DMZ an additional router

so I recently had an idea to test use a server (with ubuntu) and I need it to be accessible from the outside with port fowarding, cause I’m not often in my home, but the internet provider doesnt like them for us the consumers to mess around with their routers (dont know why), so they change their passwords daily. I can access the router because I have a “friend” that can give me the access user and password, but I dont want to bother him everytime I want to make a change, so I was thinking on setting up an additional router, DMZ its static ip, and from my personal router, open the ports I need.

Is this a good or bad idea?

React Router not switching to non-base routes

I’m setting up React Router in a project that was previously using Reach Router.

Before, the routes looked like this with Reach:

import { Router } from '@reach/router';  ...  <Router>       {anon ? <AnonHomepage /> : <Homepage />}       <Explore path="explore/:category" /> </Router> 

And then, switching to React Router, I have my file set up like this:

import { BrowserRouter, Switch, Route } from 'react-router-dom';  ...  <BrowserRouter>       <Switch>         {anon ? (           <Route path="/" component={AnonHomepage} />         ) : (           <Route path="/" component={Homepage} />         )}         <Route           path="/explore/:category"           component={Explore}         />       </Switch> </BrowserRouter> 

But, the router keeps only showing the AnonHomepage and/or the Homepage in that / route, never the /explore (or any other) route anymore. What am I doing wrong? How can I make it use the correct components instead of always showing the base route’s components?

Kotlin – Network Packet Router and Serializer

This is part of a larger project that acts as a mini gameserver. This class is responsible for routing incoming packets to listeners, as well as maintaining mappings for deserialization of incoming network packets and serialization for outgoing packets.

package me.srikavin.quiz.network.common  import me.srikavin.quiz.network.common.message.* import me.srikavin.quiz.network.common.message.game.AnswerQuestionSerializer import me.srikavin.quiz.network.common.message.game.AnswerResponseSerializer import me.srikavin.quiz.network.common.message.game.GameEndMessageSerializer import me.srikavin.quiz.network.common.message.game.StateUpdateMessageSerializer import me.srikavin.quiz.network.common.message.matchmaker.MatchmakerStateUpdateMessageSerializer import me.srikavin.quiz.network.common.message.matchmaker.MatchmakingStartMessageSerializer import me.srikavin.quiz.network.common.message.matchmaker.MatchmakingStopMessageSerializer import me.srikavin.quiz.network.common.model.game.GameClient import java.nio.ByteBuffer  interface MessageHandler<in T : MessageBase> {     fun handle(client: GameClient, message: T) {      } }  class MessageRouter(initDefaults: Boolean = true) {     private val packetMap: MutableMap<MessageIdentifier, MessageSerializer<out MessageBase>> = HashMap()     private val handlerMap: MutableMap<MessageIdentifier, MutableSet<MessageHandler<MessageBase>>> =         mutableMapOf<MessageIdentifier, MutableSet<MessageHandler<MessageBase>>>().withDefault { HashSet() }      init {         if (initDefaults) {             registerPacket(MATCHMAKER_START_PACKET_ID, MatchmakingStartMessageSerializer())             registerPacket(MATCHMAKER_STOP_PACKET_ID, MatchmakingStopMessageSerializer())             registerPacket(MATCHMAKER_STATE_UPDATE_PACKET_ID, MatchmakerStateUpdateMessageSerializer())             registerPacket(STATE_UPDATE_PACKET_ID, StateUpdateMessageSerializer())             registerPacket(ANSWER_QUESTION_PACKET_ID, AnswerQuestionSerializer())             registerPacket(GAME_END_PACKET_ID, GameEndMessageSerializer())             registerPacket(ANSWER_RESPONSE_PACKET_ID, AnswerResponseSerializer())         }     }      fun handlePacket(client: GameClient, message: ByteBuffer) {         val id = MessageIdentifier(message.get())         val serializer = packetMap[id] ?: throw RuntimeException("Unknown packet id: $  id")         val packet = serializer.fromBytes(message)         handlePacket(client, packet)     }      fun handlePacket(client: GameClient, message: MessageBase) {         handlerMap[message.identifier].orEmpty().forEach {             it.handle(client, message)         }     }      fun serializeMessage(message: MessageBase): ByteBuffer {         val serializer = packetMap[message.identifier]             ?: throw RuntimeException("Unrecognized packet: $  {message.identifier}; $  message, has it been registered?)")           @Suppress("UNCHECKED_CAST")         return (serializer as MessageSerializer<MessageBase>).toBytes(message)     }      fun registerPacket(type: MessageIdentifier, serializer: MessageSerializer<out MessageBase>) {         packetMap[type] = serializer     }      fun <T : MessageBase> registerHandler(type: MessageIdentifier, handler: MessageHandler<T>) {         if (!handlerMap.containsKey(type)) {             handlerMap[type] = HashSet()         }         @Suppress("UNCHECKED_CAST")         handlerMap[type]?.add(handler as MessageHandler<MessageBase>)     } } 

For completeness, here is the definition of DefaultMessages:

package me.srikavin.quiz.network.common.message  val MATCHMAKER_START_PACKET_ID = MessageIdentifier(0x1) val MATCHMAKER_STATE_UPDATE_PACKET_ID = MessageIdentifier(0x2) val MATCHMAKER_ACTION_PACKET_ID = MessageIdentifier(0x3) val STATE_UPDATE_PACKET_ID = MessageIdentifier(0x4) val ANSWER_QUESTION_PACKET_ID = MessageIdentifier(0x5) val MATCHMAKER_STOP_PACKET_ID = MessageIdentifier(0x6) val GAME_END_PACKET_ID = MessageIdentifier(0x7) val ANSWER_RESPONSE_PACKET_ID = MessageIdentifier(0x8) 

and MessageIdentifier:

package me.srikavin.quiz.network.common.message  import java.nio.ByteBuffer  inline class MessageIdentifier(val value: Byte)  interface MessageSerializer<T : MessageBase> {     fun toBytes(t: T): ByteBuffer     fun fromBytes(buffer: ByteBuffer): T }  abstract class MessageBase(val identifier: MessageIdentifier) 

How can this be improved?

ubuntu 18.04 no internet though 4g router

The connection through my mobile router (tplink mifi m7350) isn’t working anymore and I cannot understand why.

The same router used by the cell phone (android) works perfectly:

  • connecting to the router itself http://192.168.0.1 shows the admin app which declares to be connected to both the PC and the phone)
  • the phone can navigate the Internet

From Ubuntu I can see the router connected, an ip has been assigned

$   nmcli device show wlp3s0  GENERAL.DEVICE:                         wlp3s0 GENERAL.TYPE:                           wifi GENERAL.HWADDR:                         C0:CB:38:37:80:CE GENERAL.MTU:                            1500 GENERAL.STATE:                          100 (connected) GENERAL.CONNECTION:                     TP-Link_8B6B GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/28 IP4.ADDRESS[1]:                         192.168.0.136/24 IP4.GATEWAY:                            192.168.0.1 IP4.ROUTE[1]:                           dst = 0.0.0.0/0, nh = 192.168.0.1, mt = 600 IP4.ROUTE[2]:                           dst = 192.168.0.0/24, nh = 0.0.0.0, mt = 600 IP4.ROUTE[3]:                           dst = 169.254.0.0/16, nh = 0.0.0.0, mt = 1000 IP4.DNS[1]:                             192.168.0.1 IP6.ADDRESS[1]:                         fe80::5a50:d171:52d3:a730/64 IP6.GATEWAY:                            -- IP6.ROUTE[1]:                           dst = ff00::/8, nh = ::, mt = 256, table=255 IP6.ROUTE[2]:                           dst = fe80::/64, nh = ::, mt = 256 IP6.ROUTE[3]:                           dst = fe80::/64, nh = ::, mt = 600 

the routing table seems ok:

Kernel IP routing table Destination     Gateway         Genmask         Flags Metric Ref    Use Iface default         lrkwz-Precision 0.0.0.0         UG    0      0        0 wlp3s0 link-local      0.0.0.0         255.255.0.0     U     1000   0        0 wlp3s0 (...) 192.168.0.0     0.0.0.0         255.255.255.0   U     600    0        0 wlp3s0 192.168.0.0     0.0.0.0         255.255.240.0   U     0      0        0 br-5a71a323fc97 192.168.16.0    0.0.0.0         255.255.240.0   U     0      0        0 br-9155247a5500 192.168.32.0    0.0.0.0         255.255.240.0   U     0      0        0 br-72b41f5e1bf7 192.168.48.0    0.0.0.0         255.255.240.0   U     0      0        0 br-04bf5a3cdf1e 192.168.64.0    0.0.0.0         255.255.240.0   U     0      0        0 br-63c28b3c6d04 192.168.80.0    0.0.0.0         255.255.240.0   U     0      0        0 br-0ab70b5d8d47 

How can I diagnose the problem?

Is DENY ALL enough for an edge router?

If linux is being used as the edge router/firewall/dmz/gateway, is denying all incoming traffic enough? That is, assuming nothing like sshd is open to the public eth port.

Are there other measures that need to be taken?

I’m trying to find the difference between a normal router like Unifi, Linksys etc, and an ubuntu box with 2 Eths. Is there some sort of magic I’m missing?

I mean, there’s the obvious IPS and DDOS protection. But for the basic security, deny all, actually deny’s all, right? heh.

Nginx multiple locations and REACT router

I’ve a react APP in my web server root. And i need to define some locations excluded from react-router i made the Nginx part like this:

server {     listen 80;     listen 443 ssl;      server_name mydomain.com www.mydomain.com;      client_max_body_size 150m;     client_header_timeout 3m;     client_body_timeout 3m;     send_timeout 3m;      gzip on;     gzip_types       text/css       text/javascript       text/xml       text/plain       application/javascript       application/x-javascript       application/json       application/xml       application/rss+xml       application/atom+xml       font/truetype       font/opentype       image/svg+xml;      ssl_certificate /etc/nginx/tls/mydomain.pem; #/ssl4free/full_chain.pem;     ssl_certificate_key /etc/nginx/tls/mydomain.key; #ssl4free/private_key.pem;      access_log /var/log/nginx/frontend.access.log;     error_log /var/log/nginx/fronend.app.error.log;       location / {         root /home/mydomain/frontend;         try_files $  uri @rewrites;     }       location ^~ /files {         alias /home/mydomain/api/public;     }      location /api/ {         proxy_set_header X-Real-IP $  remote_addr;         proxy_set_header X-Forwarded-For $  proxy_add_x_forwarded_for;         proxy_set_header X-NginX-Proxy true;         proxy_set_header X-Forwarded-Proto https;         proxy_set_header Upgrade $  http_upgrade;         proxy_set_header Connection "upgrade";         proxy_ssl_session_reuse off;         proxy_set_header Host $  http_host;         proxy_cache_bypass $  http_upgrade;         proxy_pass http://express_servers;         proxy_redirect off;         access_log /var/log/nginx/api.access.log;         error_log /var/log/nginx/api.error.log;     }      location ^~ /cp  {         alias /home/mydomain/cp;         #try_files $  uri /cp/index.html;         try_files $  uri @cprewrites;     }      location ^~ /blog {         alias /home/mydomain/blog;         index index.php;         #try_files $  uri $  uri/ =404;         try_files $  uri $  uri/ /blog/index.php?$  args;         if (!-e $  request_filename) { rewrite ^ /discover/index.php last; }         #try_files $  uri @blogrewrites;          location ~ \.php$   {            include /etc/nginx/snippets/fastcgi-php.conf;            #fastcgi_split_path_info ^(/blog)(/.*)$  ;            fastcgi_param SCRIPT_FILENAME $  request_filename;            fastcgi_pass unix:/run/php/php7.3-fpm.sock;         }      }       location ^~ /phpmyadmin {         alias /home/mydomain/phpmyadmin;         index index.php;         try_files $  uri $  uri/ =404;          location ~ \.php$   {            include /etc/nginx/snippets/fastcgi-php.conf;            fastcgi_param SCRIPT_FILENAME $  request_filename;            fastcgi_pass unix:/run/php/php7.3-fpm.sock;         }      }      location @rewrites {       rewrite ^(.+)$   /index.html last;     }      location @cprewrites {       rewrite ^(.+)$   /cp/index.html last;     }      location @blogrewrites {       rewrite ^(.+)$   /blog/index.php last;     } } 

every time switching between locations in google chrome, it needs to hard refresh (CTRL+F5) to show right location!

where is my mistake? i can’t find it.

Conflict between REACT router and Nginx locations

I’ve a react APP in my web server root. And i need to define some locations excluded from react-router i made the Nginx part like this:

server {     listen 80;     listen 443 ssl;      server_name mydomain.com www.mydomain.com;      client_max_body_size 150m;     client_header_timeout 3m;     client_body_timeout 3m;     send_timeout 3m;      gzip on;     gzip_types       text/css       text/javascript       text/xml       text/plain       application/javascript       application/x-javascript       application/json       application/xml       application/rss+xml       application/atom+xml       font/truetype       font/opentype       image/svg+xml;      ssl_certificate /etc/nginx/tls/mydomain.pem; #/ssl4free/full_chain.pem;     ssl_certificate_key /etc/nginx/tls/mydomain.key; #ssl4free/private_key.pem;      access_log /var/log/nginx/frontend.access.log;     error_log /var/log/nginx/fronend.app.error.log;       location / {         root /home/mydomain/frontend;         try_files $  uri @rewrites;     }       location ^~ /files {         alias /home/mydomain/api/public;     }      location /api/ {         proxy_set_header X-Real-IP $  remote_addr;         proxy_set_header X-Forwarded-For $  proxy_add_x_forwarded_for;         proxy_set_header X-NginX-Proxy true;         proxy_set_header X-Forwarded-Proto https;         proxy_set_header Upgrade $  http_upgrade;         proxy_set_header Connection "upgrade";         proxy_ssl_session_reuse off;         proxy_set_header Host $  http_host;         proxy_cache_bypass $  http_upgrade;         proxy_pass http://express_servers;         proxy_redirect off;         access_log /var/log/nginx/api.access.log;         error_log /var/log/nginx/api.error.log;     }      location ^~ /cp  {         alias /home/mydomain/cp;         #try_files $  uri /cp/index.html;         try_files $  uri @cprewrites;     }      location ^~ /blog {         alias /home/mydomain/blog;         index index.php;         #try_files $  uri $  uri/ =404;         try_files $  uri $  uri/ /blog/index.php?$  args;         if (!-e $  request_filename) { rewrite ^ /discover/index.php last; }         #try_files $  uri @blogrewrites;          location ~ \.php$   {            include /etc/nginx/snippets/fastcgi-php.conf;            #fastcgi_split_path_info ^(/blog)(/.*)$  ;            fastcgi_param SCRIPT_FILENAME $  request_filename;            fastcgi_pass unix:/run/php/php7.3-fpm.sock;         }      }       location ^~ /phpmyadmin {         alias /home/mydomain/phpmyadmin;         index index.php;         try_files $  uri $  uri/ =404;          location ~ \.php$   {            include /etc/nginx/snippets/fastcgi-php.conf;            fastcgi_param SCRIPT_FILENAME $  request_filename;            fastcgi_pass unix:/run/php/php7.3-fpm.sock;         }      }      location @rewrites {       rewrite ^(.+)$   /index.html last;     }      location @cprewrites {       rewrite ^(.+)$   /cp/index.html last;     }      location @blogrewrites {       rewrite ^(.+)$   /blog/index.php last;     } } 

every time switching between locations in google chrome, it needs to hard refresh (CTRL+F5) to show right location!

where is my mistake? i can’t find it.