ag123

just 2 cents : if PC1 can access "Rocky Liinux" , if what you need is to access a particular UDP or TCP port on Device 1 10.10.10.2, you can try port forwarding normally done with iptables, nftables, ufw etc also called NAT (netowork address translation) e.g. https://wiki.nftables.org/wiki-nftables/index.php/Performing_Network_Address_Translation_(NAT)#Destination_NAT this needs to be done on "Rocky Linux"

@Cancer if NetworkManager is masked I'd unmask that for use with netplan e.g. systemctl unmask NetworkManager systemctl enable NetworkManager systemctl start NetworkManager In the 'minimal IOT' images for OrangePi Zero 3, NetworkManager is not shipped with my images. I'd need to install that myself. Perhaps for other boards or images, NetworkManager could have been included by default. (but like you mentioned masked) in my /etc/netplan/configfile.yaml , I configured it as like that 3 lines, removed other liines so that I used NetworkManager utilities to configure the interfaces. I think that is 'simplier' than fumbling with netplan yaml configs which I'm unfamiliar as well. I'm actually running a Wifi AP, but that the AP itself is not managed by NetworkManager, it is managed by hostapd, as given prior https://gist.github.com/ag88/de02933ba65500376d1ff48e504b1bf3 I prefer hostapd as like discussed with @bushw, I think NetworkManager WiFi AP uses dnsmasq by default and setup a NAT (i.e. configures firewall rules for NAT masquerade) https://thekelleys.org.uk/dnsmasq/doc.html and a dhcp server to distribute ip address to the Wifi clients. While this works, it may not be the configuration I prefer. The other thing is hostapd logs every wifi connection in journalctl logs, that is something I specifically want, so that I can check the connections if need be. NetworkManager it seemed do not log the connection attempts at the AP. As to the rational that NetworkManager WiFi AP uses dnsmasq and setup NAT, 'mess with firewall rules', I think that is because it is a 'canonical' configuration that 'just works'. Because otherwise you need to consider routing , bridging , whether to run dhcp server etc which don't have any standard setup for a 'WiFI AP' based network. I.e. the config is specific and unique to your network configuration (the whole physical network, not just the board) and you need to configure that manually, e.g. with using hostapd. you can build 'very complex' networks if you bother to go the distance, e.g. to do routing, ipv6, special NAT, special firewalling etc, to the extend if you have the skill, I think you can even configure clients to 'roam' across WiFI APs in your network, that is not 'mesh' but rather a full 'autoroam' setup of network configs. but everything is manual, custom and specific / unique to your physical network. on a different off-topic note, my WiFI AP (hotspot) that I configured as described in the gist has been running (very) well on my OrangePi Zero 3 'for months' practically as a desktop WiFI AP. Throughput is good (I get slightly above 100 Mbps due to OrangePi Zero 3 having a good wifi chip), Armbian runs well on it, and I even run various apps on it. e.g. I managed to run rpi-monitor on it there is a thread about OrangePi Zero 3 but that it seemed for the edge kernels and images, there may be 'some troubles', I've not tried it though. I'm not sure if it affects the 'stable' images, hopefully that the 'stable' images which is a bit older in terms of kernel releases are still ok.

@Cancer Netplan is from Canonical, so I'd guess ubuntu would likely use a similar setup https://netplan.io/ https://netplan.readthedocs.io/en/stable/netplan-tutorial/#running-netplan-for-the-first-time https://docs.armbian.com/User-Guide_Networking/ and the renderers can be NetworkManager or Systemd-Networkd as described in their pages as well. The setup is less than intuitive, but that I'm more familiar with NetworkManager. What I did instead is that, for my netplan config /etc/netplan/10-dhcp-all-interfaces.yaml: network: version: 2 renderer: NetworkManager # Different than 'networkd' I only used a 'minimal' config as like above. That would make it use NetworkManager as the renderer. I think it is also necessary to install NetworkManager for some e.g. 'minimal IOT' images apt install NetworkManager Then that if you are running it with a keyboard, monitor with gnome graphical interface you can use a gui editor like nm-connection-editor network-manager-applet https://wiki.archlinux.org/title/NetworkManager to setup the network configs, the Gui is kind of 'guided' and tends to be 'easier' for beginners. if you don't have that I think there is nmtui - text based with (ncurses) menus nmcli - command line cli configs if you are using nmcli say operating from a text console, there are some tutorials you may find through a web (e.g. google) search https://www.cyberciti.biz/faq/redhat-network-interface-configuration/ https://www.tecmint.com/nmcli-configure-network-connection/ https://www.cyberciti.biz/faq/how-to-add-network-bridge-with-nmcli-networkmanager-on-linux/ https://dev.to/faaiq_amarullah/managing-networking-based-on-rhel-8-202e in general, while editing network interfaces, I take 'ample precautions' and operate over the serial debug console (using a usb-uart dongle), as you may get 'locked out' if you are in one of the network connections that you are editing. If you are using a full desktop say with a monitor and keyboard, that's ok as well. I think the 'iot minimal' images some of those use Systemd-Networkd as default, so some of the setup may still be in Systemd e.g. Systemd-resolved. That could affect your DNS resolver configs, what I did is I googled for configs about Systemd-resolved and maintained my primary and secondary (DNS) nameservers in /etc/systemd/resolved.conf I'm not too sure if that is after all necessary. NetworkManager is 'higher level' than configuration commands as like ip or ifconfig, in a sense that it 'manages' the interfaces. while ip and ipconfig are normally per-invocation command, NetworkManager stores its setup in /etc/NetworkManager. One should normally use the gui or nmcli / nmtui commands to configure them instead of editing the files directly. And remember to save the configs as permanent instead of temporary while using the gui, nmcli or nmtui. With that normally the configs will persist across reboots. This is probably more organised perhaps 'simplier' than say editing scripts say using the 'old' way say in /etc/interfaces. After you configured interfaces e.g. with nmcli, nmtui or the gui editors, normally to check status of the interfaces you could run commands like nmcli c show (show connections) nmdli d status (show devices) etc to show the state of interfaces configured by NetworkManager. the 'lower level' commands like ip (or ifconfig (apt install net-tools to get that) ip link (show link status) ip a (show addresses) can also be used to check on the status of the intefaces. listing wifi APs I think is nmcli d wifi list connecting to an AP I think is nmcli d connect SSID password "wifipassword" name a_name_for_this_connection ifname wlan0 note that there are options for reconnect, normally it does that, if that is not desired you may need to edit that say via nmcli c edit connection etc

@bushw ok this is what i saw in my setup running as an ap (I used netplan and NetworkManager - but I do not use its AP (wifi hotspot) features ) > sudo iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination ^ empty sudo nft list ruleset ^ empty my setup is documented here: https://gist.github.com/ag88/de02933ba65500376d1ff48e504b1bf3 I'm running and using hostapd for AP, for one thing hostapd produce logs for every client that connects to the wifi AP, that is far better than the 'built-in' 'easy' AP say with NetworkManager. Now I'd try to explain why you observe what you observe: --------- Network Manager could be using DNSmasq https://en.wikipedia.org/wiki/Dnsmasq https://thekelleys.org.uk/dnsmasq/doc.html when it setup the AP, it creates an NAT so that the wifi-subnet can access the upstream network https://tldp.org/HOWTO/html_single/Masquerading-Simple-HOWTO/ in addition,, DNSmasq also provides a dhcp server (to distribute ip addresses to the connecting wifi clients) and ipv6 router advertisement. that is what makes it 'simple'. don't like that? install and setup hostapd https://w1.fi/hostapd/ install and setup a dhcp server if you need it https://www.isc.org/dhcp/ install and setup radvd if you need ipv6 https://github.com/radvd-project/radvd those 3 above can normally be installed via apt next configure and setup the network interfaces and hostapd like what I did: key is (*unmanage* the WiFi interface and use hostapd to manage it, manual configure it) https://gist.github.com/ag88/de02933ba65500376d1ff48e504b1bf3 then you can choose to setup a network bridge or routing as you deemed fit. or even NAT - via ip tables or nftables https://wiki.nftables.org/wiki-nftables/index.php/Main_Page ^ if you do this, then that is what dnsmasq (probably called by NetworkManager) tries to do for you to make it 'easy' but if you configure everything yourself, using hostapd and the respective individual tools (dhcp server, radvd etc), no interference from Netplan, NetworkManager , dnsmasq, doesn't touch your iptables or nftables --- this mode: AP for wifi interface is a *feature* that you used in NetworkManager (dnsmasq) this is different from saying that Netplan and/or NetworkManager * *maliciously* change firewall configs for all possible combinations of network interfaces and configurations* don't like that AP feature / implementation in NetworkManager? you could probably take it up with RedHat https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/networking_guide/getting_started_with_networkmanager I'm not sure what other ways are there to configure the AP in NetworkManager so that it doesn't do NAT you would need to experiment if you are using the mode: AP feature in NetworkManager, there are likely various config options https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/proc_configuring-rhel-as-a-wpa2-or-wpa3-personal-access-point_configuring-and-managing-networking https://www.baeldung.com/linux/nmcli-wap-sharing-internet doing everything manually for WiFi AP using hostapd land individual tools, lets you control every single aspects of the network configs, I prefer this myself over the 'simple' approach e.g. that offered by NetworkManager, this include your firewall rules iptables, nftables etc, it is in part because the 'simple' AP offered by NetworkManager does so using NAT which is basically firewall rulesets i.e. iptables, nftables, if you don't want it to 'touch' that, then you would need to setup things manually and not use NetworkManager's AP mode.

@Cancer Why you need to drop ifconfig for ip: https://opensource.com/article/21/1/ifconfig-ip-linux If you’re still using ifconfig, you’re living in the past https://ubuntu.com/blog/if-youre-still-using-ifconfig-youre-living-in-the-past there are certain things in this article that can be done in ip command that takes more than just ifconfig to do the same. Introduction to Linux interfaces for virtual networking https://developers.redhat.com/blog/2018/10/22/introduction-to-linux-interfaces-for-virtual-networking#vlan ^ this matters if you are bothered about containers, docker, virtual machines, virtualbox, vpn, wireguard, vlan, etc etc otherwise, if you don't need any of containers, docker, virtual machines, virtualbox, vpn, wireguard, vlan, etc etc you can live with ifconfig in a certain sense, the availability of this network infrastructure in linux along with ip command as one of the tools accounts for the modern trillion $ cloud services: amazon aws, google cloud, azure, ibm redhat, and practically every other vps, web, any sort of cloud services on Internet that runs on linux today. anyway, to get ifconfig it is simply sudo apt install net-tools https://www.fosslinux.com/121757/how-to-install-missing-ifconfig-command-on-linux.htm

accordingly, one can remove Netplan if one don't like it https://www.baeldung.com/linux/etc-network-interfaces-netplan-switch and that actually even with Netplan one can configure a different renderer, e.g. Network-Manager https://docs.armbian.com/User-Guide_Networking/ or for that matter, I think it is feasible to remove Netplan altogether and just use Network Manager, if one prefers that or even for that matter switch back to the raw lowest level /etc/network/interfaces as described in the 1st link In addition show the detailed sequence of events and provide details that: if you cannot show this in detail, then what is your basis of saying that it happens? Note that normally, there is a sequence of events, the interfaces need to be setup first hand, then that the firewall (e.g. iptables) is configured after that. What you need to proof in addition, is that Netplan or NetworkManager *revoke or change* your iptables / firewall setup if they are configured after Netplan / NetworkManager setup the interfaces. i.e. that it is potentially malicious if all that you mention can be rigiously proven then that perhaps we can file that with mitre and have the world cybersecurity issue a major CVE about it. https://attack.mitre.org/ https://www.cve.org/ i.e. that the whole world and every web server, every vps, anyone any servers running wordpress on linux, any webs running linux, everyone including the whole amazonaws, azure, google cloud, redhat ibm, etc etc running linux follow up and fix *all the servers in the Internet*

I'd do it in a 'simplier' way, just use a new uSD card, that is partly a benefit of SBCs running on uSD cards.

https://www.phoronix.com/news/Debian-13.0-Released Debian 13 trixie released https://www.debian.org/News/2025/20250809

I just tested shutting down hostapd and restarting, it works systemctl stop hostapd.service systemctl start hostapd.service system process like hostapd should normally be properly started up and shutdown using systemd, killing the process etc may leave the kernel in inconsistent state. And maybe that's why you observe the issue. this is how I set it up https://gist.github.com/ag88/de02933ba65500376d1ff48e504b1bf3 accordingly, hostapd may require the interface to be on a bridge, I'm not sure about this, but that I'm using a (software) bridge so that the wifi interface is on it. > uname -a Linux orangepizero3a3 6.12.35-current-sunxi64 #1 SMP Fri Jun 27 10:11:46 UTC 2025 aarch64 GNU/Linux > nmcli c NAME UUID TYPE DEVICE bridge a6aa1bb8-c47e-400e-8de1-7faf96489c7a bridge br0 lo 084c74b2-0638-48be-b4c9-364f854ecabd loopback lo br-eth 6bab09b0-e16c-438b-a1bf-e0d82ca5141b ethernet end0 > sudo bridge link 2: end0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100 3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100 I put both ethernet and wifi on the bridge, wifi is not managed by network manager, hostapd patch that into the bridge. it is possible to just let hostapd setup the bridge in hostapd.conf, and normally that's all needed. this isn't the earliest armbian I'm running hostapd in, i've done it since linux 6.6.x kernel an earlier release some 1 year back or so, no issues.

anything 'interesting' in dmesg? and what is the Armbian / kernel version? e.g. uname -a btw 'real' armbian is currently at linux version 6.12.x https://www.armbian.com/orange-pi-zero-3/ btw I disabled wpa_supplicant when I run hostapd, I'm not sure if it'd affect anything, normally hostapd should work with wpa_supplicant running should be 'no problem'. wpa_supplicant is 'connecting out', while hostapd is an AP hotspot.

try ip link set wlan0 up

Installing rpi-monitor in Armbian for Orange Pi Zero 3 https://gist.github.com/ag88/65db5434158683e43d1cc77c337ebdb5

this is posted to Gist: https://gist.github.com/ag88/65db5434158683e43d1cc77c337ebdb5 Introduction Rpi-monitor https://github.com/XavierBerger/RPi-Monitor is a very nice app for monitoring sbc (single board computers/ actually bigger computers as well) like RPi on a web. it gives you a quick look at various system metrics cpu load, uptime, temperatures etc and more on a nice web page. and on top, makes nice time series graphs for the same, practically a dashboard. Installing in Armbian 25.8 for Orange Pi Zero 3 Rpi-monitor is normally not found in the common Apt repositories and actually the binary is a little old. I tried installing it based on the 'formal' docs but hit some invalid public keys errors, possibly expired certs. https://xavierberger.github.io/RPi-Monitor-docs/11_installation.html so here is a 'workaround' Deb packages for rpi-monitor you can find the packages in this repository (note that this may not be permanant and may change) https://github.com/XavierBerger/RPi-Monitor-deb use the **rpimonitor_latest.deb** file https://github.com/XavierBerger/RPi-Monitor-deb/tree/develop/packages install rpimonitor_latest.deb in Armbian use apt to install *rpimonitor_latest.deb* as it has varous package dependencies. e.g. download it to a folder and from there run sudo apt install ./rpimonitor_latest.deb the prior step should install rpimonitor, and check that the service is running by going to http://your_sbc_ip_address:8888 checking the setup rpi-monitor is runa as a systemd (unit) service if it is not running you can try systemctl status rpimonitor.service or journalctl -u rpimonitor.service to check what went wrong. to start / stop rpi-monitor it is as per basic systemd services e.g. systemctl start rpimonitor.service temperature 'not displaying' apparently, it is affected by this issue: https://github.com/XavierBerger/RPi-Monitor/issues/374 accordingly the fix/'workaround' is edit /etc/rpimonitor/template/temperature.conf replace #dynamic.1.postprocess=sprintf("%.2f", $1/1000) dynamic.1.postprocess=$1/1000

@ABhomeuser the board page is a bit out of date https://www.armbian.com/orange-pi-zero-3/ Debian 12 (Bookworm) Minimal / IOT SHA ASC 241.1 MB Debian 12 (Bookworm) Minimal / IOT SHA ASC 230.3 MB @Igor ^ how do we update that on the boards page? are actually the same file. proof: download the sha file for each of them and look at the content, you can see that both the filename and hash is identical in both sha texts. this means that both files are in fact identical and actually the same size, despite the incorrect file size indication on the front page. in fact that is currently linked to this release on github https://github.com/armbian/community/releases/tag/25.8.0-trunk.375 ^ this is released last week there are in fact 'earlier' releases, I'm running an image from this release https://github.com/armbian/community/releases/tag/25.8.0-trunk.309 I'd suggest going with the 'latest and greatest' (trunk 375) (which is that on the boards page currently) and if there are issues, then try that a little earlier e.g. in the latter link (trunk 309). armbian community images are rolling releases, they are 'fast moving' and perhaps come back in a few weeks, and it could be another trunk release number. but simply take an image 'as of now' and normally it 'just works' e.g. from the boards page.

all those things are wow give kodi a try? https://kodi.tv/