NixOS Networking

Sender	Message	Time
5 Jun 2021
hexa	Download image.png	03:05:02
hexa	(https://en.wikipedia.org/wiki/Netfilter#/media/File:Netfilter-packet-flow.svg)	03:05:20
hexa	it's not available in all chains	03:06:00
Church	`[root@teapot:~]# iptables -A prerouting -t mangle -i wg0 -p tcp --dport 25 --jump MARK --set-mark 2 iptables: No chain/target/match by that name.`	03:34:17
Zhaofeng Li	Chains are case-sensitive. Use PREROUTING	04:53:03
Church	Ah	05:23:23
Zhaofeng Li	Upgrading my routers today and noticed that I'm building the kernels. Turns out I have a kernelPatch to enable `CONFIG_INFINIBAND_IPOIB_CM` back when I first switched to NixOS from Arch, and it's not enabled in the default kernel.	06:37:45
Zhaofeng Li	So apparently no one except me is using IB with NixOS? 😅 Opening a PR in a bit	06:38:36
Corbin	You might be the only one using the Connected Mode feature. A PR seems sensible, since it would only trigger the underlying module to be built.	07:38:04
Zhaofeng Li	I was saying that because IPoIB isn't really "usable" without Connected Mode. The performance is just so much better.	08:01:24
	nyanotech joined the room.	14:24:01
Church	Hmm seems my policy based route for port 25 traffic still isn't working. Grumble, I think this is why I quit trying this last time to heh	17:37:27
mutantmell	I have an old Unifi AC I'm currently not using, maybe I'll try putting NixOS or openwrt on it	18:11:35
hexa	Church: might not need fwmark after all	22:11:53
hexa	ip rule knows `dport 25` and `iif eth0`	22:12:09
Church	Eyep.	22:12:15
Church	If you saw a church in #networking on libera that was me. :P	22:12:35
hexa	mutantmell: openwrt will be easy, nixwrt might be something you want to look into	22:12:40
hexa	I'm there, but I don't actively follow the conversations	22:12:52
hexa	I'm in north of 200 channels	22:13:00
Church	Just need to figure out the fw rules to proxy traffic correctly from wg0 -> eth0 on my remote end finally.	22:13:10
mutantmell	In reply to @hexa:lossy.network mutantmell: openwrt will be easy, nixwrt might be something you want to look into thanks for the pointer!	22:52:14
ElvishJerricco	$ networkctl status wlan0 ● 3: wlan0 Link File: /nix/store/i3kbvbm0rib0habk88ybm9xpqpnj1s8x-systemd-247.2/lib/systemd/network/99-default.link Network File: /etc/systemd/network/40-wlan0.network Type: wlan State: enslaved (failed) Path: platform-fe300000.mmcnr Driver: brcmfmac HW Address: dc:a6:32:fe:7a:34 (Raspberry Pi Trading Ltd) MTU: 1500 (min: 68, max: 1500) QDisc: fq_codel Master: br0 IPv6 Address Generation Mode: none WiFi access point: My Pi Network (00:00:00:00:00:00) Queue Length (Tx/Rx): 1/1 Jun 05 23:47:15 nixos systemd-networkd[659]: wlan0: Could not join netdev: Device does not allow enslaving to a bridge. Operation not supported Jun 05 23:47:15 nixos systemd-networkd[659]: wlan0: Failed Jun 05 23:47:15 nixos systemd-networkd[659]: wlan0: Link UP Jun 05 23:47:15 nixos systemd-networkd[659]: wlan0: Gained carrier So this is the networkctl status of my wlan0 interface on the rpi that I set up as an access point yesterday. The network all functions like there's nothing wrong, but there it says it's "failed". Why is that?	23:50:48
Zhaofeng Li	You typically can't put wireless interfaces into a bridge	23:53:05
ElvishJerricco	Zhaofeng Li: Well it works. I have hostapd on wlan0, and my other devices can connect to it as a wifi network, and the bridge with eth0 must be working because those devices can reach the internet.	23:54:04
Zhaofeng Li	You are doing routing instead of bridging	23:56:00
Zhaofeng Li	Care to explain your setup again?	23:56:34
ElvishJerricco	Zhaofeng Li: I don't have a dhcp server or anything on this pi though	23:56:38
ElvishJerricco	One sec...	23:57:02
ElvishJerricco	On my pi, I have this: `networking.bridges.br0.interfaces = ["eth0" "wlan0"]; services.hostapd = { enable = true; interface = "wlan0"; hwMode = "g"; ssid = "My Pi Network"; wpaPassphrase = "foobarbaz"; extraConfig = '' disable_pmksa_caching=0 wpa_pairwise=CCMP rsn_pairwise=CCMP bridge=br0 ''; };`	23:59:01

hexa

Download image.png

03:05:02

hexa

(https://en.wikipedia.org/wiki/Netfilter#/media/File:Netfilter-packet-flow.svg)

03:05:20

hexa

it's not available in all chains

03:06:00

Church

[root@teapot:~]# iptables -A prerouting -t mangle -i wg0 -p tcp --dport 25 --jump MARK --set-mark 2
iptables: No chain/target/match by that name.

03:34:17

Zhaofeng Li

Chains are case-sensitive. Use PREROUTING

Ah

Upgrading my routers today and noticed that I'm building the kernels. Turns out I have a kernelPatch to enable CONFIG_INFINIBAND_IPOIB_CM back when I first switched to NixOS from Arch, and it's not enabled in the default kernel.

06:37:45

Zhaofeng Li

So apparently no one except me is using IB with NixOS? 😅 Opening a PR in a bit

06:38:36

Corbin

You might be the only one using the Connected Mode feature. A PR seems sensible, since it would only trigger the underlying module to be built.

07:38:04

Zhaofeng Li

I was saying that because IPoIB isn't really "usable" without Connected Mode. The performance is just so much better.

08:01:24

nyanotech joined the room.

14:24:01

Church

Hmm seems my policy based route for port 25 traffic still isn't working. Grumble, I think this is why I quit trying this last time to heh

17:37:27

mutantmell

I have an old Unifi AC I'm currently not using, maybe I'll try putting NixOS or openwrt on it

18:11:35

hexa

Church: might not need fwmark after all

22:11:53

hexa

ip rule knows dport 25 and iif eth0

Eyep.

If you saw a church in #networking on libera that was me. :P

22:12:35

hexa

mutantmell: openwrt will be easy, nixwrt might be something you want to look into

22:12:40

hexa

I'm there, but I don't actively follow the conversations

22:12:52

hexa

I'm in north of 200 channels

22:13:00

Church

Just need to figure out the fw rules to proxy traffic correctly from wg0 -> eth0 on my remote end finally.

22:13:10

mutantmell

In reply to @hexa:lossy.network
mutantmell: openwrt will be easy, nixwrt might be something you want to look into

thanks for the pointer!

22:52:14

ElvishJerricco

$ networkctl status wlan0
● 3: wlan0                                                                                                                   
                     Link File: /nix/store/i3kbvbm0rib0habk88ybm9xpqpnj1s8x-systemd-247.2/lib/systemd/network/99-default.link
                  Network File: /etc/systemd/network/40-wlan0.network                                                        
                          Type: wlan                                                                                         
                         State: enslaved (failed)                                                                            
                          Path: platform-fe300000.mmcnr                                                                      
                        Driver: brcmfmac                                                                                     
                    HW Address: dc:a6:32:fe:7a:34 (Raspberry Pi Trading Ltd)                                                 
                           MTU: 1500 (min: 68, max: 1500)                                                                    
                         QDisc: fq_codel                                                                                     
                        Master: br0                                                                                          
  IPv6 Address Generation Mode: none                                                                                         
             WiFi access point: My Pi Network (00:00:00:00:00:00)                                                            
          Queue Length (Tx/Rx): 1/1                                                                                          

Jun 05 23:47:15 nixos systemd-networkd[659]: wlan0: Could not join netdev: Device does not allow enslaving to a bridge. Operation not supported
Jun 05 23:47:15 nixos systemd-networkd[659]: wlan0: Failed
Jun 05 23:47:15 nixos systemd-networkd[659]: wlan0: Link UP
Jun 05 23:47:15 nixos systemd-networkd[659]: wlan0: Gained carrier

So this is the networkctl status of my wlan0 interface on the rpi that I set up as an access point yesterday. The network all functions like there's nothing wrong, but there it says it's "failed". Why is that?

23:50:48

Zhaofeng Li

You typically can't put wireless interfaces into a bridge

23:53:05

ElvishJerricco

Zhaofeng Li: Well it works. I have hostapd on wlan0, and my other devices can connect to it as a wifi network, and the bridge with eth0 must be working because those devices can reach the internet.

23:54:04

Zhaofeng Li

You are doing routing instead of bridging

23:56:00

Zhaofeng Li

Care to explain your setup again?

23:56:34

ElvishJerricco

Zhaofeng Li: I don't have a dhcp server or anything on this pi though

One sec...

On my pi, I have this:

  networking.bridges.br0.interfaces = ["eth0" "wlan0"];
  services.hostapd = {
    enable = true;
    interface = "wlan0";
    hwMode = "g";
    ssid = "My Pi Network";
    wpaPassphrase = "foobarbaz";
    extraConfig = ''
      disable_pmksa_caching=0
      wpa_pairwise=CCMP
      rsn_pairwise=CCMP
      bridge=br0
    '';
  };

23:59:01

Load older messages

There are no newer messages yet.

	NixOS Networking	879 Members
	Declaratively manage your switching, routing, wireless, tunneling and more.	257 Servers