|
Help with OpenWRT
![[mx]](/s/countries/mx.gif) Shadow Hawkins on Sunday, 31 March 2013 23:28:54
Hi all:
I'm trying to run SixXS under my home network. I'm configuring an OpenWRT to provide network connectivity, firewalling and QoS. The version is Attitude Adjustment RC1. Actually i'm having some trouble to ping from the clients to any ipv6 host that's not the Local PoP or the router ipv6 address. In the router, AICCU is fully working and also the ping/traceroute to ipv6 hosts.
Also, what's the best way to configure a /48 subnet to use with radvd? I have some doubts about the way i've done this full thing, so i'm putting my config files to give me some correct guidance about it ^^
Thank you.
//// Router Side
root@FoxesRoutes:~# ip -6 ro
2001:4830:1100:19c::/64 dev sixxs0 proto kernel metric 256
2001:4830:118d::/64 dev br-lan proto kernel metric 256
fe80::/64 dev br-lan proto kernel metric 256
fe80::/64 dev eth1 proto kernel metric 256
fe80::/64 dev ifb0 proto kernel metric 256
fe80::/64 dev sixxs0 proto kernel metric 256
default via 2001:4830:1100:19c::1 dev sixxs0 metric 1024
root@FoxesRoutes:~# ip -6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 5
inet6 fe80::c2c1:c0ff:fea1:f833/64 scope link
valid_lft forever preferred_lft forever
11: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500
inet6 2001:4830:118d::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::c2c1:c0ff:fea1:f832/64 scope link
valid_lft forever preferred_lft forever
13: ifb0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qlen 5
inet6 fe80::4c15:6eff:fe2d:27be/64 scope link
valid_lft forever preferred_lft forever
15: sixxs0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1280 qlen 500
inet6 2001:4830:1100:19c::2/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::4830:1100:19c:2/64 scope link
valid_lft forever preferred_lft forever
root@FoxesRoutes:~# cat /tmp/etc/radvd.conf
interface br-lan
{
AdvDefaultPreference high;
IgnoreIfMissing on;
AdvSendAdvert on;
AdvSourceLLAddress off;
prefix 2001:4830:118d::/64
{
AdvOnLink on;
AdvAutonomous on;
};
};
root@FoxesRoutes:~# cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config interface 'lan'
option ifname 'eth0'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.239.1'
option netmask '255.255.255.192'
option ip6addr '2001:4830:118d::1/64'
config interface 'wan'
option ifname 'eth1'
option proto 'dhcp'
option peerdns '0'
option dns '208.67.222.22 208.67.220.220 8.8.8.8 8.8.4.4'
config switch
option name 'eth0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'eth0'
option vlan '1'
option ports '0 1 2 3 4 5'
config interface 'WAN6'
option proto 'static'
option ifname 'sixxs0'
option send_rs '0'
option ip6addr '2001:4830:1100:19c::2/64'
option ip6gw '2001:4830:1100:19c::1/64'
root@FoxesRoutes:~# ping6 sixxs.net
PING sixxs.net (2001:838:2:1::30:67): 56 data bytes
64 bytes from 2001:838:2:1::30:67: seq=0 ttl=54 time=175.504 ms
64 bytes from 2001:838:2:1::30:67: seq=1 ttl=54 time=169.570 ms
64 bytes from 2001:838:2:1::30:67: seq=2 ttl=54 time=168.978 ms
64 bytes from 2001:838:2:1::30:67: seq=3 ttl=54 time=171.933 ms
64 bytes from 2001:838:2:1::30:67: seq=4 ttl=54 time=169.203 ms
^C
--- sixxs.net ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 168.978/171.037/175.504 ms
/////////// Client side
[user@FoxHost ~]$ ip -6 ro
2001:4830:118d::/64 dev br0 proto kernel metric 256 expires 0sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev br0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev virbr0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev vnet0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
default via fe80::c2c1:c0ff:fea1:f832 dev br0 proto kernel metric 1024 expires 0sec mtu 1500 advmss 1440 hoplimit 64
[user@FoxHost ~]$ ip -6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 fe80::1e6f:65ff:fe3e:a0dd/64 scope link
valid_lft forever preferred_lft forever
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500
inet6 2001:4830:118d:0:1e6f:65ff:fe3e:a0dd/64 scope global dynamic
valid_lft 86241sec preferred_lft 14241sec
inet6 fe80::1e6f:65ff:fe3e:a0dd/64 scope link
valid_lft forever preferred_lft forever
7: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 500
inet6 fe80::fc54:ff:fe82:a2b/64 scope link
valid_lft forever preferred_lft forever
[user@FoxHost ~]$ ping6 sixxs.net
PING sixxs.net(nlhaa01.sixxs.net) 56 data bytes
From 2001:4830:118d::1 icmp_seq=1 Destination unreachable: Port unreachable
From 2001:4830:118d::1 icmp_seq=2 Destination unreachable: Port unreachable
From 2001:4830:118d::1 icmp_seq=3 Destination unreachable: Port unreachable
From 2001:4830:118d::1 icmp_seq=4 Destination unreachable: Port unreachable
^C
--- sixxs.net ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3285ms
Help with OpenWRT
Also, what's the best way to configure a /48 subnet to use with radvd?
/64 chunks, and minimal config, something like:
interface br-lan
{
AdvSendAdvert on;
prefix 2001:db8:1234:4567::/64
{
};
};
is perfect already. All the other options are only for special cases and typically are not needed.
With newer radvd's one can even have a "::" prefix as it will then use the /64 that is configured on that interface.
[user@FoxHost ~]$ ping6 sixxs.net PING sixxs.net(nlhaa01.sixxs.net) 56 data bytes From 2001:4830:118d::1 icmp_seq=1 Destination unreachable: Port unreachable From 2001:4830:118d::1 icmp_seq=2 Destination unreachable: Port unreachable
Do you have an IPv6 firewall enabled? (ip6tables -v --list -n)
Port unreachable would indicate that, as otherwise it would be network unreachable when there was a routing issue.
Help with OpenWRT
Shadow Hawkins on Monday, 01 April 2013 09:02:49
Ivn De Gyves Lopez wrote:
Hi all:
I'm trying to run SixXS under my home network. I'm configuring an OpenWRT to provide network connectivity, firewalling and QoS. The version is Attitude Adjustment RC1. Actually i'm having some trouble to ping from the clients to any ipv6 host that's not the Local PoP or the router ipv6 address. In the router, AICCU is fully working and also the ping/traceroute to ipv6 hosts.
...
...
Forget it, i've actually fully solved it. It required to change the "wan6" interface into "unmanaged mode", so when AICCU comes at start, it doesn't conflicts. I also actually configured a firewall, and it seems to be working, at least for physical devices. The problem now is to get firewall working on a bridge managed by libvirt who is attached to the eth0 of the physical host.
Do you have an idea of why on the bridge the FW is not working?
Thanks.
Help with OpenWRT
Ivn De Gyves Lopez wrote:
Do you have an idea of why on the bridge the FW is not working?
Provide your active rule set (ip6tables -v --list -n) and people will be able to check it.
Of course adding LOG targets can be a major help in debugging it.
Help with OpenWRT
Shadow Hawkins on Monday, 01 April 2013 10:24:10
Jeroen Massar wrote:
Ivn De Gyves Lopez wrote:
I actually solved it, i was using a python script who was binding just only over IPv4.
And here's my actual firewall. I don't know if it's the most accurate, but it works pretty fine in this moment.
Do you have an idea of why on the bridge the FW is not working?
Provide your active rule set (ip6tables -v --list -n) and people will be able to check it.
Of course adding LOG targets can be a major help in debugging it.
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all * * ::/0 ::/0 ctstate RELATED,ESTABLISHED
0 0 DROP all * * ::/0 ::/0 ctstate INVALID
0 0 ACCEPT all lo * ::/0 ::/0
0 0 syn_flood tcp * * ::/0 ::/0 tcp flags:0x17/0x02
91 33032 input_rule all * * ::/0 ::/0
91 33032 input all * * ::/0 ::/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
11553 4912K ACCEPT all * * ::/0 ::/0 ctstate RELATED,ESTABLISHED
0 0 DROP all * * ::/0 ::/0 ctstate INVALID
322 27543 forwarding_rule all * * ::/0 ::/0
322 27543 forward all * * ::/0 ::/0
0 0 reject all * * ::/0 ::/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
175 79130 ACCEPT all * * ::/0 ::/0 ctstate RELATED,ESTABLISHED
0 0 DROP all * * ::/0 ::/0 ctstate INVALID
0 0 ACCEPT all * lo ::/0 ::/0
506 239K output_rule all * * ::/0 ::/0
506 239K output all * * ::/0 ::/0
Chain forward (1 references)
pkts bytes target prot opt in out source destination
202 17433 zone_lan_forward all br-lan * ::/0 ::/0
120 10110 zone_wan6_forward all sixxs0 * ::/0 ::/0
Chain forwarding_lan (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_rule (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_wan6 (1 references)
pkts bytes target prot opt in out source destination
Chain input (1 references)
pkts bytes target prot opt in out source destination
63 4248 zone_lan all br-lan * ::/0 ::/0
28 28784 zone_wan6 all sixxs0 * ::/0 ::/0
Chain input_lan (1 references)
pkts bytes target prot opt in out source destination
Chain input_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_wan6 (1 references)
pkts bytes target prot opt in out source destination
Chain output (1 references)
pkts bytes target prot opt in out source destination
506 239K zone_lan_ACCEPT all * * ::/0 ::/0
0 0 zone_wan6_ACCEPT all * * ::/0 ::/0
Chain output_rule (1 references)
pkts bytes target prot opt in out source destination
Chain reject (5 references)
pkts bytes target prot opt in out source destination
104 8320 REJECT tcp * * ::/0 ::/0 reject-with tcp-reset
10 1134 REJECT all * * ::/0 ::/0 reject-with icmp6-port-unreachable
Chain syn_flood (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN tcp * * ::/0 ::/0 tcp flags:0x17/0x02 limit: avg 25/sec burst 50
0 0 DROP all * * ::/0 ::/0
Chain zone_lan (1 references)
pkts bytes target prot opt in out source destination
63 4248 input_lan all * * ::/0 ::/0
63 4248 zone_lan_ACCEPT all * * ::/0 ::/0
Chain zone_lan_ACCEPT (8 references)
pkts bytes target prot opt in out source destination
510 239K ACCEPT all * br-lan ::/0 ::/0
63 4248 ACCEPT all br-lan * ::/0 ::/0
Chain zone_lan_DROP (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all * br-lan ::/0 ::/0
0 0 DROP all br-lan * ::/0 ::/0
Chain zone_lan_REJECT (1 references)
pkts bytes target prot opt in out source destination
0 0 reject all * br-lan ::/0 ::/0
0 0 reject all br-lan * ::/0 ::/0
Chain zone_lan_forward (1 references)
pkts bytes target prot opt in out source destination
202 17433 zone_wan6_ACCEPT all * * ::/0 ::/0
0 0 forwarding_lan all * * ::/0 ::/0
0 0 zone_lan_REJECT all * * ::/0 ::/0
Chain zone_wan6 (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp * * fe80::/10 fe80::/10 udp spt:547 dpt:546
28 28784 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 128 limit: avg 1000/sec burst 5
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 129 limit: avg 1000/sec burst 5
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 1 limit: avg 1000/sec burst 5
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 2 limit: avg 1000/sec burst 5
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 3 limit: avg 1000/sec burst 5
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 4 code 0 limit: avg 1000/sec burst 5
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 4 code 1 limit: avg 1000/sec burst 5
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 133 limit: avg 1000/sec burst 5
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 135 limit: avg 1000/sec burst 5
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 134 limit: avg 1000/sec burst 5
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 136 limit: avg 1000/sec burst 5
0 0 input_wan6 all * * ::/0 ::/0
0 0 zone_wan6_REJECT all * * ::/0 ::/0
Chain zone_wan6_ACCEPT (2 references)
pkts bytes target prot opt in out source destination
202 17433 ACCEPT all * sixxs0 ::/0 ::/0
0 0 ACCEPT all sixxs0 * ::/0 ::/0
Chain zone_wan6_DROP (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all * * ::/0 ::/0 limit: avg 10/min burst 5 LOG flags 0 level 4 prefix `DROP(wan6):'
0 0 DROP all * sixxs0 ::/0 ::/0
0 0 DROP all sixxs0 * ::/0 ::/0
Chain zone_wan6_REJECT (2 references)
pkts bytes target prot opt in out source destination
10 1134 LOG all * * ::/0 ::/0 limit: avg 10/min burst 5 LOG flags 0 level 4 prefix `REJECT(wan6):'
0 0 reject all * sixxs0 ::/0 ::/0
114 9454 reject all sixxs0 * ::/0 ::/0
Chain zone_wan6_forward (1 references)
pkts bytes target prot opt in out source destination
2 336 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 128 limit: avg 1000/sec burst 5
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 129 limit: avg 1000/sec burst 5
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 1 limit: avg 1000/sec burst 5
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 2 limit: avg 1000/sec burst 5
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 3 limit: avg 1000/sec burst 5
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 4 code 0 limit: avg 1000/sec burst 5
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmp type 4 code 1 limit: avg 1000/sec burst 5
2 160 zone_lan_ACCEPT tcp * * ::/0 2001:4830:118d:0:5054:ff:fe82:a2b/128 tcp dpt:25565
0 0 zone_lan_ACCEPT udp * * ::/0 2001:4830:118d:0:5054:ff:fe82:a2b/128 udp dpt:25565
114 9454 forwarding_wan6 all * * ::/0 ::/0
114 9454 zone_wan6_REJECT all * * ::/0 ::/0
Thanks. =)
Help with OpenWRT
> Chain zone_wan6_REJECT (2 references)
pkts bytes target prot opt in out source destination
You are rejecting packets there, figure out why and you'll realize that something is wrong there...
10 1134 LOG all * * ::/0 ::/0 limit: avg 10/min burst 5 LOG flags 0 level 4 prefix `REJECT(wan6):' 0 0 reject all * sixxs0 ::/0 ::/0
114 9454 reject all sixxs0 * ::/0 ::/0
Help with OpenWRT
Shadow Hawkins on Monday, 01 April 2013 20:52:29
Jeroen Massar wrote:
> Chain zone_wan6_REJECT (2 references)
pkts bytes target prot opt in out source destination
You are rejecting packets there, figure out why and you'll realize that something is wrong there...
10 1134 LOG all * * ::/0 ::/0 limit: avg 10/min burst 5 LOG flags 0 level 4 prefix `REJECT(wan6):' 0 0 reject all * sixxs0 ::/0 ::/0
114 9454 reject all sixxs0 * ::/0 ::/0 iptables --table filter --append reject --jump REJECT --reject-with tcp-reset -p tcp
ip6tables --table filter --append reject --jump REJECT --reject-with tcp-reset -p tcp
In fact, that same rejection chain is also present on my ipv4 iptables rules, and it didn't given me a problem to date.
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2873 1891K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
37 1564 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
20 1336 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
4 224 syn_flood tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02
517 69559 input_rule all -- * * 0.0.0.0/0 0.0.0.0/0
517 69559 input all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
94027 42M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
38 3565 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
256 33970 forwarding_rule all -- * * 0.0.0.0/0 0.0.0.0/0
256 33970 forward all -- * * 0.0.0.0/0 0.0.0.0/0
1 60 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
3205 704K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
20 1336 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
759 187K output_rule all -- * * 0.0.0.0/0 0.0.0.0/0
759 187K output all -- * * 0.0.0.0/0 0.0.0.0/0
Chain MINIUPNPD (1 references)
pkts bytes target prot opt in out source destination
Chain forward (1 references)
pkts bytes target prot opt in out source destination
255 33910 zone_lan_forward all -- br-lan * 0.0.0.0/0 0.0.0.0/0
0 0 zone_wan_forward all -- eth1 * 0.0.0.0/0 0.0.0.0/0
Chain forwarding_lan (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_rule (1 references)
pkts bytes target prot opt in out source destination
255 33910 nat_reflection_fwd all -- * * 0.0.0.0/0 0.0.0.0/0
Chain forwarding_wan (1 references)
pkts bytes target prot opt in out source destination
Chain input (1 references)
pkts bytes target prot opt in out source destination
371 24711 zone_lan all -- br-lan * 0.0.0.0/0 0.0.0.0/0
140 44489 zone_wan all -- eth1 * 0.0.0.0/0 0.0.0.0/0
Chain input_lan (1 references)
pkts bytes target prot opt in out source destination
Chain input_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_wan (1 references)
pkts bytes target prot opt in out source destination
Chain nat_reflection_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 192.168.239.0/26 192.168.239.21 tcp dpt:25565 /* wan */
0 0 ACCEPT udp -- * * 192.168.239.0/26 192.168.239.21 udp dpt:25565 /* wan */
Chain output (1 references)
pkts bytes target prot opt in out source destination
759 187K zone_lan_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
437 31395 zone_wan_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain output_rule (1 references)
pkts bytes target prot opt in out source destination
Chain reject (5 references)
pkts bytes target prot opt in out source destination
8 1313 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
15 1546 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain syn_flood (1 references)
pkts bytes target prot opt in out source destination
4 224 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 25/sec burst 50
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain zone_lan (1 references)
pkts bytes target prot opt in out source destination
371 24711 input_lan all -- * * 0.0.0.0/0 0.0.0.0/0
371 24711 zone_lan_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain zone_lan_ACCEPT (2 references)
pkts bytes target prot opt in out source destination
322 155K ACCEPT all -- * br-lan 0.0.0.0/0 0.0.0.0/0
371 24711 ACCEPT all -- br-lan * 0.0.0.0/0 0.0.0.0/0
Chain zone_lan_DROP (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * br-lan 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- br-lan * 0.0.0.0/0 0.0.0.0/0
Chain zone_lan_REJECT (1 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- * br-lan 0.0.0.0/0 0.0.0.0/0
0 0 reject all -- br-lan * 0.0.0.0/0 0.0.0.0/0
Chain zone_lan_forward (1 references)
pkts bytes target prot opt in out source destination
255 33910 zone_wan_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 forwarding_lan all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 zone_lan_REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain zone_wan (1 references)
pkts bytes target prot opt in out source destination
118 41690 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:68
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
22 2799 input_wan all -- * * 0.0.0.0/0 0.0.0.0/0
22 2799 zone_wan_REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain zone_wan_ACCEPT (2 references)
pkts bytes target prot opt in out source destination
692 65305 ACCEPT all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0
Chain zone_wan_DROP (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5 LOG flags 0 level 4 prefix `DROP(wan):'
0 0 DROP all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- eth1 * 0.0.0.0/0 0.0.0.0/0
Chain zone_wan_REJECT (2 references)
pkts bytes target prot opt in out source destination
19 2451 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5 LOG flags 0 level 4 prefix `REJECT(wan):'
0 0 reject all -- * eth1 0.0.0.0/0 0.0.0.0/0
22 2799 reject all -- eth1 * 0.0.0.0/0 0.0.0.0/0
Chain zone_wan_forward (1 references)
pkts bytes target prot opt in out source destination
0 0 MINIUPNPD all -- eth1 !eth1 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.239.21 tcp dpt:25565
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.239.21 udp dpt:25565
0 0 forwarding_wan all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 zone_wan_REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
Well, now seems a good time to configure my services. Thank you very much for all.
Help with OpenWRT
Actually i don't think that chain it could be a problem.
It clearly shows it is being hit and it is the only one where you reject with port-unreach, as such, put a LOG in front of it and you will have more details...
|
![[ch]](/s/countries/ch.gif)
on Monday, 01 April 2013 08:59:56
Posting is only allowed when you are