Íå ïîëó÷àåòñÿ îòêðûòü 80 ïîðò

**1ntik** · 10-02-2010, 19:54

Enable Web Access from WAN? ->YES
À òåïåðü ñëåäóþùèé ïàðàìåòð íà òîéæå ñòðàíè÷êå:
Port of Web Access from WAN: 8080

Ñîáñòâåííî òàê è ïåðåñàäèë íà äðóãîé ïîðò ìîðäó ðîóòåðà.

[admin@Neon root]$ iptables -I INPUT -p tcp --dport 80 -j ACCEPT

Íå ðàáîòàåò)
Ñåé÷àñ ïîïðîáóþ äîáàâèòü â êðîí è ïåðåãðóçèòü, íî íå äóìàþ ÷òî ÷òî-òî èçìåíèòüñÿ.

**LnrMn** · 10-02-2010, 19:56

íå â êðîí, à â post-firewall.

UPD. Íó âîò çàðàáîòàëî

**1ntik** · 10-02-2010, 19:59

Äîáàâèë. ïåðåçàãðóçèë. íå ïîìîãëî
Ïðîâåðèë ôàéë, ñîõðàíèë ëè - äà ñîõðàíèë.
[admin@Neon root]$ cat /usr/local/sbin/post-firewall
#!/bin/sh
grep -q -- '--dport 0\b' /tmp/nat_rules && grep -v -- '--dport 0\b' /tmp/nat_rules | iptables-restore
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -I INPUT -p tcp --dport 80 -j ACCEPT

**LnrMn** · 10-02-2010, 20:03

ß òåáÿ âèæó. Äåðåâÿøêó òâîþ

Code:

Index of /
Name	Last Modified	Size	Type
Parent Directory/	 	-  	Directory
NRNU/	2010-Feb-10 18:38:06	-  	Directory
image.jpg	2010-Feb-04 21:58:10	0.0K	image/jpeg
mendeleev.tiff	2010-Feb-08 00:24:46	4.4M	application/octet-stream
test.pdf	2010-Feb-02 11:24:49	0.0K	application/pdf
test.xls	2010-Feb-04 21:57:52	0.0K	application/octet-stream
lighttpd/1.4.26

**1ntik** · 10-02-2010, 20:08

Ì@ò! òâ0/-0!!!! Â virtual servers áûë ñåðâåð íà 80îì ïîðòå)
Âðîäå çàðàáîòàëî)

Ñïàñèáî)

**Sergey1223** · 16-03-2010, 13:40

Ñòîèò D-Link D320, ïåðåäåëàííûé â WL500gpv2 ñ ïîìîùüþ ïðîøèâêè Îëåãà 1.9.2.7-10.7. Â ëîêàëêå åñòü ñåðâåð íà IIS, îí âèäåí èç ëîêàëêè ïî 80-ìó ïîðòó, è èç Èíòåðíåòà - ÷åðåç Virtual Server - ïî ëþáîìó ïîðòó ïðîáðîøåííîìó, êðîìå 80-ãî. Óñòàíàâëèâàþ â Port Forwarding (Virtual Server) ïðîáðîñ 80-ãî ïîðò - è íèêàê íå ïîëó÷àåòñÿ åãî óâèäåòü. Ìåíÿë ðàçíûå íàñòðîéêè, ÷åãî òîëüêî íå äåëàë - çàäà÷à íå ðåøàåòñÿ. Â ÷åì ìîæåò áûòü ïðîáëåìà?

**MFMan** · 16-03-2010, 13:43

Êàê âàðèàíò áëîêèðóåò ïðîâàéäåð.

iptables-save è nvram get http_lanport ïðîäåìîíñòðèðóéòå ïîæàëóéñòà.

**Sergey1223** · 16-03-2010, 13:48

Originally Posted by MFMan

Êàê âàðèàíò áëîêèðóåò ïðîâàéäåð.

iptables-save è nvram get http_lanport ïðîäåìîíñòðèðóéòå ïîæàëóéñòà.

nvram get http_lanport - ðåçóëüòàò 80

# Generated by iptables-save v1.2.7a on Tue Mar 16 15:20:28 2010
*nat
:PREROUTING ACCEPT [33237:2376336]
:POSTROUTING ACCEPT [600:59268]
:OUTPUT ACCEPT [167:11914]
:VSERVER - [0:0]
-A PREROUTING -d 95.27.64.8 -j VSERVER
-A PREROUTING -d 10.48.147.144 -j VSERVER
-A POSTROUTING -s ! 95.27.64.8 -o ppp0 -j MASQUERADE
-A POSTROUTING -s ! 10.48.147.144 -o vlan1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.0/255.255.255.0 -d 192.168.0.0/255.255.255.0 -o br0 -j MASQUERADE
-A VSERVER -p udp -m udp --dport 49291 -j DNAT --to-destination 192.168.0.112:49291
-A VSERVER -p udp -m udp --dport 51849 -j DNAT --to-destination 192.168.0.127:51849
-A VSERVER -p udp -m udp --dport 54146 -j DNAT --to-destination 192.168.0.127:54146
-A VSERVER -p udp -m udp --dport 50135 -j DNAT --to-destination 192.168.0.127:50135
-A VSERVER -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.193:80
-A VSERVER -p udp -m udp --dport 26903 -j DNAT --to-destination 192.168.0.129:26903
-A VSERVER -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.0.193:443
-A VSERVER -p udp -m udp --dport 50213 -j DNAT --to-destination 192.168.0.127:50213
-A VSERVER -p tcp -m tcp --dport 26903 -j DNAT --to-destination 192.168.0.129:26903
-A VSERVER -p tcp -m tcp --dport 554 -j DNAT --to-destination 192.168.0.193:554
-A VSERVER -p udp -m udp --dport 5000 -j DNAT --to-destination 192.168.0.193:5000
-A VSERVER -p udp -m udp --dport 5001 -j DNAT --to-destination 192.168.0.193:5001
-A VSERVER -p tcp -m tcp --dport 48769 -j DNAT --to-destination 192.168.0.106:48769
-A VSERVER -p udp -m udp --dport 62558 -j DNAT --to-destination 192.168.0.130:62558
-A VSERVER -p udp -m udp --dport 5002 -j DNAT --to-destination 192.168.0.193:5002
-A VSERVER -p tcp -m tcp --dport 8081 -j DNAT --to-destination 192.168.0.130:80
-A VSERVER -p tcp -m tcp --dport 20:21 -j DNAT --to-destination 192.168.0.130:20
-A VSERVER -p tcp -m tcp --dport 5500:5700 -j DNAT --to-destination 192.168.0.130:5500
-A VSERVER -p udp -m udp --dport 5500:5700 -j DNAT --to-destination 192.168.0.130:5500
-A VSERVER -p tcp -m tcp --dport 82 -j DNAT --to-destination 192.168.0.130:80
COMMIT
# Completed on Tue Mar 16 15:20:28 2010
# Generated by iptables-save v1.2.7a on Tue Mar 16 15:20:28 2010
*mangle
:PREROUTING ACCEPT [207188:117639029]
:INPUT ACCEPT [108919:58070509]
:FORWARD ACCEPT [95091:59375110]
:OUTPUT ACCEPT [61038:15042160]
:POSTROUTING ACCEPT [157040:74718710]
COMMIT
# Completed on Tue Mar 16 15:20:28 2010
# Generated by iptables-save v1.2.7a on Tue Mar 16 15:20:28 2010
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [6328:540418]
:OUTPUT ACCEPT [60261:14564445]
:MACS - [0:0]
:SECURITY - [0:0]
:logaccept - [0:0]
:logdrop - [0:0]
-A INPUT -m state --state INVALID -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -m state --state NEW -j ACCEPT
-A INPUT -i br0 -m state --state NEW -j ACCEPT
-A INPUT -d 224.0.0.0/240.0.0.0 -p 2 -j ACCEPT
-A INPUT -d 224.0.0.0/240.0.0.0 -p udp -m udp ! --dport 1900 -j ACCEPT
-A INPUT -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -j DROP
-A FORWARD -i br0 -o br0 -j ACCEPT
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD -d 224.0.0.0/240.0.0.0 -p udp -j ACCEPT
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i ! br0 -o ppp0 -j DROP
-A FORWARD -i ! br0 -o vlan1 -j DROP
-A FORWARD -m conntrack --ctstate DNAT -j ACCEPT
-A FORWARD -o br0 -j ACCEPT
-A SECURITY -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 1/sec -j RETURN
-A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j RETURN
-A SECURITY -p udp -m limit --limit 5/sec -j RETURN
-A SECURITY -p icmp -m limit --limit 5/sec -j RETURN
-A SECURITY -j DROP
-A logaccept -m state --state NEW -j LOG --log-prefix "ACCEPT " --log-tcp-sequence --log-tcp-options --log-ip-options
-A logaccept -j ACCEPT
-A logdrop -m state --state NEW -j LOG --log-prefix "DROP " --log-tcp-sequence --log-tcp-options --log-ip-options
-A logdrop -j DROP
COMMIT
# Completed on Tue Mar 16 15:20:28 2010

**MFMan** · 16-03-2010, 14:08

ëè÷íî ÿ ðåøèë ïðîáëåìó ïåðåíîñîì 80 ïîðòà âíóòðè ñâîåé äîìàøíåé ñåòêè íà 8080 äåëàåòñÿ ýòî òàê

PHP Code:


nvram set http_lanport=8080

è îòêðûë äîñòóï èçâíå â post-firewall ïèøåì

PHP Code:


iptables -I INPUT -p tcp --dport 80 -j ACCEPT

**Sergey1223** · 16-03-2010, 14:15

Originally Posted by MFMan

ëè÷íî ÿ ðåøèë ïðîáëåìó ïåðåíîñîì 80 ïîðòà âíóòðè ñâîåé äîìàøíåé ñåòêè íà 8080 äåëàåòñÿ ýòî òàê

PHP Code:


nvram set http_lanport=8080

è îòêðûë äîñòóï èçâíå â post-firewall ïèøåì

PHP Code:


iptables -I INPUT -p tcp --dport 80 -j ACCEPT

8080 ìîæíî îòêðûòü äëÿ äîñòóïà ê ñàìîìó ðîóòåðó ñíàðóæè.... Ìîæåò, ó íåãî çàøèò çàïðåò íà äîñòóï ê 80-ìó ïîðòó? À ÷åðåç ìåíþ åãî íèêàê íå îáîéòè? Ïðîâàéäåð ìîé, êñòàòè, 80-é ïîðò íå çàêðûâàåò. Áîëåå òîãî, îáíàðóæèë âîîáùå ñòðàííóþ âåùü â ñâîåé ñåòêå: âêëþ÷èë web-êàìåðó, ó êîòîðîé åñòü ñâîÿ web-ñòðàíè÷êà ïî ôèêñèðîâàííîìó àäðåñó 0.193, çàøåë íà ñâîé myserver.dyndns.org ñíàðóæè ïî 80-ìó ïîðòó, è îáíàðóæèë, ÷òî îòêðûâàåòñÿ ñòðàíèöà ýòîé ñàìîé êàìåðû. Õîòÿ íèêàê åå â ðîóòåðå íå ïðîïèñûâàë. ×óäåñà äà è òîëüêî!

**Sergey1223** · 16-03-2010, 14:18

Êñòàòè, FTP (21-é ïîðò), õîòÿ è îòêðûë, ñíàðóæè òîæå telnet'îì íå ïðîáèâàåòñÿ

**Power** · 16-03-2010, 16:50

Ó âàñ UPnP âêëþ÷åí è ìåøàåòñÿ. Âûêëþ÷èòå åãî è âñ¸ çàðàáîòàåò.

**Sergey1223** · 17-03-2010, 08:04

Originally Posted by Power

Ó âàñ UPnP âêëþ÷åí è ìåøàåòñÿ. Âûêëþ÷èòå åãî è âñ¸ çàðàáîòàåò.

Âûêëþ÷èë. Ïðîáðîøåííûå 80-é è 21-é ïîðòû äî ñèõ ïîð ñíàðóæè íåäîñòóïíû

. Îòêëþ÷èë òàêæå âñòðîåííûé FTP - íî òîæå ðåçóëüòàòà íå ïðèíåñëî.

**Power** · 17-03-2010, 15:12

Originally Posted by Sergey1223

Âûêëþ÷èë. Ïðîáðîøåííûå 80-é è 21-é ïîðòû äî ñèõ ïîð ñíàðóæè íåäîñòóïíû

. Îòêëþ÷èë òàêæå âñòðîåííûé FTP - íî òîæå ðåçóëüòàòà íå ïðèíåñëî.

Òîãäà ïîêàæèòå, ÷òî òåïåðü ãîâîðèò êîìàíäà iptables-save.

**Sergey1223** · 17-03-2010, 17:12

Originally Posted by Power

Òîãäà ïîêàæèòå, ÷òî òåïåðü ãîâîðèò êîìàíäà iptables-save.

âîò...

Code:

# Generated by iptables-save v1.2.7a on Wed Mar 17 18:46:22 2010
*nat
:PREROUTING ACCEPT [249532:27720236]
:POSTROUTING ACCEPT [3902:384841]
:OUTPUT ACCEPT [3393:210059]
:VSERVER - [0:0]
-A PREROUTING -d 95.27.122.246 -j VSERVER 
-A PREROUTING -d 10.48.147.144 -j VSERVER 
-A POSTROUTING -s ! 95.27.122.246 -o ppp0 -j MASQUERADE 
-A POSTROUTING -s ! 10.48.147.144 -o vlan1 -j MASQUERADE 
-A POSTROUTING -s 192.168.0.0/255.255.255.0 -d 192.168.0.0/255.255.255.0 -o br0 -j MASQUERADE 
-A VSERVER -p tcp -m tcp --dport 8081 -j DNAT --to-destination 192.168.0.130:80 
-A VSERVER -p tcp -m tcp --dport 20:21 -j DNAT --to-destination 192.168.0.130:20 
-A VSERVER -p tcp -m tcp --dport 5500:5700 -j DNAT --to-destination 192.168.0.130:5500 
-A VSERVER -p udp -m udp --dport 5500:5700 -j DNAT --to-destination 192.168.0.130:5500 
-A VSERVER -p tcp -m tcp --dport 82 -j DNAT --to-destination 192.168.0.130:80 
COMMIT
# Completed on Wed Mar 17 18:46:22 2010
# Generated by iptables-save v1.2.7a on Wed Mar 17 18:46:22 2010
*mangle
:PREROUTING ACCEPT [9574843:11228185415]
:INPUT ACCEPT [7825159:9991087272]
:FORWARD ACCEPT [8399478:10352387627]
:OUTPUT ACCEPT [851452:452435549]
:POSTROUTING ACCEPT [9253086:10804890924]
COMMIT
# Completed on Wed Mar 17 18:46:22 2010
# Generated by iptables-save v1.2.7a on Wed Mar 17 18:46:22 2010
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [53693:5337474]
:OUTPUT ACCEPT [851016:452050792]
:MACS - [0:0]
:SECURITY - [0:0]
:logaccept - [0:0]
:logdrop - [0:0]
-A INPUT -m state --state INVALID -j DROP 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -i lo -m state --state NEW -j ACCEPT 
-A INPUT -i br0 -m state --state NEW -j ACCEPT 
-A INPUT -d 224.0.0.0/240.0.0.0 -p 2 -j ACCEPT 
-A INPUT -d 224.0.0.0/240.0.0.0 -p udp -m udp ! --dport 1900 -j ACCEPT 
-A INPUT -p udp -m udp --sport 67 --dport 68 -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -j DROP 
-A FORWARD -i br0 -o br0 -j ACCEPT 
-A FORWARD -m state --state INVALID -j DROP 
-A FORWARD -d 224.0.0.0/240.0.0.0 -p udp -j ACCEPT 
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j TCPMSS --clamp-mss-to-pmtu 
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A FORWARD -i ! br0 -o ppp0 -j DROP 
-A FORWARD -i ! br0 -o vlan1 -j DROP 
-A FORWARD -m conntrack --ctstate DNAT -j ACCEPT 
-A FORWARD -o br0 -j ACCEPT 
-A SECURITY -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 1/sec -j RETURN 
-A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j RETURN 
-A SECURITY -p udp -m limit --limit 5/sec -j RETURN 
-A SECURITY -p icmp -m limit --limit 5/sec -j RETURN 
-A SECURITY -j DROP 
-A logaccept -m state --state NEW -j LOG --log-prefix "ACCEPT " --log-tcp-sequence --log-tcp-options --log-ip-options 
-A logaccept -j ACCEPT 
-A logdrop -m state --state NEW -j LOG --log-prefix "DROP " --log-tcp-sequence --log-tcp-options --log-ip-options 
-A logdrop -j DROP 
COMMIT
# Completed on Wed Mar 17 18:46:22 2010

Thread: Íå ïîëó÷àåòñÿ îòêðûòü 80 ïîðò

Thread Tools

Rate This Thread

Display

Íå ïîëó÷àåòñÿ îòêðûòü 80-é ïîðò

Similar Threads

Mini PCI mod: äåëàåì èç WL-500gPv1 WL-500W è ïîëó÷àåì Wi-Fi N !

Asus WL-500gP: êàê ïðîâåðèòü WAN ïîðò ?

Îòïðàâêà è ïîëó÷åíèå SMS ñ ðîóòåðà

Mini PCI mod: âòîðîé ïîðò äëÿ PCI/PCMCIA/IDE/CardBus íà WL500gP/W

Íå ïîäêëþ÷àåòñÿ USB HDD

Tags for this Thread

Posting Permissions