Posts: 486
Threads: 26
Joined: Jun 2019
Reputation:
31
2021-08-26, 04:14 PM
(This post was last modified: 2021-08-27, 11:50 AM by ironman.)
It occurred to me that when I connect openplotter to a typical (non-isolated) marina wifi, its open network sockets are freely available to all other wifi users. It would be great if I would be able to block all traffic except the traffic to and from the gateway. This can be done with iptables, but before I venture into this, I'd like to check if that has already been done?
Thx!
-
Posts: 23
Threads: 4
Joined: Jun 2017
Reputation:
0
Hi Ironman,
I was realizing the same.
I am considering to add an extra router in the network for this purpose.
For example a GL-Inet MT300N
Currently I am using it as a travel router for the laptop.
I have installed openWRT travelmate so is automatically conncets to known hotspots.
For the laptop it's working fine.
I am now struggeling about DHCP.
Both openplotter as the GL-Inet act as DHCP server.
Maybe I should have a static IP for each device anyway.
Posts: 486
Threads: 26
Joined: Jun 2019
Reputation:
31
2021-08-27, 11:50 AM
(This post was last modified: 2021-08-27, 12:29 PM by ironman.)
A little more information.
I have the default 'openplotter' access point configured on the RPI4 on-board wifi adapter (with a non-default wifi passphrase of course). In addition, I stuck a wifi-dongle in the USB port and furnished wpa_supplicant.conf with the credentials of the marina wifi. This provides internet connectivity not only to the openplotter, but also to the wifi clients that are attached to the openplotter access point. So far, I was quite chaffed with this! However, because my signalk's udp nmea port was accessible from the entire wifi segment, I suddenly found values in my signalk database that must have come from some other boat, and hence I found out that my marina wifi did not isolate clients. I have already logged an issue with signalk to limit the interfaces that the nmea listeners register to. Strictly spoken, this is not an openplotter issue but a raspbian thing. However, openplotter owners might be at risk like I am.
I have looked into wpa_supplement.conf parameters, hoping I could specify client isolation here, but it does not seem to sit here.