| 5 Jun 2021 |
 Church | hexa I probably need to forward 25 from wg0 to eth0 on my remote as well right? | 00:53:09 |
 Zhaofeng Li | Can you install custom firmware on those things? I thought the updates are all signed | 00:53:22 |
 hexa | 1. Connect to the booted device at 192.168.1.20 using username/password
"ubnt".
2. Transfer the OpenWrt sysupgrade image to the device using SCP.
3. Check the mtd partition number for bs / kernel0 / kernel1
$ cat /proc/mtd
4. Set the bootselect flag to boot from kernel0
$ dd if=/dev/zero bs=1 count=1 of=/dev/mtdblock6
5. Write the OpenWrt sysupgrade image to both kernel0 as well as kernel1
$ dd if=openwrt.bin of=/dev/mtdblock8
$ dd if=openwrt.bin of=/dev/mtdblock9
6. Reboot the device. It should boot into OpenWrt.
| 00:53:47 |
| hexa | https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=634c13c186646aff2badb51a43b248825d0fe5a0 | 00:54:28 |
| hexa | In reply to @noah:matrix.chatsubo.cafe
hexa I probably need to forward 25 from wg0 to eth0 on my remote as well right? No, iptables just needs to mark that traffic, the rest happens with routing based on that fwmark | 00:55:02 |
| Zhaofeng Li | In reply to @hexa:lossy.network
https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=634c13c186646aff2badb51a43b248825d0fe5a0 Wow nice, I might actually consider it | 00:55:26 |
| hexa | Dual A53 (1,36 GHz) | 00:55:50 |
| hexa | https://www.mediatek.com/products/homenetworking/mt7622 | 00:56:12 |
| Zhaofeng Li | Well, it's an AP so it doesn't matter that much | 00:56:15 |
| hexa | yup | 00:56:18 |
| Church | Hmm what would be the easiest way for me to see how a packet flows? | 01:00:58 |
| hexa | tcpdump to see the packet | 01:01:15 |
| hexa | then use ip route get <dest> from <src> | 01:01:27 |
 ElvishJerricco | So on a dual band router, does the OS on the router see two different wireless interfaces, one for each band? | 01:28:48 |
| hexa | yes | 01:37:50 |
| Church | Hmm, is there not a mangle table on nixOS? | 02:43:04 |
| Church | Seems to not be there by default at least when I try to insert a rule | 02:43:18 |
| hexa | Redacted or Malformed Event | 03:04:03 |
| hexa | 
Download image.png | 03:05:02 |
| hexa | (https://en.wikipedia.org/wiki/Netfilter#/media/File:Netfilter-packet-flow.svg) | 03:05:20 |
| hexa | it's not available in all chains | 03:06:00 |
| Church | [root@teapot:~]# iptables -A prerouting -t mangle -i wg0 -p tcp --dport 25 --jump MARK --set-mark 2
iptables: No chain/target/match by that name.
| 03:34:17 |
| Zhaofeng Li | Chains are case-sensitive. Use PREROUTING | 04:53:03 |
| Church | Ah | 05:23:23 |
| Zhaofeng Li | Upgrading my routers today and noticed that I'm building the kernels. Turns out I have a kernelPatch to enable CONFIG_INFINIBAND_IPOIB_CM back when I first switched to NixOS from Arch, and it's not enabled in the default kernel. | 06:37:45 |
| Zhaofeng Li | So apparently no one except me is using IB with NixOS? 😅 Opening a PR in a bit | 06:38:36 |
 Corbin | You might be the only one using the Connected Mode feature. A PR seems sensible, since it would only trigger the underlying module to be built. | 07:38:04 |
| Zhaofeng Li | I was saying that because IPoIB isn't really "usable" without Connected Mode. The performance is just so much better. | 08:01:24 |
|  nyanotech joined the room. | 14:24:01 |
| Church | Hmm seems my policy based route for port 25 traffic still isn't working. Grumble, I think this is why I quit trying this last time to heh | 17:37:27 |
