	630e965343803e90cdbeeb30a06cae9edc61db4e (patch)
tree	807641d6e882778902d0b56ae3930fd8e28ae466
parent	3bb8eb0ec4f32c4a09a0d5324e9bd464fb1fe0dd (diff)
download	doc-630e965343803e90cdbeeb30a06cae9edc61db4e.tar.gz