Ok wsio paniatna, zainstaluje i spróbuje to ustawić ale tak jak patrze to to już sie robi czarna magia dla mnie zwłaszcza rozszyfrowywanie ip dla każdego urządzenia. Ale co tam spróbuje, nic nie tracę oprócz czasu smile

Ok czyli mam jeszcze zainstalować server dhcp6s czy klienta bo samego pliku nie widzę u siebie.

@up W końcu poszło, radvd rozgłasza co trzeba, nawet VPN działa. Jedno co wkurza to brak dzierżaw ipv6 w LuCi. Za licho nie wiem też jak przypisać adresy ipv6 do urządzeń sieciowych które mam. Może jakieś info jak to ugryźć??

Zaraz sprawdzę. Co do poradnika - fakt korzystałem z niego ale jak zobaczyłem przypis że nie działa z AA powyżej 12,09 to wywaliłem praktycznie wszystko co było to zainstalowania i szukałem dalej w necie czegoś aktualniejszego. Ale z BB i HE praktycznie nie ma kompletnego poradnika jak to skonfigurować, biorąc jeszcze poprawkę na to by VPN działał.

radvd

config interface
    option interface    'lan'
    option AdvSendAdvert    1
    option AdvManagedFlag    0
    option AdvOtherConfigFlag 0
    list client        ''
    option ignore        1

config prefix
    option interface    'lan'
    # If not specified, a non-link-local prefix of the interface is used
    list prefix        ''
    option AdvOnLink    1
    option AdvAutonomous    1
    option AdvRouterAddr    0
    option ignore        1

config route
    option interface    'lan'
    list prefix        ''
    option ignore        1

config rdnss
    option interface    'lan'
    # If not specified, the link-local address of the interface is used
    list addr        ''
    option ignore        1

config dnssl
    option interface    'lan'
    list suffix        ''
    option ignore        1

dhcp

config dnsmasq
    option domainneeded '1'
    option boguspriv '1'
    option localise_queries '1'
    option rebind_protection '1'
    option rebind_localhost '1'
    option local '/lan/'
    option domain 'lan'
    option expandhosts '1'
    option authoritative '1'
    option readethers '1'
    option leasefile '/tmp/dhcp.leases'
    option resolvfile '/tmp/resolv.conf.auto'
    option nonegcache '1'
    option strictorder '1'

config dhcp 'lan'
    option interface 'lan'
    option start '100'
    option limit '150'
    option leasetime '12h'
    option ra 'server'
    option dhcpv6 'relay'
    option ra_default '1'

config dhcp 'wan'
    option interface 'wan'
    option ignore '1'

config host
    option name 'INTEL'
    option mac ''
    option ip '192.168.1.10'

config host
    option name 'QNAP'
    option mac ''
    option ip ''

config host
    option mac ''
    option ip ''
    option name ''

config host
    option mac ''
    option ip ''
    option name '_J'

config host
    option mac ''
    option ip ''
    option name 'ASUS'

config host
    option name 'PS3'
    option mac ''
    option ip ''

dhcp6s nie mam i pliku conf do niego także

@Up - sorry literówka w pefixie, było xz smile Dopisałem też to co podałeś i dalej buba.

Na chwilę obecną to:

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'fdc9:7f8a:2436::/48'

config interface 'lan'
    option ifname 'eth0.1'
    option force_link '1'
    option type 'bridge'
    option proto 'static'
    option ipaddr '192.168.1.1'
    option netmask '255.255.255.0'
    option ip6hint '10'
    option ip6assign '64'

config interface 'wan'
    option ifname 'eth0.2'
    option proto 'dhcp'

config interface 'wan6'
    option proto '6in4'
    option peeraddr '216.66.80.162'
    option ip6addr '2001:470:xx:yy::2/64'
    option ip6prefix '2001:470:xx:yy::/64'
    option tunnelid 'id'
    option username 'nazwa'
    option password 'haslo'

config switch
    option name 'switch0'
    option reset '1'
    option enable_vlan '1'

config switch_vlan
    option device 'switch0'
    option vlan '1'
    option ports '0t 2 3 4 5'

config switch_vlan
    option device 'switch0'
    option vlan '2'
    option ports '0t 1'

config interface 'vpn0'
    option ifname 'tun0'
    option proto 'none'

Co gorsza po odpaleniu IPv6 przestaje mi działać VPN - to pewnie z racji braku przydzielonego IPv6.

Tyle że u mnie nie ma pliku konfiguracyjnego odhcpd. Juz nawet żeby go nie pominąć to przeglądam zasoby routera przez WinSCP. A wide-dhcpv6-server wyrzuciłem bo nic nie pomogła jego instalacja.

@Cezary - no właśnie, niby nieaktualny ten post jest ale do pewnego momentu się zgadza i idzie uruchomić tunel 6in4 na HE i test przechodzi, po tym zaczynają się schody z przypisaniem IP do LANu
@Gruberek - niby wszystko pięknie ładnie ale nie znalazłem tutaj opisu jak to skonfigurować z HE więc kombinowałem z tym co miałem smile

35

(30 odpowiedzi, napisanych Oprogramowanie / Software)

Tak przy takich ustawieniach mam dostęp z telefonu (OpenVPN Client z PS) do LANu i mam IP routera (zewnętrzne). Łącze się przez LTE od Orange bezpośrednio do routera i wsio działa smile

Jakby trzeba było jakieś zrzuty z konfiguracji to służę wklejkami smile

Tak więc odpaliłem IPv6 wg tego poradnika. Test na podanych stronach przechodzę ale za licho nie potrafię ustawić BB żeby dla podpiętych urządzeń (PC, NAS itp) przydzielało adresy z puli IPv6. W sekcji status mam non stop DHCP Leases puste mimo że PC i pozostałe sprzęty IPv6 obsługują. Może ktoś mi wyjaśni jak to spacyfikować i ewentualnie dostroić tak żeby móc ustawić IPv6 na sztywno do konkretnych urządzeń (ofc o ile to jest możliwe).

37

(30 odpowiedzi, napisanych Oprogramowanie / Software)

Mam tylko tak ustawione forwardowanie:

config forwarding
        option dest 'lan'
        option src 'wan'

config forwarding
        option dest 'wan'
        option src 'lan'

config zone
        option name 'vpn'
        option input 'ACCEPT'
        option forward 'ACCEPT'
        option output 'ACCEPT'
        option network 'vpn0'

config forwarding
        option src 'vpn'
        option dest 'wan'

38

(30 odpowiedzi, napisanych Oprogramowanie / Software)

@Bieniu mam ten sam router i też wg teg poradnika VPN odpalałem i wszystko hula. Poniżej fragmenty jakimi różni się mój konfig od Twojego, może to coś pomoże. BTW a przekierowałeś ruch sieciowy z vpn > wan ??

/etc/config/openvpn
option push 'redirect-gateway def1 local'



/etc/config/firewall
config rule
        option target 'ACCEPT'
        option name 'VPN'
        option src 'wan'
        option dest_port '1194'
        option proto 'tcp udp'

config zone
        option name 'vpn'
        option input 'ACCEPT'
        option forward 'ACCEPT'
        option output 'ACCEPT'
        option network 'vpn0'

config forwarding
        option src 'vpn'
        option dest 'wan'

39

(20 odpowiedzi, napisanych Oprogramowanie / Software)

Wedle tego czy też GRC mam port 53 zamknięty. Puściłem jeszcze nmap - pełne skanowanie zobaczę co wyjdzie.

40

(20 odpowiedzi, napisanych Oprogramowanie / Software)

Tak, normalnie mi strona hula która jest na QNAPie, ftp także działa. DNS także uaktualnia się poprawnie (a jak był na routerze odpalony to go nie uaktualniało). Mogę nawet linka podać do strony, sam sprawdzałem przez proxy/vpn/tor'a i przez komórkę i za każdym razem mnie łączy.

41

(20 odpowiedzi, napisanych Oprogramowanie / Software)

Proszę.

firewall.@redirect[0]=redirect
firewall.@redirect[0].target=DNAT
firewall.@redirect[0].src=wan
firewall.@redirect[0].dest=lan
firewall.@redirect[0].proto=tcp
firewall.@redirect[0].src_dport=51413
firewall.@redirect[0].dest_ip=192.168.1.30
firewall.@redirect[0].dest_port=51413
firewall.@redirect[0].name=transmission
firewall.@redirect[1]=redirect
firewall.@redirect[1].target=DNAT
firewall.@redirect[1].src=wan
firewall.@redirect[1].dest=lan
firewall.@redirect[1].proto=tcp
firewall.@redirect[1].src_dport=80
firewall.@redirect[1].dest_ip=192.168.1.30
firewall.@redirect[1].dest_port=80
firewall.@redirect[1].name=www
firewall.@redirect[2]=redirect
firewall.@redirect[2].target=DNAT
firewall.@redirect[2].src=wan
firewall.@redirect[2].dest=lan
firewall.@redirect[2].proto=tcp
firewall.@redirect[2].src_dport=26
firewall.@redirect[2].dest_ip=192.168.1.30
firewall.@redirect[2].dest_port=26
firewall.@redirect[2].name=ftp
firewall.@redirect[3]=redirect
firewall.@redirect[3].target=DNAT
firewall.@redirect[3].src=wan
firewall.@redirect[3].dest=lan
firewall.@redirect[3].proto=tcp
firewall.@redirect[3].src_dport=55536-55559
firewall.@redirect[3].dest_ip=192.168.1.30
firewall.@redirect[3].dest_port=55536-55559
firewall.@redirect[3].name=ftp_psv
firewall.@redirect[4]=redirect
firewall.@redirect[4].target=DNAT
firewall.@redirect[4].src=wan
firewall.@redirect[4].dest=lan
firewall.@redirect[4].proto=udp
firewall.@redirect[4].src_dport=1200
firewall.@redirect[4].dest_ip=192.168.1.10
firewall.@redirect[4].dest_port=1200
firewall.@redirect[4].name=steam_1
firewall.@redirect[5]=redirect
firewall.@redirect[5].target=DNAT
firewall.@redirect[5].src=wan
firewall.@redirect[5].dest=lan
firewall.@redirect[5].dest_ip=192.168.1.10
firewall.@redirect[5].name=steam_2
firewall.@redirect[5].proto=tcp udp
firewall.@redirect[5].src_dport=26900-27050
firewall.@redirect[5].dest_port=26900-27050
firewall.@redirect[6]=redirect
firewall.@redirect[6].target=DNAT
firewall.@redirect[6].src=wan
firewall.@redirect[6].dest=lan
firewall.@redirect[6].proto=tcp udp
firewall.@redirect[6].src_dport=3478
firewall.@redirect[6].dest_ip=192.168.1.10
firewall.@redirect[6].dest_port=3478
firewall.@redirect[6].name=steam_3
firewall.@redirect[7]=redirect
firewall.@redirect[7].target=DNAT
firewall.@redirect[7].src=wan
firewall.@redirect[7].dest=lan
firewall.@redirect[7].proto=udp
firewall.@redirect[7].src_dport=4379-4380
firewall.@redirect[7].dest_ip=192.168.1.10
firewall.@redirect[7].dest_port=4379-4380
firewall.@redirect[7].name=steam_4
firewall.@redirect[8]=redirect
firewall.@redirect[8].target=DNAT
firewall.@redirect[8].src=wan
firewall.@redirect[8].dest=lan
firewall.@redirect[8].proto=tcp
firewall.@redirect[8].src_dport=28852
firewall.@redirect[8].dest_ip=192.168.1.10
firewall.@redirect[8].dest_port=28852
firewall.@redirect[8].name=kf_1
firewall.@redirect[9]=redirect
firewall.@redirect[9].target=DNAT
firewall.@redirect[9].src=wan
firewall.@redirect[9].dest=lan
firewall.@redirect[9].src_dport=7707-7708
firewall.@redirect[9].dest_ip=192.168.1.10
firewall.@redirect[9].dest_port=7707-7708
firewall.@redirect[9].name=kf_2
firewall.@redirect[9].proto=tcp udp
firewall.@redirect[10]=redirect
firewall.@redirect[10].target=DNAT
firewall.@redirect[10].src=wan
firewall.@redirect[10].dest=lan
firewall.@redirect[10].proto=udp
firewall.@redirect[10].src_dport=7717
firewall.@redirect[10].dest_ip=192.168.1.10
firewall.@redirect[10].dest_port=7717
firewall.@redirect[10].name=kf_3
firewall.@redirect[11]=redirect
firewall.@redirect[11].target=DNAT
firewall.@redirect[11].src=wan
firewall.@redirect[11].dest=lan
firewall.@redirect[11].proto=udp
firewall.@redirect[11].src_dport=20560
firewall.@redirect[11].dest_ip=192.168.1.10
firewall.@redirect[11].dest_port=20560
firewall.@redirect[11].name=kf_4
firewall.@redirect[12]=redirect
firewall.@redirect[12].target=DNAT
firewall.@redirect[12].src=wan
firewall.@redirect[12].dest=lan
firewall.@redirect[12].proto=tcp udp
firewall.@redirect[12].src_dport=7718
firewall.@redirect[12].dest_ip=192.168.1.10
firewall.@redirect[12].dest_port=7718
firewall.@redirect[12].name=kf_5
firewall.@redirect[13]=redirect
firewall.@redirect[13].target=DNAT
firewall.@redirect[13].src=wan
firewall.@redirect[13].dest=lan
firewall.@redirect[13].proto=tcp
firewall.@redirect[13].src_dport=28852
firewall.@redirect[13].dest_ip=192.168.1.20
firewall.@redirect[13].dest_port=28852
firewall.@redirect[13].name=kf_1_aska
firewall.@redirect[13].enabled=0
firewall.@redirect[14]=redirect
firewall.@redirect[14].target=DNAT
firewall.@redirect[14].src=wan
firewall.@redirect[14].dest=lan
firewall.@redirect[14].proto=udp
firewall.@redirect[14].src_dport=7707-7708
firewall.@redirect[14].dest_ip=192.168.1.20
firewall.@redirect[14].dest_port=7707-7708
firewall.@redirect[14].name=kf_2_aska
firewall.@redirect[14].enabled=0
firewall.@redirect[15]=redirect
firewall.@redirect[15].target=DNAT
firewall.@redirect[15].src=wan
firewall.@redirect[15].dest=lan
firewall.@redirect[15].proto=udp
firewall.@redirect[15].src_dport=7717
firewall.@redirect[15].dest_ip=192.168.1.20
firewall.@redirect[15].dest_port=7717
firewall.@redirect[15].name=kf_3_aska
firewall.@redirect[15].enabled=0
firewall.@redirect[16]=redirect
firewall.@redirect[16].target=DNAT
firewall.@redirect[16].src=wan
firewall.@redirect[16].dest=lan
firewall.@redirect[16].proto=udp
firewall.@redirect[16].src_dport=20560
firewall.@redirect[16].dest_ip=192.168.1.20
firewall.@redirect[16].dest_port=20560
firewall.@redirect[16].name=kf_4_aska
firewall.@redirect[16].enabled=0
firewall.@redirect[17]=redirect
firewall.@redirect[17].target=DNAT
firewall.@redirect[17].src=wan
firewall.@redirect[17].dest=lan
firewall.@redirect[17].proto=tcp
firewall.@redirect[17].src_dport=8777
firewall.@redirect[17].dest_ip=192.168.1.10
firewall.@redirect[17].dest_port=8777
firewall.@redirect[17].name=ut_1
firewall.@redirect[18]=redirect
firewall.@redirect[18].target=DNAT
firewall.@redirect[18].src=wan
firewall.@redirect[18].dest=lan
firewall.@redirect[18].proto=tcp
firewall.@redirect[18].src_dport=9777
firewall.@redirect[18].dest_ip=192.168.1.10
firewall.@redirect[18].dest_port=9777
firewall.@redirect[18].name=ut_2
firewall.@redirect[19]=redirect
firewall.@redirect[19].target=DNAT
firewall.@redirect[19].src=wan
firewall.@redirect[19].dest=lan
firewall.@redirect[19].proto=tcp udp
firewall.@redirect[19].src_dport=7777-7788
firewall.@redirect[19].dest_ip=192.168.1.10
firewall.@redirect[19].dest_port=7777-7788
firewall.@redirect[19].name=ut_3
firewall.@redirect[20]=redirect
firewall.@redirect[20].target=DNAT
firewall.@redirect[20].src=wan
firewall.@redirect[20].dest=lan
firewall.@redirect[20].proto=tcp udp
firewall.@redirect[20].src_dport=27900
firewall.@redirect[20].dest_ip=192.168.1.10
firewall.@redirect[20].dest_port=27900
firewall.@redirect[20].name=ut_4
firewall.@redirect[21]=redirect
firewall.@redirect[21].target=DNAT
firewall.@redirect[21].src=wan
firewall.@redirect[21].dest=lan
firewall.@redirect[21].proto=tcp udp
firewall.@redirect[21].src_dport=42292
firewall.@redirect[21].dest_ip=192.168.1.10
firewall.@redirect[21].dest_port=42292
firewall.@redirect[21].name=ut_5
firewall.@redirect[22]=redirect
firewall.@redirect[22].target=DNAT
firewall.@redirect[22].src=wan
firewall.@redirect[22].dest=lan
firewall.@redirect[22].src_dport=13000
firewall.@redirect[22].dest_ip=192.168.1.10
firewall.@redirect[22].dest_port=13000
firewall.@redirect[22].name=ut_6-uplay
firewall.@redirect[22].proto=tcp udp
firewall.@redirect[23]=redirect
firewall.@redirect[23].target=DNAT
firewall.@redirect[23].src=wan
firewall.@redirect[23].dest=lan
firewall.@redirect[23].proto=tcp udp
firewall.@redirect[23].src_dport=6500
firewall.@redirect[23].dest_ip=192.168.1.10
firewall.@redirect[23].dest_port=6500
firewall.@redirect[23].name=ut_7-gsarcade
firewall.@redirect[24]=redirect
firewall.@redirect[24].target=DNAT
firewall.@redirect[24].src=wan
firewall.@redirect[24].dest=lan
firewall.@redirect[24].proto=tcp
firewall.@redirect[24].src_dport=13005
firewall.@redirect[24].dest_ip=192.168.1.10
firewall.@redirect[24].dest_port=13005
firewall.@redirect[24].name=uplay_1
firewall.@redirect[25]=redirect
firewall.@redirect[25].target=DNAT
firewall.@redirect[25].src=wan
firewall.@redirect[25].dest=lan
firewall.@redirect[25].proto=tcp
firewall.@redirect[25].src_dport=13200
firewall.@redirect[25].dest_ip=192.168.1.10
firewall.@redirect[25].dest_port=13200
firewall.@redirect[25].name=uplay_2
firewall.@redirect[26]=redirect
firewall.@redirect[26].target=DNAT
firewall.@redirect[26].src=wan
firewall.@redirect[26].dest=lan
firewall.@redirect[26].proto=tcp udp
firewall.@redirect[26].src_dport=6515
firewall.@redirect[26].dest_ip=192.168.1.10
firewall.@redirect[26].dest_port=6515
firewall.@redirect[26].name=gs-arcade_1
firewall.@redirect[27]=redirect
firewall.@redirect[27].target=DNAT
firewall.@redirect[27].src=wan
firewall.@redirect[27].dest=lan
firewall.@redirect[27].proto=tcp udp
firewall.@redirect[27].src_dport=13139
firewall.@redirect[27].dest_ip=192.168.1.10
firewall.@redirect[27].dest_port=13139
firewall.@redirect[27].name=gs-arcade_2
firewall.@redirect[28]=redirect
firewall.@redirect[28].target=DNAT
firewall.@redirect[28].src=wan
firewall.@redirect[28].dest=lan
firewall.@redirect[28].proto=tcp
firewall.@redirect[28].src_dport=6667
firewall.@redirect[28].dest_ip=192.168.1.10
firewall.@redirect[28].dest_port=6667
firewall.@redirect[28].name=gs-arcade_3
firewall.@redirect[29]=redirect
firewall.@redirect[29].target=DNAT
firewall.@redirect[29].src=wan
firewall.@redirect[29].dest=lan
firewall.@redirect[29].proto=tcp
firewall.@redirect[29].dest_ip=192.168.1.10
firewall.@redirect[29].name=gs-arcade_4
firewall.@redirect[29].src_dport=28900-28910
firewall.@redirect[29].dest_port=28900-28910
firewall.@redirect[30]=redirect
firewall.@redirect[30].target=DNAT
firewall.@redirect[30].src=wan
firewall.@redirect[30].dest=lan
firewall.@redirect[30].proto=tcp
firewall.@redirect[30].src_dport=3783
firewall.@redirect[30].dest_ip=192.168.1.10
firewall.@redirect[30].dest_port=3783
firewall.@redirect[30].name=gs-arcade_5
firewall.@redirect[31]=redirect
firewall.@redirect[31].target=DNAT
firewall.@redirect[31].src=wan
firewall.@redirect[31].dest=lan
firewall.@redirect[31].proto=tcp
firewall.@redirect[31].src_dport=29900-29901
firewall.@redirect[31].dest_ip=192.168.1.10
firewall.@redirect[31].dest_port=29900-29901
firewall.@redirect[31].name=gs-arcade_6
firewall.@redirect[32]=redirect
firewall.@redirect[32].target=DNAT
firewall.@redirect[32].src=wan
firewall.@redirect[32].dest=lan
firewall.@redirect[32].proto=udp
firewall.@redirect[32].src_dport=8871
firewall.@redirect[32].dest_ip=192.168.1.10
firewall.@redirect[32].dest_port=8871
firewall.@redirect[32].name=gs_1
firewall.@redirect[33]=redirect
firewall.@redirect[33].target=DNAT
firewall.@redirect[33].src=wan
firewall.@redirect[33].dest=lan
firewall.@redirect[33].proto=tcp
firewall.@redirect[33].src_dport=1001-1002
firewall.@redirect[33].dest_ip=192.168.1.10
firewall.@redirect[33].dest_port=1001-1002
firewall.@redirect[33].name=uplay-grfs_1
firewall.@redirect[34]=redirect
firewall.@redirect[34].target=DNAT
firewall.@redirect[34].src=wan
firewall.@redirect[34].dest=lan
firewall.@redirect[34].proto=tcp udp
firewall.@redirect[34].src_dport=2348-2348
firewall.@redirect[34].dest_ip=192.168.1.10
firewall.@redirect[34].dest_port=2348-2348
firewall.@redirect[34].name=uplay-grfs_2
firewall.@redirect[35]=redirect
firewall.@redirect[35].target=DNAT
firewall.@redirect[35].src=wan
firewall.@redirect[35].dest=lan
firewall.@redirect[35].proto=udp
firewall.@redirect[35].src_dport=10007
firewall.@redirect[35].dest_ip=192.168.1.10
firewall.@redirect[35].dest_port=10007
firewall.@redirect[35].name=uplay-grfs_3
firewall.@redirect[36]=redirect
firewall.@redirect[36].target=DNAT
firewall.@redirect[36].src=wan
firewall.@redirect[36].dest=lan
firewall.@redirect[36].proto=udp
firewall.@redirect[36].src_dport=15765
firewall.@redirect[36].dest_ip=192.168.1.10
firewall.@redirect[36].dest_port=15765
firewall.@redirect[36].name=uplay-grfs_4
firewall.@redirect[37]=redirect
firewall.@redirect[37].target=DNAT
firewall.@redirect[37].src=wan
firewall.@redirect[37].dest=lan
firewall.@redirect[37].proto=udp
firewall.@redirect[37].src_dport=24340
firewall.@redirect[37].dest_ip=192.168.1.10
firewall.@redirect[37].dest_port=24340
firewall.@redirect[37].name=uplay-grfs_5
firewall.@redirect[38]=redirect
firewall.@redirect[38].target=DNAT
firewall.@redirect[38].src=wan
firewall.@redirect[38].dest=lan
firewall.@redirect[38].proto=udp
firewall.@redirect[38].src_dport=24360
firewall.@redirect[38].dest_ip=192.168.1.10
firewall.@redirect[38].dest_port=24360
firewall.@redirect[38].name=uplay-grfs_6
firewall.@redirect[39]=redirect
firewall.@redirect[39].target=DNAT
firewall.@redirect[39].src=wan
firewall.@redirect[39].dest=lan
firewall.@redirect[39].proto=tcp udp
firewall.@redirect[39].src_dport=3659
firewall.@redirect[39].dest_ip=192.168.1.10
firewall.@redirect[39].dest_port=3659
firewall.@redirect[39].name=origin-ds3_1
firewall.@redirect[40]=redirect
firewall.@redirect[40].target=DNAT
firewall.@redirect[40].src=wan
firewall.@redirect[40].dest=lan
firewall.@redirect[40].proto=tcp udp
firewall.@redirect[40].src_dport=9999
firewall.@redirect[40].dest_ip=192.168.1.10
firewall.@redirect[40].dest_port=9999
firewall.@redirect[40].name=origin-ds3_2
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood=1
firewall.@defaults[0].input=ACCEPT
firewall.@defaults[0].output=ACCEPT
firewall.@defaults[0].forward=ACCEPT
firewall.@zone[0]=zone
firewall.@zone[0].name=lan
firewall.@zone[0].input=ACCEPT
firewall.@zone[0].output=ACCEPT
firewall.@zone[0].forward=ACCEPT
firewall.@zone[0].network=lan
firewall.@zone[1]=zone
firewall.@zone[1].name=wan
firewall.@zone[1].masq=1
firewall.@zone[1].mtu_fix=1
firewall.@zone[1].network=wan
firewall.@zone[1].output=ACCEPT
firewall.@zone[1].forward=ACCEPT
firewall.@zone[1].input=DROP
firewall.@rule[0]=rule
firewall.@rule[0].name=Allow-DHCP-Renew
firewall.@rule[0].src=wan
firewall.@rule[0].proto=udp
firewall.@rule[0].dest_port=68
firewall.@rule[0].target=ACCEPT
firewall.@rule[0].family=ipv4
firewall.@rule[1]=rule
firewall.@rule[1].src=wan
firewall.@rule[1].proto=icmp
firewall.@rule[1].icmp_type=echo-request
firewall.@rule[1].family=ipv4
firewall.@rule[1].target=DROP
firewall.@rule[1].name=Drop-Ping
firewall.@rule[2]=rule
firewall.@rule[2].name=Allow-DHCPv6
firewall.@rule[2].src=wan
firewall.@rule[2].proto=udp
firewall.@rule[2].src_ip=fe80::/10
firewall.@rule[2].src_port=547
firewall.@rule[2].dest_ip=fe80::/10
firewall.@rule[2].dest_port=546
firewall.@rule[2].family=ipv6
firewall.@rule[2].target=ACCEPT
firewall.@rule[3]=rule
firewall.@rule[3].name=Allow-ICMPv6-Input
firewall.@rule[3].src=wan
firewall.@rule[3].proto=icmp
firewall.@rule[3].icmp_type=echo-request echo-reply destination-unreachable packet-too-big time-exceeded bad-header unknown-header-type router-solicitation neighbour-solicitation router-advertisement neighbour-advertisement
firewall.@rule[3].limit=1000/sec
firewall.@rule[3].family=ipv6
firewall.@rule[3].target=ACCEPT
firewall.@rule[4]=rule
firewall.@rule[4].name=Allow-ICMPv6-Forward
firewall.@rule[4].src=wan
firewall.@rule[4].dest=*
firewall.@rule[4].proto=icmp
firewall.@rule[4].icmp_type=echo-request echo-reply destination-unreachable packet-too-big time-exceeded bad-header unknown-header-type
firewall.@rule[4].limit=1000/sec
firewall.@rule[4].family=ipv6
firewall.@rule[4].target=ACCEPT
firewall.@include[0]=include
firewall.@include[0].path=/etc/firewall.user
firewall.miniupnpd=include
firewall.miniupnpd.type=script
firewall.miniupnpd.path=/usr/share/miniupnpd/firewall.include
firewall.miniupnpd.family=IPv4
firewall.miniupnpd.reload=1
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].dest=lan
firewall.@forwarding[0].src=wan
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].dest=wan
firewall.@forwarding[1].src=lan

42

(20 odpowiedzi, napisanych Oprogramowanie / Software)

Chodzi Ci o dane z firewalla i z iptables czy o coś innego?

43

(20 odpowiedzi, napisanych Oprogramowanie / Software)

Wczoraj/dziś dla Mnie ostatnio to to samo neutral. Tak czy siak można ten temat już zamknąć/skasować - przerzuciłem uaktualnianie dns'a na QNAPa i na routerze wyłączyłem ddns-scripts. Do tego zmieniłem kilka opcji w ustawieniach DNS i samym firewallu (wan => lan input ustawione na drop, reszta bez zmian). W teście na grc wyskakują mi porty w trybie stealth ale na stronę mogę wejść i ftp też działa. Zostaje jak jest do momentu kolejnego uaktualnienia, ewentualnie kolejnego maila od dostawcy. Dzięki za pomoc i przepraszam za zamieszanie spowodowane niespójnymi danymi.

44

(20 odpowiedzi, napisanych Oprogramowanie / Software)

Przepraszam bardzo ale od wczoraj trochę sie zmieniło, musiałem wyciąć ruch z zewnątrz bo znów dostałem maila od swojego dostawcy neta i stąd te zmienione dane. Zrozumiem jak nie zechcesz tego sprawdzać czy nawet sobie tym głowy zawracać - najwyżej będę grzebał w google i coś znajdę sensownego żeby pozbyć się tego problemu. Tak czy siak dzięki za okazana do tej pory pomoc i wyrozumiałość.

45

(20 odpowiedzi, napisanych Oprogramowanie / Software)

Przeedytowałem poprzednie posty i wkleiłem najświeższe dane. Co do skryptu firewalla czy też modyfikacji to nie, nic takiego nie używam bo uważam że ten Firewall jest o wiele lepszy niż to co miałem wcześniej w Asusie WL-500gP.

46

(20 odpowiedzi, napisanych Oprogramowanie / Software)

Już wrzucam

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 185K   12M delegate_input  all  --  any    any     anywhere             anywhere            

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 145K  118M delegate_forward  all  --  any    any     anywhere             anywhere            

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 3133  814K delegate_output  all  --  any    any     anywhere             anywhere            

Chain delegate_forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 145K  118M forwarding_rule  all  --  any    any     anywhere             anywhere            /* user chain for forwarding */ 
 142K  118M ACCEPT     all  --  any    any     anywhere             anywhere            ctstate RELATED,ESTABLISHED 
 2749  144K zone_lan_forward  all  --  br-lan any     anywhere             anywhere            
  403 23260 zone_wan_forward  all  --  eth0.2 any     anywhere             anywhere            

Chain delegate_input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  464 37614 ACCEPT     all  --  lo     any     anywhere             anywhere            
 184K   12M input_rule  all  --  any    any     anywhere             anywhere            /* user chain for input */ 
 2061  327K ACCEPT     all  --  any    any     anywhere             anywhere            ctstate RELATED,ESTABLISHED 
 4413  196K syn_flood  tcp  --  any    any     anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/SYN 
  949 89363 zone_lan_input  all  --  br-lan any     anywhere             anywhere            
 179K   11M zone_wan_input  all  --  eth0.2 any     anywhere             anywhere            

Chain delegate_output (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  464 37614 ACCEPT     all  --  any    lo      anywhere             anywhere            
 2669  776K output_rule  all  --  any    any     anywhere             anywhere            /* user chain for output */ 
 2342  752K ACCEPT     all  --  any    any     anywhere             anywhere            ctstate RELATED,ESTABLISHED 
   25  4900 zone_lan_output  all  --  any    br-lan  anywhere             anywhere            
  302 19379 zone_wan_output  all  --  any    eth0.2  anywhere             anywhere            

Chain forwarding_lan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain forwarding_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain forwarding_wan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain input_lan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain input_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain input_wan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain output_lan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain output_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain output_wan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain reject (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 REJECT     tcp  --  any    any     anywhere             anywhere            reject-with tcp-reset 
    0     0 REJECT     all  --  any    any     anywhere             anywhere            reject-with icmp-port-unreachable 

Chain syn_flood (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 1932 86808 RETURN     tcp  --  any    any     anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50 
 2481  109K DROP       all  --  any    any     anywhere             anywhere            

Chain zone_lan_dest_ACCEPT (53 references)
 pkts bytes target     prot opt in     out     source               destination         
   32  5264 ACCEPT     all  --  any    br-lan  anywhere             anywhere            

Chain zone_lan_forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 2749  144K forwarding_lan_rule  all  --  any    any     anywhere             anywhere            /* user chain for forwarding */ 
    0     0 zone_lan_dest_ACCEPT  tcp  --  any    any     192.168.1.0/24       QNAP.lan            tcp dpt:51413 /* transmission (reflection) */ 
    7   364 zone_lan_dest_ACCEPT  tcp  --  any    any     192.168.1.0/24       QNAP.lan            tcp dpt:www /* www (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  tcp  --  any    any     192.168.1.0/24       QNAP.lan            tcp dpt:26 /* ftp (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  tcp  --  any    any     192.168.1.0/24       QNAP.lan            tcp dpts:55536:55559 /* ftp_psv (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  udp  --  any    any     192.168.1.0/24       INTEL.lan           udp dpt:1200 /* steam_1 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  tcp  --  any    any     192.168.1.0/24       INTEL.lan           tcp dpts:26900:27050 /* steam_2 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  udp  --  any    any     192.168.1.0/24       INTEL.lan           udp dpts:26900:27050 /* steam_2 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  tcp  --  any    any     192.168.1.0/24       INTEL.lan           tcp dpt:3478 /* steam_3 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  udp  --  any    any     192.168.1.0/24       INTEL.lan           udp dpt:3478 /* steam_3 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  udp  --  any    any     192.168.1.0/24       INTEL.lan           udp dpts:4379:4380 /* steam_4 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  tcp  --  any    any     192.168.1.0/24       INTEL.lan           tcp dpt:28852 /* kf_1 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  tcp  --  any    any     192.168.1.0/24       INTEL.lan           tcp dpts:7707:7708 /* kf_2 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  udp  --  any    any     192.168.1.0/24       INTEL.lan           udp dpts:7707:7708 /* kf_2 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  udp  --  any    any     192.168.1.0/24       INTEL.lan           udp dpt:7717 /* kf_3 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  udp  --  any    any     192.168.1.0/24       INTEL.lan           udp dpt:20560 /* kf_4 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  tcp  --  any    any     192.168.1.0/24       INTEL.lan           tcp dpt:7718 /* kf_5 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  udp  --  any    any     192.168.1.0/24       INTEL.lan           udp dpt:7718 /* kf_5 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  tcp  --  any    any     192.168.1.0/24       INTEL.lan           tcp dpt:8777 /* ut_1 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  tcp  --  any    any     192.168.1.0/24       INTEL.lan           tcp dpt:9777 /* ut_2 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  tcp  --  any    any     192.168.1.0/24       INTEL.lan           tcp dpts:7777:7788 /* ut_3 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  udp  --  any    any     192.168.1.0/24       INTEL.lan           udp dpts:7777:7788 /* ut_3 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  tcp  --  any    any     192.168.1.0/24       INTEL.lan           tcp dpt:27900 /* ut_4 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  udp  --  any    any     192.168.1.0/24       INTEL.lan           udp dpt:27900 /* ut_4 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  tcp  --  any    any     192.168.1.0/24       INTEL.lan           tcp dpt:42292 /* ut_5 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  udp  --  any    any     192.168.1.0/24       INTEL.lan           udp dpt:42292 /* ut_5 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  tcp  --  any    any     192.168.1.0/24       INTEL.lan           tcp dpt:13000 /* ut_6-uplay (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  udp  --  any    any     192.168.1.0/24       INTEL.lan           udp dpt:13000 /* ut_6-uplay (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  tcp  --  any    any     192.168.1.0/24       INTEL.lan           tcp dpt:6500 /* ut_7-gsarcade (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  udp  --  any    any     192.168.1.0/24       INTEL.lan           udp dpt:6500 /* ut_7-gsarcade (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  tcp  --  any    any     192.168.1.0/24       INTEL.lan           tcp dpt:13005 /* uplay_1 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  tcp  --  any    any     192.168.1.0/24       INTEL.lan           tcp dpt:13200 /* uplay_2 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  tcp  --  any    any     192.168.1.0/24       INTEL.lan           tcp dpt:6515 /* gs-arcade_1 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  udp  --  any    any     192.168.1.0/24       INTEL.lan           udp dpt:6515 /* gs-arcade_1 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  tcp  --  any    any     192.168.1.0/24       INTEL.lan           tcp dpt:13139 /* gs-arcade_2 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  udp  --  any    any     192.168.1.0/24       INTEL.lan           udp dpt:13139 /* gs-arcade_2 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  tcp  --  any    any     192.168.1.0/24       INTEL.lan           tcp dpt:ircd /* gs-arcade_3 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  tcp  --  any    any     192.168.1.0/24       INTEL.lan           tcp dpts:28900:28910 /* gs-arcade_4 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  tcp  --  any    any     192.168.1.0/24       INTEL.lan           tcp dpt:3783 /* gs-arcade_5 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  tcp  --  any    any     192.168.1.0/24       INTEL.lan           tcp dpts:29900:29901 /* gs-arcade_6 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  udp  --  any    any     192.168.1.0/24       INTEL.lan           udp dpt:8871 /* gs_1 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  tcp  --  any    any     192.168.1.0/24       INTEL.lan           tcp dpts:1001:1002 /* uplay-grfs_1 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  tcp  --  any    any     192.168.1.0/24       INTEL.lan           tcp dpt:2348 /* uplay-grfs_2 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  udp  --  any    any     192.168.1.0/24       INTEL.lan           udp dpt:2348 /* uplay-grfs_2 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  udp  --  any    any     192.168.1.0/24       INTEL.lan           udp dpt:10007 /* uplay-grfs_3 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  udp  --  any    any     192.168.1.0/24       INTEL.lan           udp dpt:15765 /* uplay-grfs_4 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  udp  --  any    any     192.168.1.0/24       INTEL.lan           udp dpt:24340 /* uplay-grfs_5 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  udp  --  any    any     192.168.1.0/24       INTEL.lan           udp dpt:24360 /* uplay-grfs_6 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  tcp  --  any    any     192.168.1.0/24       INTEL.lan           tcp dpt:3659 /* origin-ds3_1 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  udp  --  any    any     192.168.1.0/24       INTEL.lan           udp dpt:3659 /* origin-ds3_1 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  tcp  --  any    any     192.168.1.0/24       INTEL.lan           tcp dpt:9999 /* origin-ds3_2 (reflection) */ 
    0     0 zone_lan_dest_ACCEPT  udp  --  any    any     192.168.1.0/24       INTEL.lan           udp dpt:9999 /* origin-ds3_2 (reflection) */ 
 2742  143K zone_wan_dest_ACCEPT  all  --  any    any     anywhere             anywhere            /* forwarding lan -> wan */ 
    0     0 zone_lan_src_ACCEPT  all  --  any    any     anywhere             anywhere            

Chain zone_lan_input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  949 89363 input_lan_rule  all  --  any    any     anywhere             anywhere            /* user chain for input */ 
  949 89363 zone_lan_src_ACCEPT  all  --  any    any     anywhere             anywhere            

Chain zone_lan_output (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   25  4900 output_lan_rule  all  --  any    any     anywhere             anywhere            /* user chain for output */ 
   25  4900 zone_lan_dest_ACCEPT  all  --  any    any     anywhere             anywhere            

Chain zone_lan_src_ACCEPT (2 references)
 pkts bytes target     prot opt in     out     source               destination         
  949 89363 ACCEPT     all  --  br-lan any     anywhere             anywhere            

Chain zone_wan_dest_ACCEPT (2 references)
 pkts bytes target     prot opt in     out     source               destination         
 3044  163K ACCEPT     all  --  any    eth0.2  anywhere             anywhere            

Chain zone_wan_forward (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  403 23260 forwarding_wan_rule  all  --  any    any     anywhere             anywhere            /* user chain for forwarding */ 
  365 21412 ACCEPT     tcp  --  any    any     anywhere             QNAP.lan            tcp dpt:51413 /* transmission */ 
    6   320 ACCEPT     tcp  --  any    any     anywhere             QNAP.lan            tcp dpt:www /* www */ 
    2   104 ACCEPT     tcp  --  any    any     anywhere             QNAP.lan            tcp dpt:26 /* ftp */ 
    0     0 ACCEPT     tcp  --  any    any     anywhere             QNAP.lan            tcp dpts:55536:55559 /* ftp_psv */ 
    0     0 ACCEPT     udp  --  any    any     anywhere             INTEL.lan           udp dpt:1200 /* steam_1 */ 
    0     0 ACCEPT     tcp  --  any    any     anywhere             INTEL.lan           tcp dpts:26900:27050 /* steam_2 */ 
    0     0 ACCEPT     udp  --  any    any     anywhere             INTEL.lan           udp dpts:26900:27050 /* steam_2 */ 
    0     0 ACCEPT     tcp  --  any    any     anywhere             INTEL.lan           tcp dpt:3478 /* steam_3 */ 
    0     0 ACCEPT     udp  --  any    any     anywhere             INTEL.lan           udp dpt:3478 /* steam_3 */ 
    0     0 ACCEPT     udp  --  any    any     anywhere             INTEL.lan           udp dpts:4379:4380 /* steam_4 */ 
    6   360 ACCEPT     tcp  --  any    any     anywhere             INTEL.lan           tcp dpt:28852 /* kf_1 */ 
    6   360 ACCEPT     tcp  --  any    any     anywhere             INTEL.lan           tcp dpts:7707:7708 /* kf_2 */ 
    0     0 ACCEPT     udp  --  any    any     anywhere             INTEL.lan           udp dpts:7707:7708 /* kf_2 */ 
   10   352 ACCEPT     udp  --  any    any     anywhere             INTEL.lan           udp dpt:7717 /* kf_3 */ 
    0     0 ACCEPT     udp  --  any    any     anywhere             INTEL.lan           udp dpt:20560 /* kf_4 */ 
    0     0 ACCEPT     tcp  --  any    any     anywhere             INTEL.lan           tcp dpt:7718 /* kf_5 */ 
    0     0 ACCEPT     udp  --  any    any     anywhere             INTEL.lan           udp dpt:7718 /* kf_5 */ 
    0     0 ACCEPT     tcp  --  any    any     anywhere             INTEL.lan           tcp dpt:8777 /* ut_1 */ 
    0     0 ACCEPT     tcp  --  any    any     anywhere             INTEL.lan           tcp dpt:9777 /* ut_2 */ 
    0     0 ACCEPT     tcp  --  any    any     anywhere             INTEL.lan           tcp dpts:7777:7788 /* ut_3 */ 
    0     0 ACCEPT     udp  --  any    any     anywhere             INTEL.lan           udp dpts:7777:7788 /* ut_3 */ 
    0     0 ACCEPT     tcp  --  any    any     anywhere             INTEL.lan           tcp dpt:27900 /* ut_4 */ 
    0     0 ACCEPT     udp  --  any    any     anywhere             INTEL.lan           udp dpt:27900 /* ut_4 */ 
    0     0 ACCEPT     tcp  --  any    any     anywhere             INTEL.lan           tcp dpt:42292 /* ut_5 */ 
    0     0 ACCEPT     udp  --  any    any     anywhere             INTEL.lan           udp dpt:42292 /* ut_5 */ 
    0     0 ACCEPT     tcp  --  any    any     anywhere             INTEL.lan           tcp dpt:13000 /* ut_6-uplay */ 
    0     0 ACCEPT     udp  --  any    any     anywhere             INTEL.lan           udp dpt:13000 /* ut_6-uplay */ 
    0     0 ACCEPT     tcp  --  any    any     anywhere             INTEL.lan           tcp dpt:6500 /* ut_7-gsarcade */ 
    0     0 ACCEPT     udp  --  any    any     anywhere             INTEL.lan           udp dpt:6500 /* ut_7-gsarcade */ 
    0     0 ACCEPT     tcp  --  any    any     anywhere             INTEL.lan           tcp dpt:13005 /* uplay_1 */ 
    0     0 ACCEPT     tcp  --  any    any     anywhere             INTEL.lan           tcp dpt:13200 /* uplay_2 */ 
    0     0 ACCEPT     tcp  --  any    any     anywhere             INTEL.lan           tcp dpt:6515 /* gs-arcade_1 */ 
    0     0 ACCEPT     udp  --  any    any     anywhere             INTEL.lan           udp dpt:6515 /* gs-arcade_1 */ 
    0     0 ACCEPT     tcp  --  any    any     anywhere             INTEL.lan           tcp dpt:13139 /* gs-arcade_2 */ 
    0     0 ACCEPT     udp  --  any    any     anywhere             INTEL.lan           udp dpt:13139 /* gs-arcade_2 */ 
    0     0 ACCEPT     tcp  --  any    any     anywhere             INTEL.lan           tcp dpt:ircd /* gs-arcade_3 */ 
    0     0 ACCEPT     tcp  --  any    any     anywhere             INTEL.lan           tcp dpts:28900:28910 /* gs-arcade_4 */ 
    0     0 ACCEPT     tcp  --  any    any     anywhere             INTEL.lan           tcp dpt:3783 /* gs-arcade_5 */ 
    0     0 ACCEPT     tcp  --  any    any     anywhere             INTEL.lan           tcp dpts:29900:29901 /* gs-arcade_6 */ 
    0     0 ACCEPT     udp  --  any    any     anywhere             INTEL.lan           udp dpt:8871 /* gs_1 */ 
    8   352 ACCEPT     tcp  --  any    any     anywhere             INTEL.lan           tcp dpts:1001:1002 /* uplay-grfs_1 */ 
    0     0 ACCEPT     tcp  --  any    any     anywhere             INTEL.lan           tcp dpt:2348 /* uplay-grfs_2 */ 
    0     0 ACCEPT     udp  --  any    any     anywhere             INTEL.lan           udp dpt:2348 /* uplay-grfs_2 */ 
    0     0 ACCEPT     udp  --  any    any     anywhere             INTEL.lan           udp dpt:10007 /* uplay-grfs_3 */ 
    0     0 ACCEPT     udp  --  any    any     anywhere             INTEL.lan           udp dpt:15765 /* uplay-grfs_4 */ 
    0     0 ACCEPT     udp  --  any    any     anywhere             INTEL.lan           udp dpt:24340 /* uplay-grfs_5 */ 
    0     0 ACCEPT     udp  --  any    any     anywhere             INTEL.lan           udp dpt:24360 /* uplay-grfs_6 */ 
    0     0 ACCEPT     tcp  --  any    any     anywhere             INTEL.lan           tcp dpt:3659 /* origin-ds3_1 */ 
    0     0 ACCEPT     udp  --  any    any     anywhere             INTEL.lan           udp dpt:3659 /* origin-ds3_1 */ 
    0     0 ACCEPT     tcp  --  any    any     anywhere             INTEL.lan           tcp dpt:9999 /* origin-ds3_2 */ 
    0     0 ACCEPT     udp  --  any    any     anywhere             INTEL.lan           udp dpt:9999 /* origin-ds3_2 */ 
    0     0 zone_lan_dest_ACCEPT  all  --  any    any     anywhere             anywhere            /* forwarding wan -> lan */ 
    0     0 zone_wan_src_ACCEPT  all  --  any    any     anywhere             anywhere            

Chain zone_wan_input (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 179K   11M input_wan_rule  all  --  any    any     anywhere             anywhere            /* user chain for input */ 
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere            udp dpt:bootpc /* Allow-DHCP-Renew */ 
    3    92 ACCEPT     icmp --  any    any     anywhere             anywhere            icmp echo-request /* Allow-Ping */ 
 179K   11M zone_wan_src_DROP  all  --  any    any     anywhere             anywhere            

Chain zone_wan_output (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  302 19379 output_wan_rule  all  --  any    any     anywhere             anywhere            /* user chain for output */ 
  302 19379 zone_wan_dest_ACCEPT  all  --  any    any     anywhere             anywhere            

Chain zone_wan_src_ACCEPT (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  eth0.2 any     anywhere             anywhere            

Chain zone_wan_src_DROP (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 179K   11M DROP       all  --  eth0.2 any     anywhere             anywhere            

47

(20 odpowiedzi, napisanych Oprogramowanie / Software)

Nie wiedziałem że tak można zrobić smile

firewall.@redirect[0]=redirect
firewall.@redirect[0].target=DNAT
firewall.@redirect[0].src=wan
firewall.@redirect[0].dest=lan
firewall.@redirect[0].proto=tcp
firewall.@redirect[0].src_dport=51413
firewall.@redirect[0].dest_ip=192.168.1.30
firewall.@redirect[0].dest_port=51413
firewall.@redirect[0].name=transmission
firewall.@redirect[1]=redirect
firewall.@redirect[1].target=DNAT
firewall.@redirect[1].src=wan
firewall.@redirect[1].dest=lan
firewall.@redirect[1].proto=tcp
firewall.@redirect[1].src_dport=80
firewall.@redirect[1].dest_ip=192.168.1.30
firewall.@redirect[1].dest_port=80
firewall.@redirect[1].name=www
firewall.@redirect[2]=redirect
firewall.@redirect[2].target=DNAT
firewall.@redirect[2].src=wan
firewall.@redirect[2].dest=lan
firewall.@redirect[2].proto=tcp
firewall.@redirect[2].src_dport=26
firewall.@redirect[2].dest_ip=192.168.1.30
firewall.@redirect[2].dest_port=26
firewall.@redirect[2].name=ftp
firewall.@redirect[3]=redirect
firewall.@redirect[3].target=DNAT
firewall.@redirect[3].src=wan
firewall.@redirect[3].dest=lan
firewall.@redirect[3].proto=tcp
firewall.@redirect[3].src_dport=55536-55559
firewall.@redirect[3].dest_ip=192.168.1.30
firewall.@redirect[3].dest_port=55536-55559
firewall.@redirect[3].name=ftp_psv
firewall.@redirect[4]=redirect
firewall.@redirect[4].target=DNAT
firewall.@redirect[4].src=wan
firewall.@redirect[4].dest=lan
firewall.@redirect[4].proto=udp
firewall.@redirect[4].src_dport=1200
firewall.@redirect[4].dest_ip=192.168.1.10
firewall.@redirect[4].dest_port=1200
firewall.@redirect[4].name=steam_1
firewall.@redirect[5]=redirect
firewall.@redirect[5].target=DNAT
firewall.@redirect[5].src=wan
firewall.@redirect[5].dest=lan
firewall.@redirect[5].dest_ip=192.168.1.10
firewall.@redirect[5].name=steam_2
firewall.@redirect[5].proto=tcp udp
firewall.@redirect[5].src_dport=26900-27050
firewall.@redirect[5].dest_port=26900-27050
firewall.@redirect[6]=redirect
firewall.@redirect[6].target=DNAT
firewall.@redirect[6].src=wan
firewall.@redirect[6].dest=lan
firewall.@redirect[6].proto=tcp udp
firewall.@redirect[6].src_dport=3478
firewall.@redirect[6].dest_ip=192.168.1.10
firewall.@redirect[6].dest_port=3478
firewall.@redirect[6].name=steam_3
firewall.@redirect[7]=redirect
firewall.@redirect[7].target=DNAT
firewall.@redirect[7].src=wan
firewall.@redirect[7].dest=lan
firewall.@redirect[7].proto=udp
firewall.@redirect[7].src_dport=4379-4380
firewall.@redirect[7].dest_ip=192.168.1.10
firewall.@redirect[7].dest_port=4379-4380
firewall.@redirect[7].name=steam_4
firewall.@redirect[8]=redirect
firewall.@redirect[8].target=DNAT
firewall.@redirect[8].src=wan
firewall.@redirect[8].dest=lan
firewall.@redirect[8].proto=tcp
firewall.@redirect[8].src_dport=28852
firewall.@redirect[8].dest_ip=192.168.1.10
firewall.@redirect[8].dest_port=28852
firewall.@redirect[8].name=kf_1
firewall.@redirect[9]=redirect
firewall.@redirect[9].target=DNAT
firewall.@redirect[9].src=wan
firewall.@redirect[9].dest=lan
firewall.@redirect[9].src_dport=7707-7708
firewall.@redirect[9].dest_ip=192.168.1.10
firewall.@redirect[9].dest_port=7707-7708
firewall.@redirect[9].name=kf_2
firewall.@redirect[9].proto=tcp udp
firewall.@redirect[10]=redirect
firewall.@redirect[10].target=DNAT
firewall.@redirect[10].src=wan
firewall.@redirect[10].dest=lan
firewall.@redirect[10].proto=udp
firewall.@redirect[10].src_dport=7717
firewall.@redirect[10].dest_ip=192.168.1.10
firewall.@redirect[10].dest_port=7717
firewall.@redirect[10].name=kf_3
firewall.@redirect[11]=redirect
firewall.@redirect[11].target=DNAT
firewall.@redirect[11].src=wan
firewall.@redirect[11].dest=lan
firewall.@redirect[11].proto=udp
firewall.@redirect[11].src_dport=20560
firewall.@redirect[11].dest_ip=192.168.1.10
firewall.@redirect[11].dest_port=20560
firewall.@redirect[11].name=kf_4
firewall.@redirect[12]=redirect
firewall.@redirect[12].target=DNAT
firewall.@redirect[12].src=wan
firewall.@redirect[12].dest=lan
firewall.@redirect[12].proto=tcp udp
firewall.@redirect[12].src_dport=7718
firewall.@redirect[12].dest_ip=192.168.1.10
firewall.@redirect[12].dest_port=7718
firewall.@redirect[12].name=kf_5
firewall.@redirect[13]=redirect
firewall.@redirect[13].target=DNAT
firewall.@redirect[13].src=wan
firewall.@redirect[13].dest=lan
firewall.@redirect[13].proto=tcp
firewall.@redirect[13].src_dport=28852
firewall.@redirect[13].dest_ip=192.168.1.20
firewall.@redirect[13].dest_port=28852
firewall.@redirect[13].name=kf_1_aska
firewall.@redirect[13].enabled=0
firewall.@redirect[14]=redirect
firewall.@redirect[14].target=DNAT
firewall.@redirect[14].src=wan
firewall.@redirect[14].dest=lan
firewall.@redirect[14].proto=udp
firewall.@redirect[14].src_dport=7707-7708
firewall.@redirect[14].dest_ip=192.168.1.20
firewall.@redirect[14].dest_port=7707-7708
firewall.@redirect[14].name=kf_2_aska
firewall.@redirect[14].enabled=0
firewall.@redirect[15]=redirect
firewall.@redirect[15].target=DNAT
firewall.@redirect[15].src=wan
firewall.@redirect[15].dest=lan
firewall.@redirect[15].proto=udp
firewall.@redirect[15].src_dport=7717
firewall.@redirect[15].dest_ip=192.168.1.20
firewall.@redirect[15].dest_port=7717
firewall.@redirect[15].name=kf_3_aska
firewall.@redirect[15].enabled=0
firewall.@redirect[16]=redirect
firewall.@redirect[16].target=DNAT
firewall.@redirect[16].src=wan
firewall.@redirect[16].dest=lan
firewall.@redirect[16].proto=udp
firewall.@redirect[16].src_dport=20560
firewall.@redirect[16].dest_ip=192.168.1.20
firewall.@redirect[16].dest_port=20560
firewall.@redirect[16].name=kf_4_aska
firewall.@redirect[16].enabled=0
firewall.@redirect[17]=redirect
firewall.@redirect[17].target=DNAT
firewall.@redirect[17].src=wan
firewall.@redirect[17].dest=lan
firewall.@redirect[17].proto=tcp
firewall.@redirect[17].src_dport=8777
firewall.@redirect[17].dest_ip=192.168.1.10
firewall.@redirect[17].dest_port=8777
firewall.@redirect[17].name=ut_1
firewall.@redirect[18]=redirect
firewall.@redirect[18].target=DNAT
firewall.@redirect[18].src=wan
firewall.@redirect[18].dest=lan
firewall.@redirect[18].proto=tcp
firewall.@redirect[18].src_dport=9777
firewall.@redirect[18].dest_ip=192.168.1.10
firewall.@redirect[18].dest_port=9777
firewall.@redirect[18].name=ut_2
firewall.@redirect[19]=redirect
firewall.@redirect[19].target=DNAT
firewall.@redirect[19].src=wan
firewall.@redirect[19].dest=lan
firewall.@redirect[19].proto=tcp udp
firewall.@redirect[19].src_dport=7777-7788
firewall.@redirect[19].dest_ip=192.168.1.10
firewall.@redirect[19].dest_port=7777-7788
firewall.@redirect[19].name=ut_3
firewall.@redirect[20]=redirect
firewall.@redirect[20].target=DNAT
firewall.@redirect[20].src=wan
firewall.@redirect[20].dest=lan
firewall.@redirect[20].proto=tcp udp
firewall.@redirect[20].src_dport=27900
firewall.@redirect[20].dest_ip=192.168.1.10
firewall.@redirect[20].dest_port=27900
firewall.@redirect[20].name=ut_4
firewall.@redirect[21]=redirect
firewall.@redirect[21].target=DNAT
firewall.@redirect[21].src=wan
firewall.@redirect[21].dest=lan
firewall.@redirect[21].proto=tcp udp
firewall.@redirect[21].src_dport=42292
firewall.@redirect[21].dest_ip=192.168.1.10
firewall.@redirect[21].dest_port=42292
firewall.@redirect[21].name=ut_5
firewall.@redirect[22]=redirect
firewall.@redirect[22].target=DNAT
firewall.@redirect[22].src=wan
firewall.@redirect[22].dest=lan
firewall.@redirect[22].src_dport=13000
firewall.@redirect[22].dest_ip=192.168.1.10
firewall.@redirect[22].dest_port=13000
firewall.@redirect[22].name=ut_6-uplay
firewall.@redirect[22].proto=tcp udp
firewall.@redirect[23]=redirect
firewall.@redirect[23].target=DNAT
firewall.@redirect[23].src=wan
firewall.@redirect[23].dest=lan
firewall.@redirect[23].proto=tcp udp
firewall.@redirect[23].src_dport=6500
firewall.@redirect[23].dest_ip=192.168.1.10
firewall.@redirect[23].dest_port=6500
firewall.@redirect[23].name=ut_7-gsarcade
firewall.@redirect[24]=redirect
firewall.@redirect[24].target=DNAT
firewall.@redirect[24].src=wan
firewall.@redirect[24].dest=lan
firewall.@redirect[24].proto=tcp
firewall.@redirect[24].src_dport=13005
firewall.@redirect[24].dest_ip=192.168.1.10
firewall.@redirect[24].dest_port=13005
firewall.@redirect[24].name=uplay_1
firewall.@redirect[25]=redirect
firewall.@redirect[25].target=DNAT
firewall.@redirect[25].src=wan
firewall.@redirect[25].dest=lan
firewall.@redirect[25].proto=tcp
firewall.@redirect[25].src_dport=13200
firewall.@redirect[25].dest_ip=192.168.1.10
firewall.@redirect[25].dest_port=13200
firewall.@redirect[25].name=uplay_2
firewall.@redirect[26]=redirect
firewall.@redirect[26].target=DNAT
firewall.@redirect[26].src=wan
firewall.@redirect[26].dest=lan
firewall.@redirect[26].proto=tcp udp
firewall.@redirect[26].src_dport=6515
firewall.@redirect[26].dest_ip=192.168.1.10
firewall.@redirect[26].dest_port=6515
firewall.@redirect[26].name=gs-arcade_1
firewall.@redirect[27]=redirect
firewall.@redirect[27].target=DNAT
firewall.@redirect[27].src=wan
firewall.@redirect[27].dest=lan
firewall.@redirect[27].proto=tcp udp
firewall.@redirect[27].src_dport=13139
firewall.@redirect[27].dest_ip=192.168.1.10
firewall.@redirect[27].dest_port=13139
firewall.@redirect[27].name=gs-arcade_2
firewall.@redirect[28]=redirect
firewall.@redirect[28].target=DNAT
firewall.@redirect[28].src=wan
firewall.@redirect[28].dest=lan
firewall.@redirect[28].proto=tcp
firewall.@redirect[28].src_dport=6667
firewall.@redirect[28].dest_ip=192.168.1.10
firewall.@redirect[28].dest_port=6667
firewall.@redirect[28].name=gs-arcade_3
firewall.@redirect[29]=redirect
firewall.@redirect[29].target=DNAT
firewall.@redirect[29].src=wan
firewall.@redirect[29].dest=lan
firewall.@redirect[29].proto=tcp
firewall.@redirect[29].dest_ip=192.168.1.10
firewall.@redirect[29].name=gs-arcade_4
firewall.@redirect[29].src_dport=28900-28910
firewall.@redirect[29].dest_port=28900-28910
firewall.@redirect[30]=redirect
firewall.@redirect[30].target=DNAT
firewall.@redirect[30].src=wan
firewall.@redirect[30].dest=lan
firewall.@redirect[30].proto=tcp
firewall.@redirect[30].src_dport=3783
firewall.@redirect[30].dest_ip=192.168.1.10
firewall.@redirect[30].dest_port=3783
firewall.@redirect[30].name=gs-arcade_5
firewall.@redirect[31]=redirect
firewall.@redirect[31].target=DNAT
firewall.@redirect[31].src=wan
firewall.@redirect[31].dest=lan
firewall.@redirect[31].proto=tcp
firewall.@redirect[31].src_dport=29900-29901
firewall.@redirect[31].dest_ip=192.168.1.10
firewall.@redirect[31].dest_port=29900-29901
firewall.@redirect[31].name=gs-arcade_6
firewall.@redirect[32]=redirect
firewall.@redirect[32].target=DNAT
firewall.@redirect[32].src=wan
firewall.@redirect[32].dest=lan
firewall.@redirect[32].proto=udp
firewall.@redirect[32].src_dport=8871
firewall.@redirect[32].dest_ip=192.168.1.10
firewall.@redirect[32].dest_port=8871
firewall.@redirect[32].name=gs_1
firewall.@redirect[33]=redirect
firewall.@redirect[33].target=DNAT
firewall.@redirect[33].src=wan
firewall.@redirect[33].dest=lan
firewall.@redirect[33].proto=tcp
firewall.@redirect[33].src_dport=1001-1002
firewall.@redirect[33].dest_ip=192.168.1.10
firewall.@redirect[33].dest_port=1001-1002
firewall.@redirect[33].name=uplay-grfs_1
firewall.@redirect[34]=redirect
firewall.@redirect[34].target=DNAT
firewall.@redirect[34].src=wan
firewall.@redirect[34].dest=lan
firewall.@redirect[34].proto=tcp udp
firewall.@redirect[34].src_dport=2348-2348
firewall.@redirect[34].dest_ip=192.168.1.10
firewall.@redirect[34].dest_port=2348-2348
firewall.@redirect[34].name=uplay-grfs_2
firewall.@redirect[35]=redirect
firewall.@redirect[35].target=DNAT
firewall.@redirect[35].src=wan
firewall.@redirect[35].dest=lan
firewall.@redirect[35].proto=udp
firewall.@redirect[35].src_dport=10007
firewall.@redirect[35].dest_ip=192.168.1.10
firewall.@redirect[35].dest_port=10007
firewall.@redirect[35].name=uplay-grfs_3
firewall.@redirect[36]=redirect
firewall.@redirect[36].target=DNAT
firewall.@redirect[36].src=wan
firewall.@redirect[36].dest=lan
firewall.@redirect[36].proto=udp
firewall.@redirect[36].src_dport=15765
firewall.@redirect[36].dest_ip=192.168.1.10
firewall.@redirect[36].dest_port=15765
firewall.@redirect[36].name=uplay-grfs_4
firewall.@redirect[37]=redirect
firewall.@redirect[37].target=DNAT
firewall.@redirect[37].src=wan
firewall.@redirect[37].dest=lan
firewall.@redirect[37].proto=udp
firewall.@redirect[37].src_dport=24340
firewall.@redirect[37].dest_ip=192.168.1.10
firewall.@redirect[37].dest_port=24340
firewall.@redirect[37].name=uplay-grfs_5
firewall.@redirect[38]=redirect
firewall.@redirect[38].target=DNAT
firewall.@redirect[38].src=wan
firewall.@redirect[38].dest=lan
firewall.@redirect[38].proto=udp
firewall.@redirect[38].src_dport=24360
firewall.@redirect[38].dest_ip=192.168.1.10
firewall.@redirect[38].dest_port=24360
firewall.@redirect[38].name=uplay-grfs_6
firewall.@redirect[39]=redirect
firewall.@redirect[39].target=DNAT
firewall.@redirect[39].src=wan
firewall.@redirect[39].dest=lan
firewall.@redirect[39].proto=tcp udp
firewall.@redirect[39].src_dport=3659
firewall.@redirect[39].dest_ip=192.168.1.10
firewall.@redirect[39].dest_port=3659
firewall.@redirect[39].name=origin-ds3_1
firewall.@redirect[40]=redirect
firewall.@redirect[40].target=DNAT
firewall.@redirect[40].src=wan
firewall.@redirect[40].dest=lan
firewall.@redirect[40].proto=tcp udp
firewall.@redirect[40].src_dport=9999
firewall.@redirect[40].dest_ip=192.168.1.10
firewall.@redirect[40].dest_port=9999
firewall.@redirect[40].name=origin-ds3_2
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood=1
firewall.@defaults[0].input=ACCEPT
firewall.@defaults[0].output=ACCEPT
firewall.@defaults[0].forward=ACCEPT
firewall.@zone[0]=zone
firewall.@zone[0].name=lan
firewall.@zone[0].input=ACCEPT
firewall.@zone[0].output=ACCEPT
firewall.@zone[0].forward=ACCEPT
firewall.@zone[0].network=lan
firewall.@zone[1]=zone
firewall.@zone[1].name=wan
firewall.@zone[1].masq=1
firewall.@zone[1].mtu_fix=1
firewall.@zone[1].network=wan
firewall.@zone[1].output=ACCEPT
firewall.@zone[1].forward=ACCEPT
firewall.@zone[1].input=DROP
firewall.@rule[0]=rule
firewall.@rule[0].name=Allow-DHCP-Renew
firewall.@rule[0].src=wan
firewall.@rule[0].proto=udp
firewall.@rule[0].dest_port=68
firewall.@rule[0].target=ACCEPT
firewall.@rule[0].family=ipv4
firewall.@rule[1]=rule
firewall.@rule[1].name=Allow-Ping
firewall.@rule[1].src=wan
firewall.@rule[1].proto=icmp
firewall.@rule[1].icmp_type=echo-request
firewall.@rule[1].family=ipv4
firewall.@rule[1].target=ACCEPT
firewall.@rule[2]=rule
firewall.@rule[2].name=Allow-DHCPv6
firewall.@rule[2].src=wan
firewall.@rule[2].proto=udp
firewall.@rule[2].src_ip=fe80::/10
firewall.@rule[2].src_port=547
firewall.@rule[2].dest_ip=fe80::/10
firewall.@rule[2].dest_port=546
firewall.@rule[2].family=ipv6
firewall.@rule[2].target=ACCEPT
firewall.@rule[3]=rule
firewall.@rule[3].name=Allow-ICMPv6-Input
firewall.@rule[3].src=wan
firewall.@rule[3].proto=icmp
firewall.@rule[3].icmp_type=echo-request echo-reply destination-unreachable packet-too-big time-exceeded bad-header unknown-header-type router-solicitation neighbour-solicitation router-advertisement neighbour-advertisement
firewall.@rule[3].limit=1000/sec
firewall.@rule[3].family=ipv6
firewall.@rule[3].target=ACCEPT
firewall.@rule[4]=rule
firewall.@rule[4].name=Allow-ICMPv6-Forward
firewall.@rule[4].src=wan
firewall.@rule[4].dest=*
firewall.@rule[4].proto=icmp
firewall.@rule[4].icmp_type=echo-request echo-reply destination-unreachable packet-too-big time-exceeded bad-header unknown-header-type
firewall.@rule[4].limit=1000/sec
firewall.@rule[4].family=ipv6
firewall.@rule[4].target=ACCEPT
firewall.@include[0]=include
firewall.@include[0].path=/etc/firewall.user
firewall.miniupnpd=include
firewall.miniupnpd.type=script
firewall.miniupnpd.path=/usr/share/miniupnpd/firewall.include
firewall.miniupnpd.family=IPv4
firewall.miniupnpd.reload=1
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].dest=lan
firewall.@forwarding[0].src=wan
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].dest=wan
firewall.@forwarding[1].src=lan

48

(20 odpowiedzi, napisanych Oprogramowanie / Software)

Żebym jeszcze wiedział jak. Przejrzałem reguły które dodawałem do Firewalla i w żadnej nie ma portu 53. Wrzucam paczkę ze screenami z ustawień jakie mam w DHCP i Firewallu może coś tam mam pokiełbaszonego. Nie chciałbym ponownie resetować ustawień i wszystkiego klepać od nowa sad

49

(20 odpowiedzi, napisanych Oprogramowanie / Software)

Witajcie,
Mam TP-Linka TL-WDR4300 v1, wrzuciłem na niego OpenWrt Attitude Adjustment 12.09.1 / LuCI 0.11 Branch (0.11+svn9933) i wszystko działa jak ta lala ale jest mały problem. W sieci lokalnej oprócz 2 kompów działa NAS od QNAPa na którym lata sobie serwer www (domyślnie na porcie 80) oraz FTP (26). Wszystko do pewnego czasu działało pięknie aż nie dostałem maila od swojego ISP że z mojego IP przeprowadzony był atak DDoS. W mailu był także link do strony http://openresolverproject.org/ sprawdziłem i faktycznie moje IP jest u nich w bazie. Co prędzej rzuciłem się w stronę Gibsona żeby sprawdzić czy faktycznie mam otwarty port 53 (odpytania DNS) - o zgrozo był otwarty. Jedyne co mi pozostało to reset ustawień do domyślnych i ponowne skanowanie portów. Oczywiście to pomogło, port 53 w skanie wyszedł zablokowany i sprawa ucichła.
Przekierowałem w międzyczasie potrzebne mi porty (steam plus kilka serwerów gier które uruchamiam u siebie) i zostawiłem router własnemu życiu. Ostatnio gdy chciałem pokazać znajomemu statystyki z gry, wklepałem swój adres (hostowany na dyn.com) i nie zadziałało - szybkie sprawdzenie i nazwa hosta po raz kolejny wyparowała z dyn.com, dodałem ją i wszystko ruszyło, ale znowu pojawił sie otwarty port 53 w teście ShieldsUP! Nie mam już bladego pojęcia co z tym zrobić, na chwilę obecną w ustawieniach Firewalla zmieniłem aby wszelkie przychodzące zapytania z WAN zostały dropnięte - oczywiście to pomaga, ale nie mam dostępu do strony poza siecią LAN a nie o to chodzi. Może jest jakiś sposób by to skonfigurować poprawnie?
Czekam na porady co z tym fantem zrobić, jak ustawić Firewall żeby to działało oraz żeby router zgłaszał co jakiś czas IP (IP mam stałe)do dyn.com bo po niecałych 2 tygodniach hostname znika z powodu braku aktualizacji i muszę to ręcznie wklepywać u nich.
Pozdrawiam

50

(8 odpowiedzi, napisanych Oprogramowanie / Software)

Korzystałem z tego narzędzia https://www.grc.com/x/ne.dll?bh0bkyd2 A wracając do portów to już wszystko ok, wgranie AA pomogło i poprawnie teraz przekierowuje porty. Dzięki za pomoc, temat do zamknięcia smile