A month of Mobian
#11
(04-10-2021, 11:56 PM)RTP Wrote:
(04-08-2021, 02:56 PM)Ri3qXkW4hjb Wrote: My desktop (debian) got disconnected from its network each time I plugged in the pine phone. USB networking 

On your #10 try the ifmetric command. It allows you to change routing device priority. Allowing you to use internet while having your device hooked up (so 'ethernet' does not take over priority).

This got me going in the right direction: route metrics. USB gets a higher default priority (metric 100) than wifi (metric 600). Lower numeric metrics are higher priority, so traffic goes to the route with the lowest numeric metric.

Show metrics
To know what effect anything's having, I need to read the current metrics. The route tool and nmcli are both useful. The first example shows all routes and their metrics. The second one shows the metrics for the wireless network called PineNet.

Code:
/sbin/route -n

Code:
nmcli connection show PineNet | grep route-metric


Change current metric
To change the current metric for an interface, ifmetric and nmcli work. I prefer nmcli since I'm using it elsewhere, and it's included in the base packages for Mobian (by being part of NetworkManager). If desired, ifmetric is easy enough to get with apt install ifmetric. The examples below each set the wlan0 interface's routes' metrics to 8. This does not persist over restarting the network or interface, or over system restarts.

Code:
ifmetric wlan0 8

Code:
nmcli device modify wlan0 ipv4.route-metric 8


Change connection metric
To make the route metrics persist for a specific "connection", nmcli works. Connections are stored configuration for network interfaces, and can be used variously. Wifi is a typical way to use connections - each wifi network is a different connection for the SSID and key. The routing metric can also be added. However, this would need to be done for each wifi network. The first example below changes the metric for the PineNet wireless network to 8. The second one is my solution, to change the USB interface's routes' metrics to 1024.

Code:
nmcli connection modify PineNet ipv4.route-metric 8


Code:
nmcli connection modify 'Wired connection 1' ipv4.route-metric 1024


Automatic metrics
With my goal and setup, I'm lucky. I can just set the USB network's metric to be significantly larger than 600. I also considered changing all of the wifi connections' metrics, too. Glad I don't have to. I didn't test it, but this answer looked promising, for a way to affect all connections on an interface. I might use that later to make changes to wifi, e.g. to more thoroughly disable LLMNR across all connections including future wifi networks.
  Reply
#12
(04-13-2021, 02:56 AM)kqlnut Wrote:
(04-12-2021, 10:47 AM)wibble Wrote:
(04-11-2021, 04:15 AM)kqlnut Wrote:
(04-09-2021, 11:56 PM)MtnSk8 Wrote: I don't see any solution other than to move the speaker or mic (or maybe a louder earpiece spkr). Undecided
That's what echo cancellation is for, but I couldn't find much about how/if this is implemented in Pinephone distributions. Only some stuff regarding the Librem 5, but audio routing is handled very differently there as far as I know. Does anybody have more info on that?
Last time I looked it wasn't implemented yet. It _should_ be possible to use the PulseAudio echo cancellation plugin, but it was crashing when I tried it. That may just mean I wasn't using it correctly though. It probably needs to be built into the audio profiles, but they were work in progress at the time.
Thanks for the info! Do you know of any GitLab issue or something where I can track the progress on this? I couldn't find anything on that.

Not going to be working with PulseAudio because the audio is routed in hardware: https://gitlab.com/mobian1/callaudiod/-/issues/13
  Reply
#13
On the firewall todo, I was able to get the firewall working without any issues with the following setup:
1. install iptables-persistent via apt-get
2. Here's a config similar to what I used in /etc/iptables/iptables.v4:
Code:
*filter
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]


# INCOMING traffic on the loopback device
-A INPUT -i lo -j ACCEPT

# ESTABLISHED RELATED TRAFFIC
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT


# Let ssh in for some hosts
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -s <host to allow> -j ACCEPT
-A INPUT -p icmp -m state --state NEW -s 192.168.6.100 -j ACCEPT


# LOG and DROP remaining traffic
-A INPUT -m limit --limit 15/h --limit-burst 5 -j LOG --log-prefix "IPTABLES IN: "
-A INPUT -j DROP
COMMIT

2. Here's a config similar to what I used in /etc/iptables/iptables.v6:
Code:
*filter
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]

# INCOMING traffic on the loopback device
-A INPUT -i lo -j ACCEPT

# ESTABLISHED RELATED TRAFFIC
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# LOG and DROP remaining traffic
-A INPUT -m limit --limit 15/h --limit-burst 5 -j LOG --log-prefix "IP6TABLES IN: "
-A INPUT -j DROP

COMMIT


As far as I can tell it hasn't blocked any of the normal functionality of the device(calls/sms still work). Though obviously it will depend on your use cases.
  Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  bookworm vs trixie discussion for mobian in pinephone regular. zetabeta 36 6,770 09-25-2024, 12:41 AM
Last Post: zetabeta
  atinout binaries for mobian/debian? NeutralGrey 3 1,054 08-07-2024, 04:27 AM
Last Post: baptx
  Mobian-Kicksecure? 3460p 0 673 05-26-2024, 02:09 PM
Last Post: 3460p
  Mobian repository status henrythemouse 16 11,402 04-10-2024, 10:02 AM
Last Post: diederik
  cant verify mobian image at website gnugpg penguins_rule 0 739 03-18-2024, 08:54 PM
Last Post: penguins_rule
  mobian installed to eMMC - how to install tow-boot grump_fiddle_reinstall 6 3,609 11-22-2023, 11:46 AM
Last Post: aLoop100o
  What actions needed to keep on mobian testing user641 3 2,407 09-05-2023, 06:44 AM
Last Post: Zebulon Walton
  Mobian boot failed with zstd message after upgrade. Mahgue 0 924 09-01-2023, 11:29 AM
Last Post: Mahgue
  how to update mobian over tor vusra 13 8,804 07-09-2023, 08:57 PM
Last Post: vusra
  opensnitch outbound firewall now works on mobian vusra 2 2,311 07-09-2023, 01:37 AM
Last Post: vusra

Forum Jump:


Users browsing this thread: 1 Guest(s)