Part 1/3 because the e-mail size exceeded the maximum message body limit
of 40 KB - part 1 contains the 1. attachment
------------------------------------------------------------------
Hi Matthijs,
I proceeded as following:
1) Rebooted La Fonera
2) Connected via ssh
3) Made command "iptables -L -n" and stored results in "1 - iptable -L
-n not working webserver.txt"
4) Made command "iptables -A input_daemon -p tcp --dport 8080 -j
zone_wan_ACCEPT"
5) Made command "iptables -L -n" and stored results in "2 - iptable -L
-n working webserver.txt"
6) Waited 30 minutes, until webserver's iptables was automatically wiped
out by La Fonera itself.
7) Made command "iptables -L -n" and stored results in "3 - iptable -L
-n not working webserver again.txt"
The text files are attached to this e-mail, you can e.g. compare them
using Meld Diff Viewer.
The only differences I found:
a) Additionally line at paragraph "Chain input_daemon" showing
"zone_wan_ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080" when
the webserver was accessible.
b) Text "Chain zone_wan_ACCEPT (8 references)" when the webserver was
not accessible and "Chain zone_wan_ACCEPT (9 references)" when the
webserver was accessible.
Regards, Kyros
-------- Original Message --------
Subject: Re: [fonosfera] Iptable rules in firewall.user don't last
anymore - after fw2.3.6.0 serverside change?
From: Matthijs Kooijman <[email protected]>
To: [email protected]
Date: Fri Apr 16 2010 13:34:22 GMT+0200 (CEST)
> Hi Kyros,
>
>> But unfortunately again - as I wrote to Matthijs before - after entering
>> this and after rebooting as well the settings are not effective for the
>> running webserver process which is enabled by wan access in
>> firewall.websrv ( -> inside this file you only find the line: iptables
>> -A input_daemon -p tcp --dport 8080 -j zone_wan_ACCEPT).
>> When I then enter this command vis SSH the hosted webpages on the
>> usb-stick are accessible from the web - but only for a few minutes.
>>
>
> Could you send the output from "iptables -L -n" from when it works as well as
> when it is broken later on?
>
> Gr.
>
> Matthijs
r...@fonera:~# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
syn_flood tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x17/0x02
input_rule all -- 0.0.0.0/0 0.0.0.0/0
input all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x06/0x02 TCPMSS clamp to PMTU
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
forwarding_rule all -- 0.0.0.0/0 0.0.0.0/0
forward all -- 0.0.0.0/0 0.0.0.0/0
reject all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
output_rule all -- 0.0.0.0/0 0.0.0.0/0
output all -- 0.0.0.0/0 0.0.0.0/0
Chain MINIUPNPD (0 references)
target prot opt source destination
Chain block_public (1 references)
target prot opt source destination
DROP tcp -- 0.0.0.0/0 192.168.182.1 tcp dpt:!3990
DROP all -- 0.0.0.0/0 192.168.10.1
DROP all -- 0.0.0.0/0 192.168.12.3
Chain forward (1 references)
target prot opt source destination
zone_lan_forward all -- 0.0.0.0/0 0.0.0.0/0
zone_wan_forward all -- 0.0.0.0/0 0.0.0.0/0
zone_hotspotwifi_forward all -- 0.0.0.0/0 0.0.0.0/0
Chain forwarding_hotspot (1 references)
target prot opt source destination
Chain forwarding_hotspotwifi (1 references)
target prot opt source destination
Chain forwarding_lan (1 references)
target prot opt source destination
Chain forwarding_rule (1 references)
target prot opt source destination
input_inter all -- 0.0.0.0/0 0.0.0.0/0
Chain forwarding_wan (1 references)
target prot opt source destination
Chain forwarding_wannet (1 references)
target prot opt source destination
Chain input (1 references)
target prot opt source destination
zone_lan all -- 0.0.0.0/0 0.0.0.0/0
zone_wan all -- 0.0.0.0/0 0.0.0.0/0
zone_hotspotwifi all -- 0.0.0.0/0 0.0.0.0/0
Chain input_daemon (1 references)
target prot opt source destination
zone_wan_DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
state NEW recent: UPDATE seconds: 180 hit_count: 3 name: DEFAULT side: source
tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state
NEW recent: SET name: DEFAULT side: source
zone_wan_ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
zone_wan_ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:139
zone_wan_ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
zone_wan_ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
zone_wan_ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
Chain input_hotspot (1 references)
target prot opt source destination
Chain input_hotspotwifi (1 references)
target prot opt source destination
Chain input_inter (1 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 192.168.12.0/24
Chain input_lan (1 references)
target prot opt source destination
Chain input_rule (1 references)
target prot opt source destination
block_public all -- 0.0.0.0/0 0.0.0.0/0
input_daemon all -- 0.0.0.0/0 0.0.0.0/0
Chain input_wan (1 references)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 state
NEW,RELATED,ESTABLISHED
Chain input_wannet (1 references)
target prot opt source destination
Chain output (1 references)
target prot opt source destination
zone_wannet_REJECT all -- 0.0.0.0/0 0.0.0.0/0
zone_lan_ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
zone_wan_ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
zone_hotspotwifi_REJECT all -- 0.0.0.0/0 0.0.0.0/0
zone_hotspot_ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain output_rule (1 references)
target prot opt source destination
Chain reject (7 references)
target prot opt source destination
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 reject-with
tcp-reset
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-port-unreachable
Chain syn_flood (1 references)
target prot opt source destination
RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x17/0x02 limit: avg 25/sec burst 50
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_hotspot (0 references)
target prot opt source destination
input_hotspot all -- 0.0.0.0/0 0.0.0.0/0
zone_hotspot_ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_hotspot_ACCEPT (2 references)
target prot opt source destination
Chain zone_hotspot_DROP (0 references)
target prot opt source destination
Chain zone_hotspot_REJECT (1 references)
target prot opt source destination
Chain zone_hotspot_forward (0 references)
target prot opt source destination
zone_wan_ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
forwarding_hotspot all -- 0.0.0.0/0 0.0.0.0/0
zone_hotspot_REJECT all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_hotspotwifi (1 references)
target prot opt source destination
input_hotspotwifi all -- 0.0.0.0/0 0.0.0.0/0
zone_hotspotwifi_REJECT all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_hotspotwifi_ACCEPT (0 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_hotspotwifi_DROP (0 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_hotspotwifi_REJECT (3 references)
target prot opt source destination
reject all -- 0.0.0.0/0 0.0.0.0/0
reject all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_hotspotwifi_forward (1 references)
target prot opt source destination
forwarding_hotspotwifi all -- 0.0.0.0/0 0.0.0.0/0
zone_hotspotwifi_REJECT all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_lan (1 references)
target prot opt source destination
input_lan all -- 0.0.0.0/0 0.0.0.0/0
zone_lan_ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_lan_ACCEPT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_lan_DROP (0 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_lan_REJECT (1 references)
target prot opt source destination
reject all -- 0.0.0.0/0 0.0.0.0/0
reject all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_lan_forward (1 references)
target prot opt source destination
zone_wan_ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
forwarding_lan all -- 0.0.0.0/0 0.0.0.0/0
zone_lan_REJECT all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_wan (1 references)
target prot opt source destination
input_wan all -- 0.0.0.0/0 0.0.0.0/0
zone_wan_REJECT all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_wan_ACCEPT (8 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_wan_DROP (1 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_wan_REJECT (2 references)
target prot opt source destination
reject all -- 0.0.0.0/0 0.0.0.0/0
reject all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_wan_forward (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 192.168.10.1 tcp dpt:8080
ACCEPT tcp -- 0.0.0.0/0 192.168.10.31 tcp dpt:5903
ACCEPT tcp -- 0.0.0.0/0 192.168.10.1 tcp dpt:87
ACCEPT tcp -- 0.0.0.0/0 192.168.10.1 tcp dpt:21
ACCEPT udp -- 0.0.0.0/0 192.168.10.210 udp dpt:80
ACCEPT tcp -- 0.0.0.0/0 192.168.10.210 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 192.168.10.1 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 192.168.10.1 tcp dpt:22
forwarding_wan all -- 0.0.0.0/0 0.0.0.0/0
zone_wan_REJECT all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_wannet (0 references)
target prot opt source destination
input_wannet all -- 0.0.0.0/0 0.0.0.0/0
zone_wannet_REJECT all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_wannet_ACCEPT (0 references)
target prot opt source destination
Chain zone_wannet_DROP (0 references)
target prot opt source destination
Chain zone_wannet_REJECT (3 references)
target prot opt source destination
Chain zone_wannet_forward (0 references)
target prot opt source destination
forwarding_wannet all -- 0.0.0.0/0 0.0.0.0/0
zone_wannet_REJECT all -- 0.0.0.0/0 0.0.0.0/0
r...@fonera:~#
_______________________________________________
Development mailing list
[email protected]
http://fonosfera.org/mailman/listinfo/development
