Luv2C0d3 · March 3, 2025 19:13 · Mar 3, 2025
diff --git a/gistfile1.txt b/gistfile1.txt
@@ -0,0 +1,46 @@
+# Burn debian into sd card
+# Follow instructions on tailscale site
+# install with one command tailscale
+curl -fsSL https://tailscale.com/install.sh | sudo sh
+
+# eventually enable systemd-resolved to prevent fights over who writes /etc/resolv.conf
+sudo apt install -y systemd-resolved
+# check that /etc/resolv.conf is now a link instead of a file.
+
+# -- For security --
+# enable firewall, using ufw
+
+# 1. Enable UFW and Allow SSH from Tailscale
+# Tailscale assigns each machine a 100.x.x.x IP address. To allow SSH only from Tailscale:
+sudo ufw allow in from 100.0.0.0/8 to any port 22 proto tcp
+
+# Allow Local SSH for Backup Access
+# If you also want to allow SSH from your local network (e.g., 192.168.1.x):
+# Change 1 to your subnet number
+sudo ufw allow in from 192.168.1.0/24 to any port 22 proto tcp
+
+# 2. Tailscale uses the virtual interface tailscale0, 
+# so you should allow all traffic over it:
+sudo ufw allow in on tailscale0
+sudo ufw allow out on tailscale0
+
+# 3. Allow Tailscale's Control Traffic
+# Tailscale needs to communicate with its coordination servers. 
+# Allow the necessary ports:
+sudo ufw allow out to any port 41641 proto udp  # Tailscale direct UDP traffic
+sudo ufw allow out to any port 443 proto tcp    # HTTPS for coordination
+sudo ufw allow out to any port 3478 proto udp   # STUN for NAT traversal
+
+
+# 4. After setting the rules, enable ufw:
+sudo ufw enable
+# Check the status:
+sudo ufw status verbose
+
+# 5. Test Connectivity
+# After enabling UFW, verify:
+
+# SSH from Tailscale works: Try ssh user@100.x.x.x
+# Tailscale pings other peers: tailscale ping <peer-ip>
+
+
No results found