Jump to content

jovanpn

Members
  • Content Count

    7
  • Joined

  • Last visited

Community Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hi @tooz thank you again for your effort. Unfortunately, nftables error remains. I now tried to write fresh Debian 11 image v3.0.11 on Tinker Board, then I applied your boot.2.img image, rebooted Tinker Board, then I updated the Debian with latest updates and then installed the nftables package. And in the end I started adding firewall rules and got the result from the picture below.
  2. Hi @tooz thank you very much for your response and effort! I can confirm that now iptables work correctly. However, I still have problem with nftables and adding the rule: nft 'add rule ip mangle PREROUTING ip saddr != 127.0.0.1 tcp dport 8080 counter meta mark set 0x1' causes me to get the same error Error: Could not process rule: No such file or directory with pointers pointing to the counter word in the command. Maybe you could take a look at this article https://unix.stackexchange.com/a/667830 I found. First of all, I can live with iptables solution, but I thought to switch to nftables because it is now a default firewall since Debian 10. The reason I wrote about both errors (with iptables and nftables) is that I thought these two are somehow connected, but I see now they are not. One thing I noticed is that nftables package is not installed by default in this image file like it is described on Debian website. And I also tried working with nftables on fresh Debian 11 desktop installation on my PC which worked perfectly. nftables package was installed by default and I didnt have to configure anything with it, just add rules which all worked without any error. What is your opinion on replicating the same setup with nftables within the next release of Debian 11 for Tinker Board 2S?
  3. Hi @tooz thank you for your response! UFW, as it is described by Debian Wiki page (UFW Debian Wiki page) is just a frontend for iptables, so I doubt UFW will be of any help. This seems to be a functional error and as I mentioned in my question above, some of the iptables modules are not loaded (or even not installed on the system). This same rule works fine on Debian 10 with kernel 4.19 (system image version 2.1.16). If I execute this command cat /proc/net/ip_tables_matches on both system versions, on Debian 10 kernel 4.19 I get a far longer list of modules than on Debian 11 kernel 5.10. Back in 2021 I had the very same problem with Debian 10 for Tinker Board 2S version 2.0.0 as I posted it here: and back then I got it resolved with new version of Debian 10 when it was released.
  4. Hi, I'm trying to set firewall rules using iptables (tried also with nftables) but I'm having troubles with some options. I want to add this rule for example: iptables -t mangle -A PREROUTING -p tcp ! -s 127.0.0.1 --dport 8080 -j MARK --set-mark 1 but then I get error iptables v1.8.7 (legacy): unknown option "--set-mark". If I translate command to nftables: nft 'add rule ip mangle PREROUTING ip saddr != 127.0.0.1 tcp dport 8080 counter meta mark set 0x1' then I'm getting error Error: Could not process rule: No such file or directory which points to the counter word. After some extensive research, it seems that some modules are not loaded. Is someone familiar with this problem and are there some solution with this Debian version or I will have to wait for some new Debian release?
  5. Any update on this topic?
  6. Hi @tooz, thank you for your reply. I'm talking about Debian 10 OS and there is only v2.0.0 available for download for Tinker Board 2S. Is there v2.0.1 available somewhere else?
  7. Hi, Im having both, Tinker Board S and Tinker Board 2S boards and Im having very strange problem with iptables (legacy) version which came with Tinker Board 2S. Although they say they are the same versions on both boards with the latest OS versions (3.0.11 for S and 2.0.0 for 2S) something is different or something in Debian OS is making problems on 2S board with commands Im trying to execute. For example, if I try to execute this command on 2S board iptables -t mangle -A PREROUTING -p tcp ! -s 127.0.0.1 --dport 8080 -j MARK --set-mark 1, I get error that --set-mark option is unknown, while executing iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080 command, Im getting error that --to-port option is unknown. Both commands work perfectly on S board. Does anyone know what could be the issue here and maybe possible solution as well? Thanks in advance.
×
×
  • Create New...