2017-05-30 - Re: [GRASE-Hotspot] how to setup grase as a router - NAT enabled

Header Data

From: Timothy White <ti***8@gmail.com>
Message Hash: ceba0582ce5f897ba89b77e8eb81adca032c16e91563ffc449b2fcebb377f286
Message ID: <CAESLx0Kic6Xtv5hZM0VcyW=mE_p1LuH37gCvyQ2eOqgLRTbAHA@mail.gmail.com>
Reply To: <CAPYsbFYPR4cYkFVvx0fMUcuk5pVc-fOdwgVZUk4iza99+8E_8A@mail.gmail.com>
UTC Datetime: 2017-05-30 03:36:40 UTC
Raw Date: Tue, 30 May 2017 20:36:40 +1000

Raw message 

Hi Tubeta

Grase will Always NAT, due to how the CoovaChilli software works. If you
put it behind a Gateway with NAT enabled, you end up with Double NAT, which
in rare cases can cause issues for some applications that need to "punch
holes" through your NAT. Normally only required when trying to connect peer
2 peer, like some video chat software does. Having said that, most good
software has worked out ways to get through double NAT anyway.

Regards

Tim

On Mon, May 29, 2017 at 8:41 AM, Tubeta Taenang <tu***g@gmail.com>
wrote:

> Thanks Tim
>
> So what is the default NAT setting for Grase? What is the difference when
> I setup Grase as a gateway with NAT enabled rather that attaching it to a
> router with NAT enabled?
>
> Thanks
> Tubeta
> On Mon, May 29, 2017 at 9:29 AM, Timothy White <ti***8@gmail.com>
> wrote:
>
>> Hi Tubeta
>>
>> Basically, Grase already does all of this. By default, it NAT's, and due
>> to the NATing you end up with a firewall from the internet to the clients.
>> It also already routes, and being a Linux computer, can do much more
>> advanced routing if required. I wouldn't recommend trying any of that
>> unless you are familiar with Networking though.
>>
>> As for preventing malware from internal computers, this is pretty hard
>> for any system to do. You can block what outgoing ports are allowed (using
>> Grase), but you'll quickly find it's either wack a mole trying to block
>> ports, or it's unusable because you've blocked so much, that many services
>> fail to work.
>>
>> Lastly, if you can browse the internet, chances are malware can get in
>> and out. Malware is written to take advantage of anything you do on the
>> internet, and other than a few 0-day vulnerabilities, you are more likely
>> to be hit with malware that a user has accidentally clicked on.
>>
>> Regards
>>
>> Tim
>>
>> On Mon, May 29, 2017 at 7:11 AM, Tubeta Taenang <tu***g@gmail.com
>> > wrote:
>>
>>> Hello Tim and community developers,
>>>
>>> This is my third issue that I really want to tackle with the grase
>>> software. At work I am using the portal of Grase hotspot to manage my
>>> users' Internet usage! Here where I am working, Internet access is very
>>> critical for some aspect of our business and therefore it is required to be
>>> monitored and controlled in the best possible way to avoid any kind of
>>> abuse.
>>>
>>> Here is what I want to achieve:
>>>
>>> 1. Configure Grase to act as a router to allow traffic routing.
>>> 2. Configure Grase to do  NAT
>>> 3. Configure Grase firewall to prevent any kind of attack from the
>>> Internet or any malware originated form internal computers.
>>>
>>> I will apreciate any step by step guide and your advises on this.
>>>
>>> Thanks
>>> Tubeta
>>>
>>> --
>>> This mailing list is for the Grase Hotspot Project
>>> http://grasehotspot.org
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "Grase Hotspot" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to gr***e@grasehotspot.org.
>>> To post to this group, send email to gr***t@grasehotspot.org.
>>> Visit this group at https://groups.google.com/a/gr
>>> asehotspot.org/group/grase-hotspot/.
>>> To view this discussion on the web visit https://groups.google.com/a/gr
>>> asehotspot.org/d/msgid/grase-hotspot/CAPYsbFapjGd%2BVkcwO4XR
>>> q_ST4qnOkdmz4vbnK2MP9S-Jro1REA%40mail.gmail.com
>>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAPYsbFapjGd%2BVkcwO4XRq_ST4qnOkdmz4vbnK2MP9S-Jro1REA%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>
>> --
>> This mailing list is for the Grase Hotspot Project
>> http://grasehotspot.org
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "Grase Hotspot" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to gr***e@grasehotspot.org.
>> To post to this group, send email to gr***t@grasehotspot.org.
>> Visit this group at https://groups.google.com/a/gr
>> asehotspot.org/group/grase-hotspot/.
>> To view this discussion on the web visit https://groups.google.com/a/gr
>> asehotspot.org/d/msgid/grase-hotspot/CAESLx0L9E%2BvT1VnY4EDA
>> RdXZRsCqomLFWAecB0O69K_zCj%2BzQQ%40mail.gmail.com
>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAESLx0L9E%2BvT1VnY4EDARdXZRsCqomLFWAecB0O69K_zCj%2BzQQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
>
> --
> This mailing list is for the Grase Hotspot Project http://grasehotspot.org
> ---
> You received this message because you are subscribed to the Google Groups
> "Grase Hotspot" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to gr***e@grasehotspot.org.
> To post to this group, send email to gr***t@grasehotspot.org.
> Visit this group at https://groups.google.com/a/
> grasehotspot.org/group/grase-hotspot/.
> To view this discussion on the web visit https://groups.google.com/a/
> grasehotspot.org/d/msgid/grase-hotspot/CAPYsbFYPR4cYkFVvx0fMUcuk5pVc-
> fOdwgVZUk4iza99%2B8E_8A%40mail.gmail.com
> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAPYsbFYPR4cYkFVvx0fMUcuk5pVc-fOdwgVZUk4iza99%2B8E_8A%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

Thread