Dang stupid gmail and your not replying to the list! ------------------------------ ------------------------------------------------------------------------------------------------ iptables -L: ------------------------------------------------------------------------------------------------------------------------------ Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere syn_flood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN input_rule all -- anywhere anywhere input all -- anywhere anywhere
Chain FORWARD (policy DROP) target prot opt source destination zone_wan_MSSFIX all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED forwarding_rule all -- anywhere anywhere forward all -- anywhere anywhere reject all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere output_rule all -- anywhere anywhere output all -- anywhere anywhere Chain forward (1 references) target prot opt source destination zone_lan_forward all -- anywhere anywhere zone_wan_forward all -- anywhere anywhere Chain forwarding_lan (1 references) target prot opt source destination Chain forwarding_rule (1 references) target prot opt source destination Chain forwarding_wan (1 references) target prot opt source destination Chain input (1 references) target prot opt source destination zone_lan all -- anywhere anywhere zone_wan all -- anywhere anywhere Chain input_lan (1 references) target prot opt source destination Chain input_rule (1 references) target prot opt source destination Chain input_wan (1 references) target prot opt source destination Chain output (1 references) target prot opt source destination zone_lan_ACCEPT all -- anywhere anywhere zone_wan_ACCEPT all -- anywhere anywhere Chain output_rule (1 references) target prot opt source destination Chain reject (5 references) target prot opt source destination REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain syn_flood (1 references) target prot opt source destination RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50 DROP all -- anywhere anywhere Chain zone_lan (1 references) target prot opt source destination input_lan all -- anywhere anywhere zone_lan_ACCEPT all -- anywhere anywhere Chain zone_lan_ACCEPT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain zone_lan_DROP (0 references) target prot opt source destination DROP all -- anywhere anywhere DROP all -- anywhere anywhere Chain zone_lan_MSSFIX (0 references) target prot opt source destination TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU Chain zone_lan_REJECT (1 references) target prot opt source destination reject all -- anywhere anywhere reject all -- anywhere anywhere Chain zone_lan_forward (1 references) target prot opt source destination zone_wan_ACCEPT all -- anywhere anywhere forwarding_lan all -- anywhere anywhere zone_lan_REJECT all -- anywhere anywhere Chain zone_wan (1 references) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:68 ACCEPT icmp -- anywhere anywhere icmp echo-request input_wan all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:1221 zone_wan_REJECT all -- anywhere anywhere Chain zone_wan_ACCEPT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain zone_wan_DROP (0 references) target prot opt source destination DROP all -- anywhere anywhere DROP all -- anywhere anywhere Chain zone_wan_MSSFIX (1 references) target prot opt source destination TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU Chain zone_wan_REJECT (2 references) target prot opt source destination reject all -- anywhere anywhere reject all -- anywhere anywhere Chain zone_wan_forward (1 references) target prot opt source destination forwarding_wan all -- anywhere anywhere zone_wan_REJECT all -- anywhere anywhere ------------------------------------------------------------------------------------------------------------------------------ iptables -t nat -L: ------------------------------------------------------------------------------------------------------------------------------ Chain PREROUTING (policy ACCEPT) target prot opt source destination zone_wan_prerouting all -- anywhere anywhere zone_lan_prerouting all -- anywhere anywhere prerouting_rule all -- anywhere anywhere Chain POSTROUTING (policy ACCEPT) target prot opt source destination postrouting_rule all -- anywhere anywhere zone_wan_nat all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain postrouting_rule (1 references) target prot opt source destination Chain prerouting_lan (1 references) target prot opt source destination Chain prerouting_rule (1 references) target prot opt source destination Chain prerouting_wan (1 references) target prot opt source destination Chain zone_lan_nat (0 references) target prot opt source destination MASQUERADE all -- anywhere anywhere Chain zone_lan_prerouting (1 references) target prot opt source destination prerouting_lan all -- anywhere anywhere Chain zone_wan_nat (1 references) target prot opt source destination MASQUERADE all -- anywhere anywhere Chain zone_wan_prerouting (1 references) target prot opt source destination prerouting_wan all -- anywhere anywhere On Thu, May 12, 2011 at 2:43 PM, Gene Cronk <[email protected]> wrote: > >> The outputs of >> "iptables -L " >> and >> "iptables -t nat -L" >> would likely help here. >> >> On Thu, May 12, 2011 at 2:31 PM, Paul Spicer <[email protected]> >> wrote: >> > Alright, I _THOUGHT_ I had it setup where I could access both SSH and >> luci >> > from WAN, but evidently I was wrong... >> > >> > Here's how I tested it. I set the WAN port with a static address >> > (192.168.20.1) and set my machine up with a static address >> (192.168.20.100) >> > and plugged my machine into the WAN port. I wasn't able to connect >> through >> > HTTP, but I was able to SSH into the router. >> > >> > So then I took the router to work, set the WAN port for DHCP, and >> plugged it >> > into the network. It got an address of 192.168.1.40. From my >> workstation, I >> > was able to connect to the router with SSH, but still no HTTP. >> > >> > With the router disconnected from any WAN, I plugged my machine into one >> of >> > the LAN ports, got a DHCP address from the router and was able to >> connect to >> > it with SSH from both the internal address (192.168.77.9) and the >> external >> > WAN address it was still holding onto from the previous test >> (192.168.1.40). >> > I was also able to access the HTTP side with the internal address, but >> not >> > the external. >> > >> > Last night, I hooked this router up to my DSL at home and was unable to >> > connect with SSH or HTTP from the external address. (It should be noted >> that >> > I have made no changes to the settings in the router, aside from setting >> the >> > WAN address to static and back to DHCP today.) >> > >> > The router I'm using right now is presently setup to forward requests on >> > port 1221 to port 22 of my linux server. Given that THAT is working, I >> don't >> > believe my DSL gateway is blocking the traffic. (I changed the default >> SSH >> > port on the router to 1221 rather than 22 and I'm able to connect on >> that >> > port here at work while I'm testing it.) >> > >> > So I was thinking I need to setup a firewall rule to forward requests >> from >> > port 80 to the router's internal IP address, but that doesn't work, >> either. >> > Can anyone suggest what I'm doing wrong here? I'll gladly supply more >> info >> > as needed. >> > >> > >
