Доступ к SSH из WAN (WL700ge)
WL700ge. Kfurge 1078
Отключил встроенный фаервол. Не помогло.
После перепрошивки заметил проблемы.
1. Вообще не получается залогиниться по SSH из WAN
Code:
nvram get kc_ssh_wan_access
Уes
[root@WL700gE /]$ iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:6882
ACCEPT tcp -- anywhere 192.168.1.1 tcp dpt:tproxy
ACCEPT tcp -- anywhere 77.88.21.11 tcp dpt:ftp
ACCEPT icmp -- anywhere 77.88.21.11
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere 192.168.1.2 udp dpt:1027
ACCEPT tcp -- anywhere 192.168.1.2 tcp dpt:63731
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN limit: avg 1/sec burst 5
ACCEPT tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
ACCEPT icmp -- anywhere anywhere limit: avg 1/sec burst 5 icmp echo-request
ACCEPT udp -- anywhere 192.168.1.2 udp dpt:4093
ACCEPT udp -- anywhere 192.168.1.2 udp dpt:4434
ACCEPT udp -- anywhere 192.168.1.2 udp dpt:4533
ACCEPT udp -- anywhere 192.168.1.2 udp dpt:5459
ACCEPT udp -- anywhere 192.168.1.2 udp dpt:4530
ACCEPT udp -- anywhere 192.168.1.2 udp dpt:1028
ACCEPT udp -- anywhere 192.168.1.2 udp dpt:63731
ACCEPT tcp -- anywhere 192.168.1.2 tcp dpt:3389
ACCEPT tcp -- anywhere 192.168.1.2 tcp dpt:12596
ACCEPT udp -- anywhere 192.168.1.2 udp dpt:20414
ACCEPT udp -- anywhere anywhere udp dpt:6112
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain MACS (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere
Chain logaccept (0 references)
target prot opt source destination
LOG all -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `<4>ACCEPT '
ACCEPT all -- anywhere anywhere
Chain logdrop (0 references)
target prot opt source destination
LOG all -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `<4>DROP'
DROP all -- anywhere anywhere
[root@WL700gE /]$
2. Что ping что wget очень долго резольвят имена. На компе в локалке - все нормально.
Что делать?