+- PINE64 (https://forum.pine64.org)
+-- Forum: PinePhone (https://forum.pine64.org/forumdisplay.php?fid=120)
+--- Forum: PinePhone Software (https://forum.pine64.org/forumdisplay.php?fid=121)
+---- Forum: Mobian on PinePhone (https://forum.pine64.org/forumdisplay.php?fid=139)
+---- Thread: A month of Mobian (/showthread.php?tid=13595)
Pages:
1
2
RE: A month of Mobian - Ri3qXkW4hjb - 04-29-2021
(04-10-2021, 11:56 PM)RTP Wrote:(04-08-2021, 02:56 PM)Ri3qXkW4hjb Wrote: My desktop (debian) got disconnected from its network each time I plugged in the pine phone. USB networkingÂ
On your #10 try the ifmetric command. It allows you to change routing device priority. Allowing you to use internet while having your device hooked up (so 'ethernet' does not take over priority).
This got me going in the right direction: route metrics. USB gets a higher default priority (metric 100) than wifi (metric 600). Lower numeric metrics are higher priority, so traffic goes to the route with the lowest numeric metric.
Show metrics
To know what effect anything's having, I need to read the current metrics. The route tool and nmcli are both useful. The first example shows all routes and their metrics. The second one shows the metrics for the wireless network called PineNet.
Code:
/sbin/route -nCode:
nmcli connection show PineNet | grep route-metricChange current metric
To change the current metric for an interface, ifmetric and nmcli work. I prefer nmcli since I'm using it elsewhere, and it's included in the base packages for Mobian (by being part of NetworkManager). If desired, ifmetric is easy enough to get with apt install ifmetric. The examples below each set the wlan0 interface's routes' metrics to 8. This does not persist over restarting the network or interface, or over system restarts.
Code:
ifmetric wlan0 8Code:
nmcli device modify wlan0 ipv4.route-metric 8Change connection metric
To make the route metrics persist for a specific "connection", nmcli works. Connections are stored configuration for network interfaces, and can be used variously. Wifi is a typical way to use connections - each wifi network is a different connection for the SSID and key. The routing metric can also be added. However, this would need to be done for each wifi network. The first example below changes the metric for the PineNet wireless network to 8. The second one is my solution, to change the USB interface's routes' metrics to 1024.
Code:
nmcli connection modify PineNet ipv4.route-metric 8Code:
nmcli connection modify 'Wired connection 1' ipv4.route-metric 1024Automatic metrics
With my goal and setup, I'm lucky. I can just set the USB network's metric to be significantly larger than 600. I also considered changing all of the wifi connections' metrics, too. Glad I don't have to. I didn't test it, but this answer looked promising, for a way to affect all connections on an interface. I might use that later to make changes to wifi, e.g. to more thoroughly disable LLMNR across all connections including future wifi networks.
RE: A month of Mobian - devrtz - 05-01-2021
(04-13-2021, 02:56 AM)kqlnut Wrote:(04-12-2021, 10:47 AM)wibble Wrote:Thanks for the info! Do you know of any GitLab issue or something where I can track the progress on this? I couldn't find anything on that.(04-11-2021, 04:15 AM)kqlnut Wrote:Last time I looked it wasn't implemented yet. It _should_ be possible to use the PulseAudio echo cancellation plugin, but it was crashing when I tried it. That may just mean I wasn't using it correctly though. It probably needs to be built into the audio profiles, but they were work in progress at the time.(04-09-2021, 11:56 PM)MtnSk8 Wrote: I don't see any solution other than to move the speaker or mic (or maybe a louder earpiece spkr).That's what echo cancellation is for, but I couldn't find much about how/if this is implemented in Pinephone distributions. Only some stuff regarding the Librem 5, but audio routing is handled very differently there as far as I know. Does anybody have more info on that?
Not going to be working with PulseAudio because the audio is routed in hardware: https://gitlab.com/mobian1/callaudiod/-/issues/13
RE: A month of Mobian - steves - 05-09-2021
On the firewall todo, I was able to get the firewall working without any issues with the following setup:
1. install iptables-persistent via apt-get
2. Here's a config similar to what I used in /etc/iptables/iptables.v4:
Code:
*filter
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
# INCOMING traffic on the loopback device
-A INPUT -i lo -j ACCEPT
# ESTABLISHED RELATED TRAFFIC
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Let ssh in for some hosts
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -s <host to allow> -j ACCEPT
-A INPUT -p icmp -m state --state NEW -s 192.168.6.100 -j ACCEPT
# LOG and DROP remaining traffic
-A INPUT -m limit --limit 15/h --limit-burst 5 -j LOG --log-prefix "IPTABLES IN: "
-A INPUT -j DROP
COMMIT2. Here's a config similar to what I used in /etc/iptables/iptables.v6:
Code:
*filter
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
# INCOMING traffic on the loopback device
-A INPUT -i lo -j ACCEPT
# ESTABLISHED RELATED TRAFFIC
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# LOG and DROP remaining traffic
-A INPUT -m limit --limit 15/h --limit-burst 5 -j LOG --log-prefix "IP6TABLES IN: "
-A INPUT -j DROP
COMMITAs far as I can tell it hasn't blocked any of the normal functionality of the device(calls/sms still work). Though obviously it will depend on your use cases.