PDA

Bekijk de volledige versie : no ftp connection from wan anymore



5over12
27-03-2005, 12:36
Hi Folkes,

I think I have been a littlebit too enthousiastic with busybox and telnet, eventhough I am a complete noob in these matters.

So,.. I bought my wl500g after reading several websites and after reading what this thing was capable of.. I still think its great.
But.... I bought it to us the ftp server for wan use. With the original firmware I did not manage to use this feature. so after first upgrading to a newer original firmware I still did not manage.
Sollution? installing firmware from Oleg.. (I now have 1.9.2.7-4 installed) and it actually worked.
Doing this I wanted more MORE MORE features!!! :mad:
So,.. I used through telnet some options mentioned here in this forum. Some how I think I did not manage to use the virtual input in telnet the right way, though the other lines were updated. (I used for example the port 80 issue mentioned here in the forum).
After doing this FTP aswell as webcam was not aproachable from wansite anymore...
Knowing that I must have done something wrong,.. I figured just to go back in firmware (original) to delete the entries made by telnet. Apparently that did not the trick. So.... going back to firmware 1.9.2.7-4 now at least my webcam is working from wansite again,.. but ftp gives a message something like this:
"Mar 27 12:46:31 kernel: DROPIN=eth1 OUT= MAC=bla bl blaSRC= bla bla DST= bla bla bla LEN=42 TOS=0x00 PREC=0x00 TTL=107 ID=42067 DF PROTO=TCP SPT=49763 DPT=2992 SEQ=2501708738 ACK=3834017422 WINDOW=65487 RES=0x00 ACK PSH URGP=0
Mar 27 12:46:32 kernel: ACCEPT IN=eth1 OUT= MAC=bla bla bla :71:08:00 SRC=80.61.167.119 DST=bla bla blaLEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=11616 DF PROTO=TCP SPT=25667 DPT=7776 SEQ=259557029 ACK=0 WINDOW=64512 RES=0x00 SYN URGP=0 OPT (020405B401010402)
Mar 27 12:46:32 kernel: DROPIN=eth1 OUT= MAC=bla bla bla:08:00 SRC=67.170.5.29 DST=bla bla blaLEN=42 TOS=0x00 PREC=0x00 TTL=107 ID=42077 DF PROTO=TCP SPT=49763 DPT=2992 SEQ=2501708738 ACK=3834017422 WINDOW=65487 RES=0x00 ACK PSH URGP=0
Mar 27 12:46:32 kernel: DROPIN=eth1 OUT= MAC=bla bla bla:08:00 SRC=205.188.8.236 DST=bla bla blaLEN=40 TOS=0x00 PREC=0x00 TTL=102 ID=12462 DF PROTO=TCP SPT=5190 DPT=2557 SEQ=2123700918 ACK=1687883417 WINDOW=16384 RES=0x00 ACK RST URGP=0 "

I have no cleu, why it is blocking the ip adresses to connect to ftp. Also I dont know why it is not giving the normal message: FTP user denied or something.

Is there somebody who knows how I can get my standard settings for busybox through telnet again?

please help.. I AM a noob.. and I promise when it all works again,.. I will never touch this anymore.. :rolleyes: :confused: :o

WlanMan
28-03-2005, 08:00
Hi

Seem you have messed around with network routing rules, and this is th result. Install -4 Build if you have not allready, and after this hould Reset button for around 5 secounds. this should bring ou back to a usable state.

Greets
Also, this is more a Q&A Thread ...

5over12
28-03-2005, 08:40
Thanks for your reply Wlanman :)

That is the whole point.. I Installed the version -4 (and even went back to previous versions in hte hope that it would solve my problem)
Also hardresetting on the router itself did not do the trick. Though webcam functionallity came back after that, so my hope was big..
But looking at my log I saw still that ip adresses were blocked, trying to enter my FTP. Though inside entering ftp is going fine..
I hoped it would also reset all the things I changed in telnet, but apparently hardreset is not changing internal settings :(

5over12
28-03-2005, 10:28
ok,.. a little update here about my problem...

Seems that my router is not accesable from wan site anymore aswell..

changed the port for acces,.. and still it did not work..
strange though that my webcam is accesable still...
my problem gets weirder and weirder.. :(

I really hope that somebody somebody have a cleu, what could be wrong with my router... :confused: :confused:

tthen
30-03-2005, 23:41
I had the exact same problem as you. i got a tip to do is, and it worked for me:

post an output for the

Code:

iptables -L -vn
iptables -L -t nat -vn

in the forum post.
via the hidden admin page.
http://my.router/Main_AdmStatus_Content.asp
type command and press Refresh.

5over12
31-03-2005, 21:55
Thank you TTHEN,

in the first place.. for making me feel that I am not completely crazy ;)
and secondly to show me something that I had not seen before..

its now too late to check if it is really working,.. and to be honoust.. I am a complete 'no no' in this area. So I am sorry if I am asking stupid questions now..

I followed your instructions the way I think I did understand.

typing in the console of the hidden admin: output iptables -L -vn and then hit refresh and doing hte same with: output iptables -L -t nat -vn.

the stupid question now is.. what exactly is this doing? and what went wrong before that I got this problem in the first place?

regards, 5over12

Jean-Fabrice
31-03-2005, 22:07
don't type


output iptables -L -vn


but


iptables -L -vn


in the hidden adminpage
Hitting refresh should then show you the results of the command

rdude
01-04-2005, 19:45
The same here, no access from WAN except the web-interface, this is in my post-firewall script:

iptables -A INPUT -p tcp --syn --dport 22 -j ACCEPT

but no ssh connection possible - connection refused

Bug in the firewal??? :confused:

v1.9.2.7 CR4 [Oleg] client mode

Jean-Fabrice
01-04-2005, 20:24
try with


iptables -A INPUT -p tcp --dport 22 -j ACCEPT

as --syn means "all packets but syn" i.e it refuses connection attempt on port 22 what is exactly what you don't want.

Oleg
01-04-2005, 21:10
try with


iptables -A INPUT -p tcp --dport 22 -j ACCEPT

as --syn means "all packets but syn" i.e it refuses connection attempt on port 22 what is exactly what you don't want.
Jean-Fabrice, you are not correct. --syn should be used as it indicates, that only initial packets requesting a connection should be accepted by this rule. Other packaets would be related and would accepted by connection tracking rules.

Jean-Fabrice
01-04-2005, 21:41
:( :(
Sorry about my post.
Can I delete it not to fool ppl ?

rdude
02-04-2005, 00:38
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

tried this as well - "connection timed out" :(

tomilius
02-04-2005, 02:34
Show the other rules. With appended rules, the earlier applied the higher precedence. It's the opposite for insertions (-I).

Point is, you have another rule above it blocking it--probaby this:
iptables -A INPUT -j logdrop

Before you add any rules (with post-firewall or bash), use:
iptables -D INPUT -j logdrop

After you append the rules, put it back:
iptables -A INPUT -j logdrop

But again. Show your other rules.

rdude
02-04-2005, 17:51
Show the other rules. With appended rules, the earlier applied the higher precedence. It's the opposite for insertions (-I).

No other rules from me, only enabled the firewall on the Web-interface (Internet Firewall - Basic Config)
My post-firewall script, in v1.7.5.9 this worked:

#!/bin/sh
iptables -A INPUT -p tcp --syn --dport 22 -j ACCEPT
iptables -A INPUT -p udp --dport 161 -j ACCEPT


Point is, you have another rule above it blocking it--probaby this:
iptables -A INPUT -j logdrop


[admin@wl500g root]$ iptables -D INPUT -j logdrop
iptables: Bad rule (does a matching rule exist in that chain?)

I also tried

iptables -I INPUT -p tcp --dport 22 -j ACCEPT with the same results.

The only way I can connect from Wan if I disable the firewall from the Web-ifc.

Any other suggestions?
Tnx

tthen
02-04-2005, 18:24
firmware 1.9.2.7 is working fine for accessing ftp from wan

5over12
02-04-2005, 22:18
firmware 1.9.2.7 is working fine for accessing ftp from wan

For me it all starten as my ftp seemed not to work in original firmware..that is why I choose the 1.9.2.7 -4. and initial it WAS working fine,.. untill I starten to use telnet... ( :mad: stupid me I should have left it while it was working fine)

strange also is that when I use the hidden admin console, ftp is working for a while,.. but probably after rebooting wlan,.. I have the same probem again..

I presume that there must be another way to keep this working, without going into hidden admin console everytime I hope.. :confused:

barsju
02-04-2005, 23:03
Why don't you post results from


iptables -t nat -L
iptables -L
.
Run the two commands and post results here. And have you setup any post-boot, post-mount or post-firewall scripts? If so post them too!

Almost sound like you put your scripts in post-boot, and then when there is a network change, it gets lost. If this is the case, move your code to post-firewall.

S.

Edit: Rdude: Have you tried:

iptables -A INPUT 2 -p tcp --syn --dport 22 -j ACCEPT
Notice number 2 after INPUT. It means you put it at the top of the chain instead of at the bottom.. This way it will appear before the "drop all" rule..

rdude
02-04-2005, 23:36
Rdude: Have you tried:

iptables -A INPUT 2 -p tcp --syn --dport 22 -j ACCEPT
Notice number 2 after INPUT. It means you put it at the top of the chain instead of at the bottom.. This way it will appear before the "drop all" rule..


admin@wl500g root]$ iptables -A INPUT 2 -p tcp --syn --dport 22 -j ACCEPT
Bad argument `2'
Try `iptables -h' or 'iptables --help' for more information.

rdude
03-04-2005, 06:32
[admin@Gadoc root]$ iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere 192.168.2.128 tcp dpt:webcache to:192.168.100.100:80
NETMAP udp -- anywhere 192.168.2.128 udp spt:6112 192.168.100.0/24

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
NETMAP udp -- 192.168.100.0/24 anywhere udp dpt:6112 192.168.2.128/32
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- 192.168.100.0/24 192.168.100.0/24

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

[admin@Gadoc root]$ iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere state NEW
ACCEPT tcp -- anywhere Gadoc tcp dpt:www
ACCEPT icmp -- anywhere 192.168.2.128
DROP all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:SYN,RST,ACK/SYN
ACCEPT udp -- anywhere anywhere udp dpt:snmp

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN limit: avg 1/sec burst 5
ACCEPT tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
ACCEPT icmp -- anywhere anywhere limit: avg 1/sec burst 5 icmp echo-request
ACCEPT udp -- anywhere anywhere udp dpt:6112

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain MACS (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere

Chain logaccept (0 references)
target prot opt source destination
LOG all -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `ACCEPT '
ACCEPT all -- anywhere anywhere

Chain logdrop (0 references)
target prot opt source destination
LOG all -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `DROP'
DROP all -- anywhere anywhere

Why are there invalid states?

barsju
03-04-2005, 09:43
My bad rdude! You should use -I instead of -A of course:

iptables -I INPUT 2 -p tcp --syn --dport 22 -j ACCEPT

It means you insert at posistion 2 instead of adding to the bottom. In your INPUT chain you have:


DROP all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:SYN,RST,ACK/SYN
ACCEPT udp -- anywhere anywhere udp dpt:snmp


Here you see that you drop all packets before your two ACCEPT statements. You stated earlier that it didn't work with the -I option, but that should have worked. So I suggest you try again with "-I 2" and if it doesn't work post your "iptables -L" again.

S.

5over12
03-04-2005, 12:30
ok here is my result of iptables -L -vn


Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
4437 880K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
137 8220 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 state NEW
557 178K ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
34 12396 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.1 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 my wan ip tcp dpt:7776
0 0 ACCEPT tcp -- * * 0.0.0.0/0 my wan ip tcp dpt:7777
0 0 ACCEPT tcp -- * * 0.0.0.0/0 my wan ip tcp dpt:21
0 0 ACCEPT icmp -- * * 0.0.0.0/0 my wan ip
0 0 ACCEPT tcp -- * * 0.0.0.0/0 my wan ip tcp dpt:515
0 0 ACCEPT tcp -- * * 0.0.0.0/0 my wan ip tcp dpt:9100
0 0 ACCEPT tcp -- * * 0.0.0.0/0 my wan ip tcp dpt:9101
0 0 ACCEPT tcp -- * * 0.0.0.0/0 my wan ip tcp dpt:3838
21 1573 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 23 packets, 1024 bytes)
pkts bytes target prot opt in out source destination
345 83772 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 ACCEPT all -- br0 br0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02 limit: avg 1/sec burst 5
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04 limit: avg 1/sec burst 5
0 0 ACCEPT icmp -- eth1 * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 icmp type 8
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.1 tcp dpt:21
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.1 udp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.1 tcp dpt:7776
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.1 udp dpt:7776
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.1 tcp dpt:20
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.1 udp dpt:20
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:6112

Chain OUTPUT (policy ACCEPT 5825 packets, 2826K bytes)
pkts bytes target prot opt in out source destination

Chain MACS (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 ACCEPT all -- br0 br0 0.0.0.0/0 0.0.0.0/0

Chain logaccept (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW LOG flags 7 level 4 prefix `ACCEPT '
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW LOG flags 7 level 4 prefix `DROP'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0


I have no idea what it all means,.. but probably some guys can find out, what is wrong with my settings?

rdude
03-04-2005, 13:54
My bad rdude! You should use -I instead of -A of course:

iptables -I INPUT 2 -p tcp --syn --dport 22 -j ACCEPT


Thank you barsju, this works. :)

5over12
03-04-2005, 19:42
and to make it complete here is my startup sequenze in de router...

Jan 1 01:00:02 kernel: zone(2): 0 pages.
Jan 1 01:00:02 kernel: Kernel command line: root=/dev/mtdblock2 noinitrd init=/linuxrc console=ttyS0,115200
Jan 1 01:00:02 kernel: CPU: BCM4710 rev 0 at 125 MHz
Jan 1 01:00:02 kernel: !unable to setup serial console!
Jan 1 01:00:02 kernel: Memory: 13920k/16384k available (1755k kernel code, 2464k reserved, 220k data, 68k init, 0k highmem)
Jan 1 01:00:02 kernel: Dentry cache hash table entries: 2048 (order: 2, 16384 bytes)
Jan 1 01:00:02 kernel: Inode cache hash table entries: 1024 (order: 1, 8192 bytes)
Jan 1 01:00:02 kernel: Mount-cache hash table entries: 512 (order: 0, 4096 bytes)
Jan 1 01:00:02 kernel: Buffer-cache hash table entries: 1024 (order: 0, 4096 bytes)
Jan 1 01:00:02 kernel: Page-cache hash table entries: 4096 (order: 2, 16384 bytes)
Jan 1 01:00:02 kernel: Checking for 'wait' instruction... unavailable.
Jan 1 01:00:02 kernel: Linux NET4.0 for Linux 2.4
Jan 1 01:00:02 kernel: Based upon Swansea University Computer Society NET3.039
Jan 1 01:00:02 kernel: Initializing RT netlink socket
Jan 1 01:00:02 kernel: Starting kswapd
Jan 1 01:00:02 kernel: Journalled Block Device driver loaded
Jan 1 01:00:02 kernel: devfs: v1.12c (20020818) Richard Gooch
Jan 1 01:00:02 kernel: devfs: boot_options: 0x1
Jan 1 01:00:02 kernel: NTFS driver v1.1.22 [Flags: R/O]
Jan 1 01:00:02 kernel: pty: 256 Unix98 ptys configured
Jan 1 01:00:02 kernel: Serial driver version 5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ SERIAL_PCI enabled
Jan 1 01:00:02 kernel: loop: loaded (max 8 devices)
Jan 1 01:00:02 kernel: PPP Deflate Compression module registered
Jan 1 01:00:02 kernel: PPP BSD Compression module registered
Jan 1 01:00:02 kernel: MPPE/MPPC encryption/compression module registered
Jan 1 01:00:02 kernel: Amd/Fujitsu Extended Query Table v1.1 at 0x0040
Jan 1 01:00:02 kernel: Physically mapped flash: Swapping erase regions for broken CFI table.
Jan 1 01:00:02 kernel: number of CFI chips: 1
Jan 1 01:00:02 kernel: Flash device: 0x400000 at 0x1fc00000
Jan 1 01:00:02 kernel: Physically mapped flash: squashfs filesystem found at block 936
Jan 1 01:00:02 kernel: Creating 5 MTD partitions on "Physically mapped flash":
Jan 1 01:00:02 kernel: 0x00000000-0x00040000 : "pmon"
Jan 1 01:00:02 kernel: 0x00040000-0x003e0000 : "linux"
Jan 1 01:00:02 kernel: 0x000ea190-0x003e0000 : "rootfs"
Jan 1 01:00:02 kernel: 0x003f0000-0x00400000 : "nvram"
Jan 1 01:00:02 kernel: 0x003e0000-0x003f0000 : "config"
Jan 1 01:00:02 kernel: sflash: chipcommon not found
Jan 1 01:00:02 kernel: NET4: Linux TCP/IP 1.0 for NET4.0
Jan 1 01:00:02 kernel: IP: routing cache hash table of 512 buckets, 4Kbytes
Jan 1 01:00:02 kernel: TCP: Hash tables configured (established 1024 bind 2048)
Jan 1 01:00:02 kernel: ip_conntrack version 2.1 (128 buckets, 1024 max) - 344 bytes per conntrack
Jan 1 01:00:02 kernel: ip_tables: (C) 2000-2002 Netfilter core team
Jan 1 01:00:02 kernel: NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
Jan 1 01:00:02 kernel: NET4: Ethernet Bridge 008 for NET4.0
Jan 1 01:00:02 kernel: FAT: bogus logical sector size 21760
Jan 1 01:00:02 kernel: FAT: bogus logical sector size 21760
Jan 1 01:00:02 kernel: NTFS: Unable to set blocksize 512.
Jan 1 01:00:02 kernel: VFS: Mounted root (squashfs filesystem) readonly.
Jan 1 01:00:02 kernel: Mounted devfs on /dev
Jan 1 01:00:02 kernel: Freeing unused kernel memory: 68k freed
Jan 1 01:00:02 kernel: Warning: unable to open an initial console.
Jan 1 01:00:02 kernel: PCI: Enabling device 01:02.0 (0004 -> 0006)
Jan 1 01:00:02 kernel: eth2: Broadcom BCM4320 802.11 Wireless Controller 3.90.7.0
Jan 1 01:00:02 kernel: device eth0 entered promiscuous mode
Jan 1 01:00:02 kernel: device eth2 entered promiscuous mode
Jan 1 01:00:02 kernel: br0: port 2(eth2) entering listening state
Jan 1 01:00:02 kernel: br0: port 1(eth0) entering listening state
Jan 1 01:00:02 kernel: br0: port 2(eth2) entering learning state
Jan 1 01:00:02 kernel: br0: port 1(eth0) entering learning state
Jan 1 01:00:02 kernel: br0: port 2(eth2) entering forwarding state
Jan 1 01:00:02 kernel: g
Jan 1 01:00:02 kernel: br0: port 1(eth0) entering forwarding state
Jan 1 01:00:02 kernel: br0: topology change detected, propagating
Jan 1 01:00:03 kernel: usb.c: registered new driver usbdevfs
Jan 1 01:00:03 kernel: usb.c: registered new driver hub
Jan 1 01:00:03 kernel: usb-ohci.c: USB OHCI at membase 0xb8004000, IRQ 2
Jan 1 01:00:03 kernel: usb-ohci.c: usb-00:04.0, PCI device 14e4:4715
Jan 1 01:00:03 kernel: usb.c: new USB bus registered, assigned bus number 1
Jan 1 01:00:03 kernel: hub.c: USB hub found
Jan 1 01:00:03 kernel: hub.c: 2 ports detected
Jan 1 01:00:04 kernel: hub.c: new USB device 00:04.0-1, assigned address 2
Jan 1 01:00:04 dnsmasq[52]: DHCPDISCOVER(br0) 192.168.1.150 my mac
Jan 1 01:00:04 dnsmasq[52]: DHCPOFFER(br0) 192.168.1.150 my mac
Jan 1 01:00:04 kernel: hub.c: USB hub found
Jan 1 01:00:04 kernel: hub.c: 7 ports detected
Jan 1 01:00:04 dnsmasq[52]: DHCPDISCOVER(br0) 192.168.1.150 my mac
Jan 1 01:00:04 dnsmasq[52]: DHCPOFFER(br0) 192.168.1.150 my mac
Jan 1 01:00:04 kernel: usb.c: registered new driver usblp
Jan 1 01:00:04 kernel: printer.c: v0.13: USB Printer Device Class driver
Jan 1 01:00:05 kernel: hub.c: new USB device 00:04.0-1.1, assigned address 3
Jan 1 01:00:05 kernel: usb.c: USB device 3 (vend/prod 0x1058/0x401) is not claimed by any active driver.
Jan 1 01:00:06 kernel: hub.c: new USB device 00:04.0-1.2, assigned address 4
Jan 1 01:00:06 kernel: printer.c: usblp0 Device ID string [36]='^B^P$*'
Jan 1 01:00:07 kernel: hub.c: new USB device 00:04.0-1.3, assigned address 5
Jan 1 01:00:07 kernel: SCSI subsystem driver Revision: 1.00
Jan 1 01:00:07 kernel: usb.c: USB device 5 (vend/prod 0x41e/0x4011) is not claimed by any active driver.
Jan 1 01:00:07 USB webcam: attached
Jan 1 01:00:08 kernel: usb.c: registered new driver usb-storage
Jan 1 01:00:08 kernel: scsi0 : SCSI emulation for USB Mass Storage devices
Jan 1 01:00:08 kernel: hub.c: new USB device 00:04.0-1.6, assigned address 6
Jan 1 01:00:08 kernel: usb.c: USB device 6 (vend/prod 0xb39/0x102) is not claimed by any active driver.
Jan 1 01:00:08 dnsmasq[52]: DHCPDISCOVER(br0)
Jan 1 01:00:08 dnsmasq[52]: DHCPOFFER(br0)
Jan 1 01:00:08 dnsmasq[52]: DHCPREQUEST(br0)
Jan 1 01:00:08 dnsmasq[52]: DHCPACK(br0) 192.168.1.150 my mac Joco2
Jan 1 01:00:08 kernel: hub.c: new USB device 00:04.0-1.7, assigned address 7
Jan 1 01:00:08 kernel: usb.c: USB device 7 (vend/prod 0xb39/0x103) is not claimed by any active driver.
Jan 1 01:00:10 kernel: Vendor: WD Model: 1200BB External
Jan 1 01:00:10 kernel: Type: Direct-Access ANSI SCSI revision: 02
Jan 1 01:00:10 kernel: Attached scsi disk sda at scsi0, channel 0, id 0, lun 0
Jan 1 01:00:10 kernel: SCSI device sda: 234441648 512-byte hdwr sectors
Jan 1 01:00:10 kernel: Partition check:
Jan 1 01:00:10 kernel: p1
Jan 1 01:00:10 kernel: USB Mass Storage support registered.
Jan 1 01:00:11 kernel: Installing knfsd (copyright (C) 1996
Jan 1 01:00:11 portmap[94]: user rpc not found, reverting to user bin
Jan 1 01:00:12 dnsmasq[52]: DHCPREQUEST(br0) 192.168.1.150 my mac
Jan 1 01:00:12 dnsmasq[52]: DHCPACK(br0) 192.168.1.150 my mac Joco2
Jan 1 01:00:12 udhcpc[104]: udhcpc (v0.9.9-pre) started
Jan 1 01:00:13 kernel: neg fail
Jan 1 01:00:13 dnsmasq[52]: read /etc/hosts - 5 addresses
Jan 1 01:00:13 dnsmasq[52]: reading /tmp/resolv.conf
Jan 1 01:00:13 dhcp client: deconfig: lease is lost
Jan 1 01:00:15 kernel: printer.c: usblp0 Device ID string [36/max 1552]='^B^P$*'
Jan 1 01:00:15 kernel: printer.c: Parsing USBLPID...
Jan 1 01:00:15 dnsmasq[52]: DHCPINFORM(br0) 192.168.1.150 my mac
Jan 1 01:00:15 dnsmasq[52]: DHCPACK(br0) 192.168.1.150 my mac Joco2
Jan 1 01:00:16 udhcpc[104]: Lease of wan IP adress obtained, lease time 481826
Jan 1 01:00:16 dnsmasq[52]: read /etc/hosts - 5 addresses
Jan 1 01:00:16 dnsmasq[52]: reading /tmp/resolv.conf
Jan 1 01:00:16 dnsmasq[52]: using nameserver 195.162.196.3#53
Jan 1 01:00:16 dnsmasq[52]: using nameserver 212.142.28.69#53
Jan 1 01:00:17 kernel: lp driver: get device ID
Jan 1 01:00:17 kernel: neg fail
Jan 1 01:00:17 kernel: neg fail
Jan 1 01:00:17 dhcp client: bound IP : wan IP adress from @@.@@.@.@.@
Jan 1 01:00:18 dnsmasq[52]: DHCPINFORM(br0) 192.168.1.150 my mac
Jan 1 01:00:18 dnsmasq[52]: DHCPACK(br0) 192.168.1.150 my mac Joco2
Apr 3 19:44:01 kernel: VFS: Can't find ext3 filesystem on dev sd(8,1).
Apr 3 19:44:01 kernel: MSDOS FS: Using codepage 950
Apr 3 19:44:01 kernel: MSDOS FS: IO charset cp950
Apr 3 19:44:01 kernel: pwc Philips PCA645/646 + PCVC675/680/690 + PCVC730/740/750 webcam module version 8.12 loaded.
Apr 3 19:44:01 kernel: pwc Also supports the Askey VC010, various Logitech Quickcams, Samsung MPC-C10 and MPC-C30,
Apr 3 19:44:01 kernel: pwc the Creative WebCam 5, SOTEC Afina Eye and Visionite VCS-UC300 and VCS-UM100.
Apr 3 19:44:01 kernel: usb.c: registered new driver Philips webcam
Apr 3 19:44:01 kernel: pwc Creative Labs Webcam Pro Ex detected.
Apr 3 19:44:01 kernel: pwc Registered as /dev/video0.
Apr 3 19:44:02 kernel: pwc This Creative Labs Webcam Pro Ex camera is equipped with a unknown type of sensor (-32).
Apr 3 19:44:02 kernel: pwc Failed to set LED on/off time.
Apr 3 19:44:02 USB storage: vfat fs mounted to /tmp/harddisk
Apr 3 19:44:04 FTP server: daemon is started
Apr 3 19:44:13 ntp client: Synchronizing time with time.nist.gov ...
Apr 3 19:45:05 kernel: printer.c: usblp0 Device ID string [36/max 1552]='^B^P$*'
Apr 3 19:45:05 kernel: printer.c: Parsing USBLPID...

5over12
03-04-2005, 19:43
I left some parts out,.. which were to my opinion not inportant and make it that it fit in one reply.. ;

barsju
04-04-2005, 11:34
Hmm. Well this line in INPUT-chain:

0 0 ACCEPT tcp -- * * 0.0.0.0/0 my wan ip tcp dpt:21
Indicates that request to your ip on port 21 should be accepted. Which is good.

These lines however:

0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.1 tcp dpt:21
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.1 udp dpt:21

Indicates that you're trying to forward port 21 to 192.168.1.1 (Which is your local adress of your router?). This is not necessary. Have you set it up as a virtual server? If so delete the entry, and try that.

S.

5over12
04-04-2005, 17:45
I really apreciate that you are trying to help me barsju, so thank you for that.

As I feel my self more and more a real noob :o I keep having questions..

I took out the line in my virtual server part in forwarding port 21 to my internal router IP adres. What I was afriad of happend.. it still did not work.

to have a short resume of what my problem is ;
after trying to change parts with telnet my FTP did not function anymore.
installing later releases of firmware did not help me to get everything working again.
going back to original firmwares did not help either..
so I installed the 1.9.2.7-4 firmware again.
seems I cant enter my router from wan site anymore.
seems I cant enter FTP from wan site when firewall is up.
seems I cant enter webcam from wan site anymore when wan site is up
seems router is also very slow.aswell in the embedded websites as in trafic..
maybe my router is broken? or about to break maybe? :confused:

how can I get my original settings back in the way I bought my router. Could it be that I changed certain parts with telnet which stay in the router eventhough resetting it and going back to original firmware?
I WAS really happy with my new toy,.. but I have been busy now for such a long time to get it up the way it is supposed to work,.. that I get really desperate...
I am almost thinking about a new one.... :( :(

barsju
04-04-2005, 22:03
how can I get my original settings back in the way I bought my router.
Have you tried to reset to factory defaults? (System setup->Factory defaults) That should get your settings back.

If it works here is the relevant settings I have:
Internet firewall: ON
WAN - LAN filter: OFF
LAN - WAN filter: OFF
FTP server: ON
FTP port: 21
etc.

Try setting just these settings. To check if port is open from home try: https://grc.com/x/ne.dll?bh0bkyd2 (Shieldsup), and scan for common ports. Port 21 should be marked as open.

If the restore factory defaults doesn't work, you can try by holding the button in the back for a few seconds. (Check manual/search forum).

S.

PS: If Oleg is reading this - Shouldn't there be an option in FTP server for "Enable access from WAN? Yes, No."

5over12
06-04-2005, 10:22
Thank you barsju :)

Seems FTP is accesable again from WAN,.. I am not shure if it is becuase of deleting the lines in virtual server or not. But I am happy!!! (though it worked before with the virtual server settings :confused: )

I wont touch settings anymore untill I have a good grip on what I am actually typing..
Bought myself some good books about Linux and will first learn this langgauge a bit more...

Thanks again!!!

ps.. wouldn't it be nice to have also built in a list of ftp users telling what activity they have? maybe even with a mac adress control list?

barsju
06-04-2005, 10:29
The built in ftp server is called stupid_ftp and is quite stupid. But keep reading this forum and do some careful testing. You should look into the unslung packages. There is a better ftp server there that has a lot more capabilities when it comes to access control.

S.

roque69
26-04-2005, 23:04
Hi.

I have a Zoom 5551X4 ADSL modem connected to my WL-500g router (to one lan port as I can't connect with the modem in the wan port!) but I can't enable the FTP or even the web server from outside the lan! The lan computers can access the web server and the ftp but from the outside nothing!

I've tried to put the router IP in the DMZ of the modem but nothing! If I disable NAT in the Zoom modem I can't connect to internet! I've tried also placing port 21 in the virtual server of the modem bot it doesn't work!

I've checked in https://grc.com/x/ne.dll?bh0bkyd2 (Shieldsup) but it allways shows port 21 as stealth.

Any ideas?

Thanks,
Miguel

barsju
27-04-2005, 08:23
I've tried also placing port 21 in the virtual server of the modem bot it doesn't work!


Well this should work if you put in the WAN IP of router. Check the WAN IP settings of your router, and forward to that IP in the virtual server settings of modem.

S.

Edit: Assuming ofcourse that FTP is enabled and availible from WAN. (You can post iptables to be sure..)

roque69
27-04-2005, 22:59
Hi.

I believe that the first thing that I must solve is the access to internet using the modem connected to the WAN port. Everytime I try to connect the modem to the WAN port, it says that it has a connection but I can't access outsite the router!

I've tried several post's here to start this topic but the moderator doesn't accept any of them and that's why i'm using this one!

Please help me configuring the connection using the wan port instead of using the lan port. The modem is a Zoom 5551 X4 ADSL.

Thanks,
Miguel