Active Topics
-
Is there a section to talk about Java ME? Apps, etc. (6)
to General by Kalatti - 5 days ago - more...
|
2009-12-10
, 09:31
|
|
Posts: 236 |
Thanked: 223 times |
Joined on Oct 2009
@ NE UK
|
#22
|
I'd really like to have this working! Just a couple of questions..
Anyone think using an ssh tunnel as per https://help.ubuntu.com/community/SSH_VPN might work as a stand-in until a better solution is easily installed? It looks as though it might, but I haven't had time to try yet. (If I do, I'll report back here.)
Will getting a working iptables / NAT really require flashing the device? This seems ... unfortunate.
Anyone think using an ssh tunnel as per https://help.ubuntu.com/community/SSH_VPN might work as a stand-in until a better solution is easily installed? It looks as though it might, but I haven't had time to try yet. (If I do, I'll report back here.)
Will getting a working iptables / NAT really require flashing the device? This seems ... unfortunate.
|
|
2009-12-12
, 14:00
|
|
Posts: 540 |
Thanked: 288 times |
Joined on Sep 2009
|
#23
|
Originally Posted by enning
Sure, send in your ideas, my original plans are at http://mobilehotspot.garage.maemo.org/plan.txt but I haven't had time to do any UI sketches yet.
If you need some design work done for the Mobilehotspot. Let me know.
I'm an interaction designer, and in need for yout great app
Originally Posted by kwotski
I don't think it'll be any easier to use and it really only would work for one user anyways (the advantage of sharing internet via wlan is that your friends can use it too)
Anyone think using an ssh tunnel as per https://help.ubuntu.com/community/SSH_VPN might work as a stand-in until a better solution is easily installed? It looks as though it might, but I haven't had time to try yet. (If I do, I'll report back here.)
Originally Posted by kwotski
Some rather smart people are trying to get the modules working on the stock kernel, and if it is impossible (it seems some "unused" symbols that these modules depend on are stripped...) I'll see if I can make the powers that be to see the light and maybe we'll have a new stock kernel...
Will getting a working iptables / NAT really require flashing the device? This seems ... unfortunate.
In this case you only need to flash the kernel which will take less than 30seconds, of course it's a hurdle and a bit scary if you have never done it before. Flashing the stock kernel back is equally simple once you have extracted the kernel from the Fiasco (kernel+rootfs+whatever bundle) image so no need to lose any settings or data.
| The Following User Says Thank You to rambo For This Useful Post: | ||
|
|
2009-12-14
, 13:50
|
|
Posts: 540 |
Thanked: 288 times |
Joined on Sep 2009
|
#24
|
Originally Posted by rambo
It seems to be relatively easy to flash a new kernel from the device while it's running (thanks jebba: http://wiki.maemo.org/User:Jebba#Ins..._custom_kernel). So even in the unlikely case the stock kernel will always have trouble with NAT, we can simply install a custom kernel without teaching the user how to flash one via USB.
In this case you only need to flash the kernel which will take less than 30seconds, of course it's a hurdle and a bit scary if you have never done it before.
|
|
2009-12-14
, 20:52
|
|
Posts: 236 |
Thanked: 223 times |
Joined on Oct 2009
@ NE UK
|
#25
|
rambo, thanks a lot for the reply and information.
It seems odd that we have the ip_tables module itself but no obvious (to me) way of controlling it. Can you shed any light on that? Is something else on the device using the module (it doesn't appear in my lsmod)? Can it be configured or interrogated outside of the missing iptables binary? Otherwise, what is it doing there?!
In any case I look forward quite a lot to having a fully fledged advanced router in my pocket! I'll probably give a user-made kernel a try if I see a few other people using it with no problems.
Thanks again for your efforts on behalf of this feature.
Edit: Just to add, that page you mentioned is a real goldmine of interesting N900 stuff! It's like wandering into Aladdin's cave in there...
Last edited by kwotski; 2009-12-14 at 21:21.
Originally Posted by rambo
Indeed. I was just looking at that point for any way for my laptop to connect out via the phone's cell internet connection. I since solved that by using the phone's cell modem over usb, a possibility I wasn't aware of at the time I was pondering the ssh tunnel
I don't think [ssh tunnel would] be any easier to use and it really only would work for one user anyways (the advantage of sharing internet via wlan is that your friends can use it too)
Originally Posted by rambo
Yay! That would be a big improvement!
Some rather smart people are trying to get the modules working on the stock kernel, and if it is impossible (it seems some "unused" symbols that these modules depend on are stripped...) I'll see if I can make the powers that be to see the light and maybe we'll have a new stock kernel...
It seems odd that we have the ip_tables module itself but no obvious (to me) way of controlling it. Can you shed any light on that? Is something else on the device using the module (it doesn't appear in my lsmod)? Can it be configured or interrogated outside of the missing iptables binary? Otherwise, what is it doing there?!
Originally Posted by rambo
You know, it might be a bit less scary had they named it differently
In this case you only need to flash the kernel which will take less than 30seconds, of course it's a hurdle and a bit scary if you have never done it before. Flashing the stock kernel back is equally simple once you have extracted the kernel from the Fiasco (kernel+rootfs+whatever bundle) image so no need to lose any settings or data.
In any case I look forward quite a lot to having a fully fledged advanced router in my pocket! I'll probably give a user-made kernel a try if I see a few other people using it with no problems.Thanks again for your efforts on behalf of this feature.
Edit: Just to add, that page you mentioned is a real goldmine of interesting N900 stuff! It's like wandering into Aladdin's cave in there...
Last edited by kwotski; 2009-12-14 at 21:21.
|
|
2009-12-14
, 21:57
|
|
Posts: 540 |
Thanked: 288 times |
Joined on Sep 2009
|
#26
|
Originally Posted by kwotski
The stock kernel does not have the connection tracking etc needed for NAT, the very base iptables might be there on purpose or by accident, but does not really matter for us...
It seems odd that we have the ip_tables module itself but no obvious (to me) way of controlling it. Can you shed any light on that? Is something else on the device using the module (it doesn't appear in my lsmod)? Can it be configured or interrogated outside of the missing iptables binary? Otherwise, what is it doing there?!
iptables can be controlled via the ipc interface in the kernel by any program with sufficient privileges, the iptables binary is just the most handy one (I have compiled iptables against the -hotspot kernel the hotspot backend scripts can use it).
I talked with Niels (xfade) today and he'll talk with some of the kernel people, so that we would (hopefully) get a stock kernel with the neccessary symbols for the nf_conntrack module (which is needed for NAT) someday.
| The Following 3 Users Say Thank You to rambo For This Useful Post: | ||
|
|
2009-12-19
, 19:31
|
|
Posts: 236 |
Thanked: 223 times |
Joined on Oct 2009
@ NE UK
|
#27
|
I noticed earler today that jebba has compiled modules including the ones needed for NAT it seems (see his wiki user page, and the modules themselves ) that "should work with the stock N900 kernel".
Is there any chance to get an iptables binary that will work with these?
Is there any chance to get an iptables binary that will work with these?
|
|
2009-12-19
, 20:10
|
|
Posts: 355 |
Thanked: 566 times |
Joined on Nov 2009
@ Redstone Canyon, Colorado
|
#28
|
Originally Posted by kwotski
Various modules in that directory work, but the NAT ones don't for the same reasons rambo ran into.
I noticed earler today that jebba has compiled modules including the ones needed for NAT it seems (see his wiki user page, and the modules themselves ) that "should work with the stock N900 kernel".
Is there any chance to get an iptables binary that will work with these?
You can see the various tests here:
http://www.freemoe.org/users/jebba/k...probe-test.log
I have built a number of kernels for this device already. At some point I will be making a fatter kernel with lots of various modules built into it that are missing from the stock kernel.
Thanks for pinging me about this thread,
-Jeff
http://wiki.maemo.org/User:Jebba
|
|
2009-12-21
, 16:48
|
|
Posts: 3 |
Thanked: 7 times |
Joined on Oct 2008
@ Recife
|
#29
|
Hi guys
I am dealing with the same problems to get my iptables working, which modules are you guys trying to use? The iptables match state one?
I am making a firewall application: http://www.zimmerle.org/
I am dealing with the same problems to get my iptables working, which modules are you guys trying to use? The iptables match state one?
I am making a firewall application: http://www.zimmerle.org/
|
|
2009-12-21
, 21:51
|
|
Posts: 540 |
Thanked: 288 times |
Joined on Sep 2009
|
#30
|
Originally Posted by zimmerle
Starting with nf_conntrack which is requirement for just about everything having to do with routing and ending with iptable_nat (the dependency chain has a few other modules in between as well)
I am dealing with the same problems to get my iptables working, which modules are you guys trying to use?
I'm an interaction designer, and in need for yout great app