I'd like to use ConnMan in a device that connects to an Ethernet network, and also (optionally) can operate Wi-Fi in access point mode to provide technician type access to itself.
So it looks like "tethering" is the way to do a Wi-Fi access point. But in this use case, I don't want Wi-Fi tethering to permit access to upstream connections (the wired Ethernet). I can easily achieve that by adding a firewall with FORWARD rule set to DROP. However, I also want to lock down DNS. Even with forwarding stopped, a Wi-Fi client can still do DNS look-ups through the upstream connection, thus providing a back channel of communication. Secondly, I'd also like Wi-Fi clients to be able to access the device via a DNS name, such as my-serial-number.lan. I'm not sure how to configure a DNS server for the tether interface. Related to this: maybe I could run a DNS server, getting the tether interface's IP address updates through D-Bus. But as I've seen with connmanctl monitor, tether IP address doesn't seem to be notified on D-Bus. In summary, these questions: 1) How could the tether interface's DNS look-ups through upstream be restricted? 2) How could a DNS server be provided for the tether interface, which responds to my-serial-number.lan with the tether interface's current IP address? 3) How can notifications of tether interface's IP address changes be obtained via D-Bus? (Note: I found an older post to this mailing list, "Connman tethering landing page (or single dns record pointing back to itself)". Essentially the same objective re DNS. Zeroconf mDNS isn't a sufficient solution, due to limited support in Windows and Android.) -- Craig McQueen _______________________________________________ connman mailing list [email protected] https://lists.connman.net/mailman/listinfo/connman
