Hi
SSH from wan works here neither, macsats tutorial.
I hate iptables in some way, so i hope he finds the problem someday .
Greets
Hi there,
I set the SSH , thttpd followed the http://www.macsat.com , but I cann't access these servicess from WAN only from LAN it's working
EXCEPT I TURN MY FIREWALL OFF
than everything works.
I could turn off the firewall, my computer are secured behind the NAT anyway, but still I would rather do it some other way with the firewall running.
I was going over the forum, but I couldn't find anyone with similar difficulties fixed.
Do you?
------------------------------------------------------
Chain INPUT (policy ACCEPT)
target prot opt source destination
logdrop all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABL ISHED
ACCEPT all -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
logdrop all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:81
ACCEPT tcp -- anywhere anywhere tcp dpt:www
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
logdrop all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABL ISHED
ACCEPT tcp -- anywhere anywhere tcp flags:SYN,RST,AC K/SYN limit: avg 1/sec burst 5
ACCEPT tcp -- anywhere anywhere tcp flags:FIN,SYN,RS T,ACK/RST limit: avg 1/sec burst 5
ACCEPT icmp -- anywhere anywhere limit: avg 1/sec bur
------------------------------------------------------
$ cat /usr/local/sbin/post-boot
#!/bin/sh
# wait for /opt to mount
mount /dev/discs/disc0/part2 /opt
i=0
while [ $i -le 30 ]
do
if [ -d /opt/etc ]
then
break
fi
sleep 1
i=`expr $i + 1`
done
# Activate swap
swapon /dev/discs/disc0/part1
# Run all active services - active means starts with S
/opt/etc/init.d/rc.unslung
dropbear
/usr/sbin/smbd -D
/usr/sbin/nmbd -D
------------------------------------------------------
$ cat /usr/local/sbin/post-firewall
#!/bin/sh
iptables -D INPUT -j DROP
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 81 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i $1 -p tcp --dport 80 -j DNAT --to-destination $4:81
iptables -A INPUT -j DROP
Hi
SSH from wan works here neither, macsats tutorial.
I hate iptables in some way, so i hope he finds the problem someday .
Greets
My Stuff: WL-500g, Mapower H31x 10GB HD, Philips Webcam Vesta PRO, TerraTec Webcam PRO, USB Hub
I would suspect your
logdrop all --anywhere --anywhere
in your input chain.
I am not quite sure what logdrop does, but I would suspect it to drop all packets.
I would try to turn all logging off in the web interface.
No success.
Originally Posted by pfugl
hi
I have found the prob. with the macsat tutorial I don't know why it didn't work for me.
I changed the script post-firewall to :
#!/bin/sh
iptables -D INPUT -j DROP
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 81 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 80 -j DNAT --to-destination $4:81
iptables -t nat -A PREROUTING -i vlan1 -p tcp --dport 22 -j DNAT --to-destination $4:22
iptables -A INPUT -j DROP
anyway for some reason the script didn't execute itself after the reboot of the rooter so I plaesed it to /opt/etc/init.d/ dir. as S99firewall
and it's working as it should.