Skip to content

Commit

Permalink
update iptables configuration
Browse files Browse the repository at this point in the history
  • Loading branch information
serinko committed Dec 10, 2024
1 parent a908ab8 commit 299a91f
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 9 deletions.
15 changes: 10 additions & 5 deletions documentation/docs/pages/operators/changelog.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -75,16 +75,17 @@ This page displays a full list of all the changes during our release cycle from
- No delegation - not upgrading in time - 2 nodes
</AccordionTemplate>

- [`network_tunnel_manager.sh` updated](): run the commands below to make sure
- [`network_tunnel_manager.sh` updated](network): run the commands below to make sure

<br />

<AccordionTemplate name={<TestingSteps/>}>
these commands can be run one by one or copy-pasted and run as a block.
<AccordionTemplate name={<TunnelManagerCommands/>}>
These commands can be run one by one or copy-pasted and run as a block.
```sh
mkdir $HOME/nym-binaries; \

curl -L https://raw.githubusercontent.com/nymtech/nym/refs/heads/develop/scripts/network_tunnel_manager.sh -o $HOME/nym-binaries/network_tunnel_manager.sh && chmod +x $HOME/nym-binaries/network_tunnel_manager.sh; \
curl -L https://raw.githubusercontent.com/nymtech/nym/refs/heads/develop/scripts/network_tunnel_manager.sh -o $HOME/nym-binaries/network_tunnel_manager.sh && \
chmod +x $HOME/nym-binaries/network_tunnel_manager.sh; \

$HOME/nym-binaries/network_tunnel_manager.sh check_nymtun_iptables ; \
$HOME/nym-binaries/network_tunnel_manager.sh remove_duplicate_rules nymtun0 ;\
Expand All @@ -102,13 +103,17 @@ systemctl daemon-reload && service nym-node restart && journalctl -u nym-node -f
```

Then run the jokes in a new window for control

```sh
$HOME/nym-binaries/network_tunnel_manager.sh joke_through_the_mixnet
$HOME/nym-binaries/network_tunnel_manager.sh joke_through_wg_tunnel
```
</AccordionTemplate>



#### Tools

- **[New APIs documentation](../apis/introduction)** with interactive APIs generated from the OpenAPI specs of various API endpoints offered by bits of Nym infrastructure run both by Nym and community operators for both Mainnet and the Sandbox testnet.
- [Nym Harbourmaster](https://harbourmaster.nymtech.net/) has a new tab called `CONTRACT EXPLORER` querying data from Nym mixnet contract in real time.
- [Nym Explorer](https://explorer.nymtech.net) is updated to read migrated nodes correctly
- [New community explorer by SpectreDAO](https://explorer.nym.spectredao.net/dashboard) offers Nym Network dashboard, Node overview and Account stats view functions for operators and delegators.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -301,8 +301,10 @@ chmod +x network_tunnel_manager.sh && \

###### 3. Setup IP tables rules

- Apply the rules for IPv4 and IPv6:
- Delete IP tables rules for IPv4 and IPv6 and apply new ones:
```sh
./network_tunnel_manager.sh remove_duplicate_rules nymtun0

./network_tunnel_manager.sh apply_iptables_rules
```

Expand Down Expand Up @@ -363,9 +365,11 @@ operation check_nymtun_iptables completed successfully.
```
</AccordionTemplate>

###### 5. Apply rules for wireguad routing
###### 5. Remove old and apply new rules for wireguad routing

```sh
/network_tunnel_manager.sh remove_duplicate_rules nymwg

./network_tunnel_manager.sh apply_iptables_rules_wg
```

Expand All @@ -374,8 +378,15 @@ operation check_nymtun_iptables completed successfully.
```sh
./network_tunnel_manager.sh configure_dns_and_icmp_wg
```
###### 7. Adjust and validate IP forwarding

```sh
./network_tunnel_manager.sh adjust_ip_forwarding

./network_tunnel_manager.sh check_ipv6_ipv4_forwarding
```

###### 7. Check `nymtun0` interface and test routing configuration
###### 8. Check `nymtun0` interface and test routing configuration

```sh
ip addr show nymtun0
Expand Down Expand Up @@ -409,7 +420,7 @@ ip addr show nymtun0
- **Note:** WireGuard will return only IPv4 joke, not IPv6. WG IPv6 is under development. Running IPR joke through the mixnet with `./network_tunnel_manager.sh joke_through_the_mixnet` should work with both IPv4 and IPv6!


###### 8. Enable wireguard
###### 9. Enable wireguard

Now you can run your node with the `--wireguard-enabled true` flag or add it to your [systemd service config](#systemd). Restart your `nym-node` or [systemd](#2-following-steps-for-nym-nodes-running-as-systemd-service) service (recommended):

Expand Down

0 comments on commit 299a91f

Please sign in to comment.