34
edits
Difference between revisions of "Mesh/Exit setup"
no edit summary
(Created page with "An exit node is like a relay node but with a connection out to the Internet. Exit nodes are run by sudo mesh and have the sudo mesh organization listed as...") |
|||
| (3 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
An exit node is like a [[Mesh/Relay setup|relay node]] but with a connection out to the Internet. Exit nodes are run by sudo mesh and have the sudo mesh organization listed as the whois abuse complaint contact. This ensures that legal inquires for Internet-bound traffic from the mesh are sent to sudo mesh so node-operators don't have to deal with e.g. DMCA complaints and other legal issues unless absolutely necessary. We encourage anyone and everyone to run relay nodes, but we do not expect anyone else to run public exit nodes. If you're still interested in running an exit node, come talk to us! | An exit node is like a [[Mesh/Relay setup|relay node]] but with a connection out to the Internet. Exit nodes are run by sudo mesh and have the sudo mesh organization listed as the whois abuse complaint contact. This ensures that legal inquires for Internet-bound traffic from the mesh are sent to sudo mesh so node-operators don't have to deal with e.g. DMCA complaints and other legal issues unless absolutely necessary. We encourage anyone and everyone to run relay nodes, but we do not expect anyone else to run public exit nodes. If you're still interested in running an exit node, come talk to us! | ||
This page below is outdated and is kept for our communal scrapbook. Please use https://github.com/sudomesh/exitnode for a more up-to-date info. | |||
----- | |||
Exit nodes do everything relay nodes do and adds the following: | Exit nodes do everything relay nodes do and adds the following: | ||
| Line 11: | Line 15: | ||
= NATed internet access = | = NATed internet access = | ||
Create the script /etc/init.d/meshnat containing the following: | |||
<pre> | |||
#!/bin/sh | |||
PUBIF="eth0" | |||
BATIF="bat0" | |||
case "$1" in | |||
start) | |||
if [ "`iptables -t nat -L|grep MASQUERADE`" = '' ]; then | |||
echo "Starting mesh NAT" | |||
echo 1 > /proc/sys/net/ipv4/ip_forward | |||
iptables -t nat -A POSTROUTING -o $PUBIF -j MASQUERADE | |||
iptables -A FORWARD -i $PUBIF -o $BATIF -m state --state RELATED,ESTABLISHED -j ACCEPT | |||
iptables -A FORWARD -i $PUBIF -o $BATIF -j DROP | |||
else | |||
echo "Mesh NAT already started" | |||
fi | |||
;; | |||
stop) | |||
echo "Stopping mesh NAT" | |||
echo 0 > /proc/sys/net/ipv4/ip_forward | |||
iptables -F FORWARD | |||
iptables -t nat -F POSTROUTING | |||
;; | |||
*) | |||
echo "Usage: $0 start|stop" >&2 | |||
exit 3 | |||
;; | |||
esac | |||
</pre> | |||
Make it executable: | |||
chmod 755 /etc/init.d/meshnat | |||
Now modify the tunneldigger broker/up_hook.sh hook script to start the meshnat script. Change the section: | |||
if [ `cat /sys/class/net/bat0/operstate` != "up" ]; then | |||
ifconfig bat0 <relay_mesh_ip> netmask 255.0.0.0 up | |||
fi | |||
To: | |||
if [ `cat /sys/class/net/bat0/operstate` != "up" ]; then | |||
ifconfig bat0 <exit_mesh_ip> netmask 255.0.0.0 up | |||
/etc/init.d/meshnat start | |||
fi | |||
Where <exit_mesh_ip> is the assigned mesh IP address for your exit node. E.g: 10.42.0.1. | |||
Now NAT should be set up correctly. | |||
= Setting up DNS = | = Setting up DNS = | ||
| Line 21: | Line 78: | ||
sudo aptitude install dnsmasq | sudo aptitude install dnsmasq | ||
Ensure that you have one or more domain name server IPs in /etc/resolv.conf | |||
Make sure that ENABLED=1 is set in /etc/default/dnsmasq | |||
Restart dnsmasq if you changed anything: | |||
sudo /etc/init.d/dnsmasq restart | |||
= Fake captive portal = | = Fake captive portal = | ||
TODO write this section | TODO write this section | ||