|
Przekierowanie portów na router
|
| j4zon3k |
Dodano 13-01-2013 14:34
|
User
Posty: 20
Dołączył: 12/01/2013 19:25
|
wsadzone 102
iptables wygląda tak:
Chain INPUT (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
shlimit tcp -- anywhere anywhere tcp dpt:ssh state NEW
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:5858
ACCEPT tcp -- anywhere anywhere tcp dpt:8030
ACCEPT udp -- anywhere anywhere udp dpt:5858
ACCEPT udp -- anywhere anywhere udp dpt:8030
Chain FORWARD (policy DROP)
target prot opt source destination
all -- anywhere anywhere account: network/netmask: 192.168.1.0/255.255.255.0 name: lan
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere state INVALID
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
wanin all -- anywhere anywhere
wanout all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain shlimit (1 references)
target prot opt source destination
all -- anywhere anywhere recent: SET name: shlimit side: source
DROP all -- anywhere anywhere recent: UPDATE seconds: 60 hit_count: 4 name: shlimit side: source
Chain wanin (1 references)
target prot opt source destination
Chain wanout (1 references)
target prot opt source destination
dodałem tylko połączenie, wyczyściłem NVRAM
dodałem
iptables -A INPUT -p tcp --dport 5858 -j ACCEPT
iptables -A INPUT -p tcp --dport 8030 -j ACCEPT
iptables -A INPUT -p udp --dport 5858 -j ACCEPT
iptables -A INPUT -p udp --dport 8030 -j ACCEPT
oczywiście jak to u mnie - dalej nie działa |
| |
|
|
| hermes-80 |
Dodano 13-01-2013 14:36
|
VIP
Posty: 3676
Dołączył: 21/04/2009 11:24
|
Usunąłeś tą regułkę z przekierowania portów?
Co to za router?
===============================================================
Netgear WNR3500L v1
Podziękowania dla administracji Openlinksys.info!
|
| |
|
|
| j4zon3k |
Dodano 13-01-2013 14:46
|
User
Posty: 20
Dołączył: 12/01/2013 19:25
|
wszystkie reguły usunąłem zostało tylko to co dodałem w skryptach dla firewall-a
AUSU 500Gp wsadzone tomato-NDUSB-1.28.5x-102-PL-Big-VPN.trx |
| |
|
|
| hermes-80 |
Dodano 13-01-2013 14:48
|
VIP
Posty: 3676
Dołączył: 21/04/2009 11:24
|
Pokaż wynik: ifconfig
===============================================================
Netgear WNR3500L v1
Podziękowania dla administracji Openlinksys.info!
|
| |
|
|
| j4zon3k |
Dodano 13-01-2013 14:55
|
User
Posty: 20
Dołączył: 12/01/2013 19:25
|
ifconfig:
br0 Link encap:Ethernet HWaddr 00:17:31:DC:06:B7
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:104819 errors:0 dropped:0 overruns:0 frame:0
TX packets:107916 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:16053760 (15.3 MiB) TX bytes:29884231 (28.4 MiB)
eth0 Link encap:Ethernet HWaddr 00:17:31:DC:06:B7
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:109477 errors:0 dropped:0 overruns:0 frame:0
TX packets:109625 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:30060765 (28.6 MiB) TX bytes:19761495 (18.8 MiB)
Interrupt:4 Base address:0x1000
eth1 Link encap:Ethernet HWaddr 00:17:31:DC:06:B7
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:114193 errors:0 dropped:0 overruns:0 frame:6083
TX packets:120811 errors:70 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:19517595 (18.6 MiB) TX bytes:35572039 (33.9 MiB)
Interrupt:12 Base address:0x2000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1
RX packets:109 errors:0 dropped:0 overruns:0 frame:0
TX packets:109 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:12568 (12.2 KiB) TX bytes:12568 (12.2 KiB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:171.34.109.21 P-t-P:195.114.190.157 Mask:255.255.255.255
UP POINTOPOINT RUNNING MULTICAST MTU:1492 Metric:1
RX packets:103886 errors:0 dropped:0 overruns:0 frame:0
TX packets:99077 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:24484493 (23.3 MiB) TX bytes:14894333 (14.2 MiB)
vlan0 Link encap:Ethernet HWaddr 00:17:31:DC:06:B7
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:2215 errors:0 dropped:0 overruns:0 frame:0
TX packets:5389 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1807400 (1.7 MiB) TX bytes:1169395 (1.1 MiB)
vlan1 Link encap:Ethernet HWaddr 00:17:31:DC:06:B8
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:104024 errors:0 dropped:0 overruns:0 frame:0
TX packets:99093 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:25748832 (24.5 MiB) TX bytes:17471071 (16.6 MiB)
|
| |
|
|
| hermes-80 |
Dodano 13-01-2013 15:02
|
VIP
Posty: 3676
Dołączył: 21/04/2009 11:24
|
spróbuj jeszcze dodać do FW takie coś:
iptables -I OUTPUT -o ppp0 -j ACCEPT
iptables -I INPUT -i ppp0 -j ACCEPT
===============================================================
Netgear WNR3500L v1
Podziękowania dla administracji Openlinksys.info!
|
| |
|
|
| j4zon3k |
Dodano 13-01-2013 15:10
|
User
Posty: 20
Dołączył: 12/01/2013 19:25
|
teraz w firewall-u jest tak:
iptables -A INPUT -p tcp --dport 5858 -j ACCEPT
iptables -A INPUT -p tcp --dport 8030 -j ACCEPT
iptables -A INPUT -p udp --dport 5858 -j ACCEPT
iptables -A INPUT -p udp --dport 8030 -j ACCEPT
iptables -I OUTPUT -o ppp0 -j ACCEPT
iptables -I INPUT -i ppp0 -j ACCEPT
iptables -L:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
shlimit tcp -- anywhere anywhere tcp dpt:ssh state NEW
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:5858
ACCEPT tcp -- anywhere anywhere tcp dpt:8030
ACCEPT udp -- anywhere anywhere udp dpt:5858
ACCEPT udp -- anywhere anywhere udp dpt:8030
Chain FORWARD (policy DROP)
target prot opt source destination
all -- anywhere anywhere account: network/netmask: 192.168.1.0/255.255.255.0 name: lan
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere state INVALID
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
wanin all -- anywhere anywhere
wanout all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain shlimit (1 references)
target prot opt source destination
all -- anywhere anywhere recent: SET name: shlimit side: source
DROP all -- anywhere anywhere recent: UPDATE seconds: 60 hit_count: 4 name: shlimit side: source
Chain wanin (1 references)
target prot opt source destination
Chain wanout (1 references)
target prot opt source destination
i nadal porty z zewnątrz zamknięte.
Zaczynam wątpić - kiedyś odpalałem to na gargoryl-i i działało teraz ... masakra |
| |
|
|
| hermes-80 |
Dodano 13-01-2013 15:17
|
VIP
Posty: 3676
Dołączył: 21/04/2009 11:24
|
A może trzeba w konfiguracji oscam-a wpisać IP na whitelist.
spróbuj zrobić forward na PC (regułki w przekierowanie portów w GUI)i odpalić elvisa na tych portach - zobaczysz czy forward działa.
===============================================================
Netgear WNR3500L v1
Podziękowania dla administracji Openlinksys.info!
|
| |
|
|
| j4zon3k |
Dodano 13-01-2013 15:23
|
User
Posty: 20
Dołączył: 12/01/2013 19:25
|
problem leży w portach - bo nawet jak odpalę inny server (np gbox) to mam dokładnie to samo ;( - komunikację w 1 stronę. Nic co leci do serverka nie przebija się.
Scanning ports on 178.36.209.31
178.36.209.31 is responding on port 5858 ().
178.36.209.31 is responding on port 8030 ().
elvis odpalony na kompie i przekierowania zrobione na kompa
Edytowany przez j4zon3k dnia 13-01-2013 15:32
|
| |
|
|
| hermes-80 |
Dodano 13-01-2013 15:31
|
VIP
Posty: 3676
Dołączył: 21/04/2009 11:24
|
Brak pomysłów - możne ma jakiś bug Tomato akurat na ten router.
===============================================================
Netgear WNR3500L v1
Podziękowania dla administracji Openlinksys.info!
|
| |
|
|
| j4zon3k |
Dodano 13-01-2013 15:33
|
User
Posty: 20
Dołączył: 12/01/2013 19:25
|
dzięki za walkę
zrobiłem jeszcze jeden test
w Firewall mam taki wpis:
iptables -I INPUT -p tcp --dport 5858 -j ACCEPT
iptables -I INPUT -p tcp --dport 8030 -j ACCEPT
iptables -I INPUT -p udp --dport 5858 -j ACCEPT
iptables -I INPUT -p udp --dport 8030 -j ACCEPT
iptables -I INPUT -p tcp --dport 5897 -j ACCEPT
nic w opcjach PORT FORWARDING
iptables -L wygląda tak:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:5897
ACCEPT udp -- anywhere anywhere udp dpt:8030
ACCEPT udp -- anywhere anywhere udp dpt:5858
ACCEPT tcp -- anywhere anywhere tcp dpt:8030
ACCEPT tcp -- anywhere anywhere tcp dpt:5858
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
shlimit tcp -- anywhere anywhere tcp dpt:ssh state NEW
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
all -- anywhere anywhere account: network/netmask: 192.168.1.0/255.255.255.0 name: lan
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere state INVALID
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
restrict all -- anywhere anywhere
monitor all -- anywhere anywhere source IP range 192.168.1.2-192.168.1.51
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
wanin all -- anywhere anywhere
wanout all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain monitor (1 references)
target prot opt source destination
RETURN tcp -- anywhere anywhere WEBMON --max_domains 300 --max_searches 300
Chain rdev01 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere MAC 7C:ED:8D:98:0F:4C
Chain restrict (1 references)
target prot opt source destination
rdev01 all -- anywhere anywhere
Chain shlimit (1 references)
target prot opt source destination
all -- anywhere anywhere recent: SET name: shlimit side: source
DROP all -- anywhere anywhere recent: UPDATE seconds: 60 hit_count: 4 name: shlimit side: source
Chain wanin (1 references)
target prot opt source destination
Chain wanout (1 references)
target prot opt source destination
a netstat -a:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:laserjet 0.0.0.0:* LISTEN
tcp 0 0 unknown:www 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ftp 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:domain 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:telnet 0.0.0.0:* LISTEN
tcp 0 0 unknown:www domek-Komputer:51331 TIME_WAIT
tcp 0 0 unknown:www domek-Komputer:51315 TIME_WAIT
tcp 0 0 unknown:www domek-Komputer:51338 TIME_WAIT
tcp 0 0 unknown:www domek-Komputer:51334 TIME_WAIT
tcp 0 0 unknown:www domek-Komputer:51282 TIME_WAIT
tcp 0 0 unknown:www domek-Komputer:51270 TIME_WAIT
tcp 0 0 unknown:www domek-Komputer:51326 TIME_WAIT
tcp 0 0 unknown:www domek-Komputer:51306 TIME_WAIT
tcp 0 6 unknown:telnet domek-Komputer:51665 ESTABLISHED
tcp 0 0 unknown:www domek-Komputer:51313 TIME_WAIT
tcp 0 0 unknown:www domek-Komputer:51336 TIME_WAIT
tcp 0 0 unknown:www domek-Komputer:51332 TIME_WAIT
tcp 0 0 unknown:www domek-Komputer:51328 TIME_WAIT
tcp 0 0 unknown:www domek-Komputer:51284 TIME_WAIT
tcp 0 0 unknown:www domek-Komputer:51268 TIME_WAIT
tcp 0 0 unknown:www domek-Komputer:51324 TIME_WAIT
tcp 0 0 unknown:www domek-Komputer:51304 TIME_WAIT
udp 0 0 0.0.0.0:domain 0.0.0.0:*
udp 0 0 0.0.0.0:bootps 0.0.0.0:*
raw 0 0 0.0.0.0:255 0.0.0.0:* 255
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 9 [ ] DGRAM 129 /dev/log
unix 2 [ ] DGRAM 5759
unix 2 [ ] DGRAM 2855
unix 2 [ ] DGRAM 1148
unix 2 [ ] DGRAM 666
unix 2 [ ] DGRAM 614
unix 2 [ ] DGRAM 175
unix 2 [ ] DGRAM 134
czy w netstat nie powinny być widoczne porty jako otwarte?
Edytowany przez j4zon3k dnia 13-01-2013 22:46
|
| |
|
|
| labik |
Dodano 13-01-2013 22:54
|
Power User
Posty: 387
Dołączył: 16/09/2011 08:08
|
w netstat a i owszem jak by były w użyciu a nie są.Czytam tą walkę i jestem w szoku.Zero pomysłów.
Asus TUF AX5400
Asus RT-AC68U
|
| |
|
|
| j4zon3k |
Dodano 13-01-2013 23:03
|
User
Posty: 20
Dołączył: 12/01/2013 19:25
|
i ja już nie mam pomysłów :( chyba zostanie zainstalowanie mi starego openwrt 10.03.1 albo gargoryli
miałem już dziś w routerku openwrt 12.09-beta i gargoryle 1.5.9 i nie nadają się do użytku na tym routerze - działają BARDZO wolno (chyba, że tylko u mnie - tak jak i ten routning)
zastanawiam się czy ta opcja
Routing
Mode: Options available are Gateway and Router.
Gateway = Don't let WAN traffic access the LAN, except through port forwarding or DMZ. (Required mode for PPPoE connections connected through WAN port to a bridged ADSL modem.)
Router (Default) = Turn off these features and NAT. (May be incorrect on details, but this is the idea)
nie ma wpływu, dla PPPoE jest ustawiona na Gateway a może ten routing działa prawidłowo w trybie Router |
| |
|
' target='_blank'>Link
