Ok wsio paniatna, zainstaluje i spróbuje to ustawić ale tak jak patrze to to już sie robi czarna magia dla mnie zwłaszcza rozszyfrowywanie ip dla każdego urządzenia. Ale co tam spróbuje, nic nie tracę oprócz czasu ![]()
Strony Poprzednia 1 2 3 Następna
Nie jesteś zalogowany. Proszę się zalogować lub zarejestrować.
eko.one.pl → Posty przez copernic_us
Strony Poprzednia 1 2 3 Następna
Ok wsio paniatna, zainstaluje i spróbuje to ustawić ale tak jak patrze to to już sie robi czarna magia dla mnie zwłaszcza rozszyfrowywanie ip dla każdego urządzenia. Ale co tam spróbuje, nic nie tracę oprócz czasu ![]()
Ok czyli mam jeszcze zainstalować server dhcp6s czy klienta bo samego pliku nie widzę u siebie.
@up W końcu poszło, radvd rozgłasza co trzeba, nawet VPN działa. Jedno co wkurza to brak dzierżaw ipv6 w LuCi. Za licho nie wiem też jak przypisać adresy ipv6 do urządzeń sieciowych które mam. Może jakieś info jak to ugryźć??
Zaraz sprawdzę. Co do poradnika - fakt korzystałem z niego ale jak zobaczyłem przypis że nie działa z AA powyżej 12,09 to wywaliłem praktycznie wszystko co było to zainstalowania i szukałem dalej w necie czegoś aktualniejszego. Ale z BB i HE praktycznie nie ma kompletnego poradnika jak to skonfigurować, biorąc jeszcze poprawkę na to by VPN działał.
radvd
config interface
option interface 'lan'
option AdvSendAdvert 1
option AdvManagedFlag 0
option AdvOtherConfigFlag 0
list client ''
option ignore 1
config prefix
option interface 'lan'
# If not specified, a non-link-local prefix of the interface is used
list prefix ''
option AdvOnLink 1
option AdvAutonomous 1
option AdvRouterAddr 0
option ignore 1
config route
option interface 'lan'
list prefix ''
option ignore 1
config rdnss
option interface 'lan'
# If not specified, the link-local address of the interface is used
list addr ''
option ignore 1
config dnssl
option interface 'lan'
list suffix ''
option ignore 1dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonegcache '1'
option strictorder '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option ra 'server'
option dhcpv6 'relay'
option ra_default '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config host
option name 'INTEL'
option mac ''
option ip '192.168.1.10'
config host
option name 'QNAP'
option mac ''
option ip ''
config host
option mac ''
option ip ''
option name ''
config host
option mac ''
option ip ''
option name '_J'
config host
option mac ''
option ip ''
option name 'ASUS'
config host
option name 'PS3'
option mac ''
option ip ''dhcp6s nie mam i pliku conf do niego także
@Up - sorry literówka w pefixie, było xz
Dopisałem też to co podałeś i dalej buba.
Na chwilę obecną to:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdc9:7f8a:2436::/48'
config interface 'lan'
option ifname 'eth0.1'
option force_link '1'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6hint '10'
option ip6assign '64'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
config interface 'wan6'
option proto '6in4'
option peeraddr '216.66.80.162'
option ip6addr '2001:470:xx:yy::2/64'
option ip6prefix '2001:470:xx:yy::/64'
option tunnelid 'id'
option username 'nazwa'
option password 'haslo'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0t 2 3 4 5'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0t 1'
config interface 'vpn0'
option ifname 'tun0'
option proto 'none'Co gorsza po odpaleniu IPv6 przestaje mi działać VPN - to pewnie z racji braku przydzielonego IPv6.
Tyle że u mnie nie ma pliku konfiguracyjnego odhcpd. Juz nawet żeby go nie pominąć to przeglądam zasoby routera przez WinSCP. A wide-dhcpv6-server wyrzuciłem bo nic nie pomogła jego instalacja.
@Cezary - no właśnie, niby nieaktualny ten post jest ale do pewnego momentu się zgadza i idzie uruchomić tunel 6in4 na HE i test przechodzi, po tym zaczynają się schody z przypisaniem IP do LANu
@Gruberek - niby wszystko pięknie ładnie ale nie znalazłem tutaj opisu jak to skonfigurować z HE więc kombinowałem z tym co miałem ![]()
Tak przy takich ustawieniach mam dostęp z telefonu (OpenVPN Client z PS) do LANu i mam IP routera (zewnętrzne). Łącze się przez LTE od Orange bezpośrednio do routera i wsio działa ![]()
Jakby trzeba było jakieś zrzuty z konfiguracji to służę wklejkami ![]()
Tak więc odpaliłem IPv6 wg tego poradnika. Test na podanych stronach przechodzę ale za licho nie potrafię ustawić BB żeby dla podpiętych urządzeń (PC, NAS itp) przydzielało adresy z puli IPv6. W sekcji status mam non stop DHCP Leases puste mimo że PC i pozostałe sprzęty IPv6 obsługują. Może ktoś mi wyjaśni jak to spacyfikować i ewentualnie dostroić tak żeby móc ustawić IPv6 na sztywno do konkretnych urządzeń (ofc o ile to jest możliwe).
Mam tylko tak ustawione forwardowanie:
config forwarding
option dest 'lan'
option src 'wan'
config forwarding
option dest 'wan'
option src 'lan'
config zone
option name 'vpn'
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option network 'vpn0'
config forwarding
option src 'vpn'
option dest 'wan'@Bieniu mam ten sam router i też wg teg poradnika VPN odpalałem i wszystko hula. Poniżej fragmenty jakimi różni się mój konfig od Twojego, może to coś pomoże. BTW a przekierowałeś ruch sieciowy z vpn > wan ??
/etc/config/openvpn
option push 'redirect-gateway def1 local'
/etc/config/firewall
config rule
option target 'ACCEPT'
option name 'VPN'
option src 'wan'
option dest_port '1194'
option proto 'tcp udp'
config zone
option name 'vpn'
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option network 'vpn0'
config forwarding
option src 'vpn'
option dest 'wan'Wedle tego czy też GRC mam port 53 zamknięty. Puściłem jeszcze nmap - pełne skanowanie zobaczę co wyjdzie.
Tak, normalnie mi strona hula która jest na QNAPie, ftp także działa. DNS także uaktualnia się poprawnie (a jak był na routerze odpalony to go nie uaktualniało). Mogę nawet linka podać do strony, sam sprawdzałem przez proxy/vpn/tor'a i przez komórkę i za każdym razem mnie łączy.
Proszę.
firewall.@redirect[0]=redirect
firewall.@redirect[0].target=DNAT
firewall.@redirect[0].src=wan
firewall.@redirect[0].dest=lan
firewall.@redirect[0].proto=tcp
firewall.@redirect[0].src_dport=51413
firewall.@redirect[0].dest_ip=192.168.1.30
firewall.@redirect[0].dest_port=51413
firewall.@redirect[0].name=transmission
firewall.@redirect[1]=redirect
firewall.@redirect[1].target=DNAT
firewall.@redirect[1].src=wan
firewall.@redirect[1].dest=lan
firewall.@redirect[1].proto=tcp
firewall.@redirect[1].src_dport=80
firewall.@redirect[1].dest_ip=192.168.1.30
firewall.@redirect[1].dest_port=80
firewall.@redirect[1].name=www
firewall.@redirect[2]=redirect
firewall.@redirect[2].target=DNAT
firewall.@redirect[2].src=wan
firewall.@redirect[2].dest=lan
firewall.@redirect[2].proto=tcp
firewall.@redirect[2].src_dport=26
firewall.@redirect[2].dest_ip=192.168.1.30
firewall.@redirect[2].dest_port=26
firewall.@redirect[2].name=ftp
firewall.@redirect[3]=redirect
firewall.@redirect[3].target=DNAT
firewall.@redirect[3].src=wan
firewall.@redirect[3].dest=lan
firewall.@redirect[3].proto=tcp
firewall.@redirect[3].src_dport=55536-55559
firewall.@redirect[3].dest_ip=192.168.1.30
firewall.@redirect[3].dest_port=55536-55559
firewall.@redirect[3].name=ftp_psv
firewall.@redirect[4]=redirect
firewall.@redirect[4].target=DNAT
firewall.@redirect[4].src=wan
firewall.@redirect[4].dest=lan
firewall.@redirect[4].proto=udp
firewall.@redirect[4].src_dport=1200
firewall.@redirect[4].dest_ip=192.168.1.10
firewall.@redirect[4].dest_port=1200
firewall.@redirect[4].name=steam_1
firewall.@redirect[5]=redirect
firewall.@redirect[5].target=DNAT
firewall.@redirect[5].src=wan
firewall.@redirect[5].dest=lan
firewall.@redirect[5].dest_ip=192.168.1.10
firewall.@redirect[5].name=steam_2
firewall.@redirect[5].proto=tcp udp
firewall.@redirect[5].src_dport=26900-27050
firewall.@redirect[5].dest_port=26900-27050
firewall.@redirect[6]=redirect
firewall.@redirect[6].target=DNAT
firewall.@redirect[6].src=wan
firewall.@redirect[6].dest=lan
firewall.@redirect[6].proto=tcp udp
firewall.@redirect[6].src_dport=3478
firewall.@redirect[6].dest_ip=192.168.1.10
firewall.@redirect[6].dest_port=3478
firewall.@redirect[6].name=steam_3
firewall.@redirect[7]=redirect
firewall.@redirect[7].target=DNAT
firewall.@redirect[7].src=wan
firewall.@redirect[7].dest=lan
firewall.@redirect[7].proto=udp
firewall.@redirect[7].src_dport=4379-4380
firewall.@redirect[7].dest_ip=192.168.1.10
firewall.@redirect[7].dest_port=4379-4380
firewall.@redirect[7].name=steam_4
firewall.@redirect[8]=redirect
firewall.@redirect[8].target=DNAT
firewall.@redirect[8].src=wan
firewall.@redirect[8].dest=lan
firewall.@redirect[8].proto=tcp
firewall.@redirect[8].src_dport=28852
firewall.@redirect[8].dest_ip=192.168.1.10
firewall.@redirect[8].dest_port=28852
firewall.@redirect[8].name=kf_1
firewall.@redirect[9]=redirect
firewall.@redirect[9].target=DNAT
firewall.@redirect[9].src=wan
firewall.@redirect[9].dest=lan
firewall.@redirect[9].src_dport=7707-7708
firewall.@redirect[9].dest_ip=192.168.1.10
firewall.@redirect[9].dest_port=7707-7708
firewall.@redirect[9].name=kf_2
firewall.@redirect[9].proto=tcp udp
firewall.@redirect[10]=redirect
firewall.@redirect[10].target=DNAT
firewall.@redirect[10].src=wan
firewall.@redirect[10].dest=lan
firewall.@redirect[10].proto=udp
firewall.@redirect[10].src_dport=7717
firewall.@redirect[10].dest_ip=192.168.1.10
firewall.@redirect[10].dest_port=7717
firewall.@redirect[10].name=kf_3
firewall.@redirect[11]=redirect
firewall.@redirect[11].target=DNAT
firewall.@redirect[11].src=wan
firewall.@redirect[11].dest=lan
firewall.@redirect[11].proto=udp
firewall.@redirect[11].src_dport=20560
firewall.@redirect[11].dest_ip=192.168.1.10
firewall.@redirect[11].dest_port=20560
firewall.@redirect[11].name=kf_4
firewall.@redirect[12]=redirect
firewall.@redirect[12].target=DNAT
firewall.@redirect[12].src=wan
firewall.@redirect[12].dest=lan
firewall.@redirect[12].proto=tcp udp
firewall.@redirect[12].src_dport=7718
firewall.@redirect[12].dest_ip=192.168.1.10
firewall.@redirect[12].dest_port=7718
firewall.@redirect[12].name=kf_5
firewall.@redirect[13]=redirect
firewall.@redirect[13].target=DNAT
firewall.@redirect[13].src=wan
firewall.@redirect[13].dest=lan
firewall.@redirect[13].proto=tcp
firewall.@redirect[13].src_dport=28852
firewall.@redirect[13].dest_ip=192.168.1.20
firewall.@redirect[13].dest_port=28852
firewall.@redirect[13].name=kf_1_aska
firewall.@redirect[13].enabled=0
firewall.@redirect[14]=redirect
firewall.@redirect[14].target=DNAT
firewall.@redirect[14].src=wan
firewall.@redirect[14].dest=lan
firewall.@redirect[14].proto=udp
firewall.@redirect[14].src_dport=7707-7708
firewall.@redirect[14].dest_ip=192.168.1.20
firewall.@redirect[14].dest_port=7707-7708
firewall.@redirect[14].name=kf_2_aska
firewall.@redirect[14].enabled=0
firewall.@redirect[15]=redirect
firewall.@redirect[15].target=DNAT
firewall.@redirect[15].src=wan
firewall.@redirect[15].dest=lan
firewall.@redirect[15].proto=udp
firewall.@redirect[15].src_dport=7717
firewall.@redirect[15].dest_ip=192.168.1.20
firewall.@redirect[15].dest_port=7717
firewall.@redirect[15].name=kf_3_aska
firewall.@redirect[15].enabled=0
firewall.@redirect[16]=redirect
firewall.@redirect[16].target=DNAT
firewall.@redirect[16].src=wan
firewall.@redirect[16].dest=lan
firewall.@redirect[16].proto=udp
firewall.@redirect[16].src_dport=20560
firewall.@redirect[16].dest_ip=192.168.1.20
firewall.@redirect[16].dest_port=20560
firewall.@redirect[16].name=kf_4_aska
firewall.@redirect[16].enabled=0
firewall.@redirect[17]=redirect
firewall.@redirect[17].target=DNAT
firewall.@redirect[17].src=wan
firewall.@redirect[17].dest=lan
firewall.@redirect[17].proto=tcp
firewall.@redirect[17].src_dport=8777
firewall.@redirect[17].dest_ip=192.168.1.10
firewall.@redirect[17].dest_port=8777
firewall.@redirect[17].name=ut_1
firewall.@redirect[18]=redirect
firewall.@redirect[18].target=DNAT
firewall.@redirect[18].src=wan
firewall.@redirect[18].dest=lan
firewall.@redirect[18].proto=tcp
firewall.@redirect[18].src_dport=9777
firewall.@redirect[18].dest_ip=192.168.1.10
firewall.@redirect[18].dest_port=9777
firewall.@redirect[18].name=ut_2
firewall.@redirect[19]=redirect
firewall.@redirect[19].target=DNAT
firewall.@redirect[19].src=wan
firewall.@redirect[19].dest=lan
firewall.@redirect[19].proto=tcp udp
firewall.@redirect[19].src_dport=7777-7788
firewall.@redirect[19].dest_ip=192.168.1.10
firewall.@redirect[19].dest_port=7777-7788
firewall.@redirect[19].name=ut_3
firewall.@redirect[20]=redirect
firewall.@redirect[20].target=DNAT
firewall.@redirect[20].src=wan
firewall.@redirect[20].dest=lan
firewall.@redirect[20].proto=tcp udp
firewall.@redirect[20].src_dport=27900
firewall.@redirect[20].dest_ip=192.168.1.10
firewall.@redirect[20].dest_port=27900
firewall.@redirect[20].name=ut_4
firewall.@redirect[21]=redirect
firewall.@redirect[21].target=DNAT
firewall.@redirect[21].src=wan
firewall.@redirect[21].dest=lan
firewall.@redirect[21].proto=tcp udp
firewall.@redirect[21].src_dport=42292
firewall.@redirect[21].dest_ip=192.168.1.10
firewall.@redirect[21].dest_port=42292
firewall.@redirect[21].name=ut_5
firewall.@redirect[22]=redirect
firewall.@redirect[22].target=DNAT
firewall.@redirect[22].src=wan
firewall.@redirect[22].dest=lan
firewall.@redirect[22].src_dport=13000
firewall.@redirect[22].dest_ip=192.168.1.10
firewall.@redirect[22].dest_port=13000
firewall.@redirect[22].name=ut_6-uplay
firewall.@redirect[22].proto=tcp udp
firewall.@redirect[23]=redirect
firewall.@redirect[23].target=DNAT
firewall.@redirect[23].src=wan
firewall.@redirect[23].dest=lan
firewall.@redirect[23].proto=tcp udp
firewall.@redirect[23].src_dport=6500
firewall.@redirect[23].dest_ip=192.168.1.10
firewall.@redirect[23].dest_port=6500
firewall.@redirect[23].name=ut_7-gsarcade
firewall.@redirect[24]=redirect
firewall.@redirect[24].target=DNAT
firewall.@redirect[24].src=wan
firewall.@redirect[24].dest=lan
firewall.@redirect[24].proto=tcp
firewall.@redirect[24].src_dport=13005
firewall.@redirect[24].dest_ip=192.168.1.10
firewall.@redirect[24].dest_port=13005
firewall.@redirect[24].name=uplay_1
firewall.@redirect[25]=redirect
firewall.@redirect[25].target=DNAT
firewall.@redirect[25].src=wan
firewall.@redirect[25].dest=lan
firewall.@redirect[25].proto=tcp
firewall.@redirect[25].src_dport=13200
firewall.@redirect[25].dest_ip=192.168.1.10
firewall.@redirect[25].dest_port=13200
firewall.@redirect[25].name=uplay_2
firewall.@redirect[26]=redirect
firewall.@redirect[26].target=DNAT
firewall.@redirect[26].src=wan
firewall.@redirect[26].dest=lan
firewall.@redirect[26].proto=tcp udp
firewall.@redirect[26].src_dport=6515
firewall.@redirect[26].dest_ip=192.168.1.10
firewall.@redirect[26].dest_port=6515
firewall.@redirect[26].name=gs-arcade_1
firewall.@redirect[27]=redirect
firewall.@redirect[27].target=DNAT
firewall.@redirect[27].src=wan
firewall.@redirect[27].dest=lan
firewall.@redirect[27].proto=tcp udp
firewall.@redirect[27].src_dport=13139
firewall.@redirect[27].dest_ip=192.168.1.10
firewall.@redirect[27].dest_port=13139
firewall.@redirect[27].name=gs-arcade_2
firewall.@redirect[28]=redirect
firewall.@redirect[28].target=DNAT
firewall.@redirect[28].src=wan
firewall.@redirect[28].dest=lan
firewall.@redirect[28].proto=tcp
firewall.@redirect[28].src_dport=6667
firewall.@redirect[28].dest_ip=192.168.1.10
firewall.@redirect[28].dest_port=6667
firewall.@redirect[28].name=gs-arcade_3
firewall.@redirect[29]=redirect
firewall.@redirect[29].target=DNAT
firewall.@redirect[29].src=wan
firewall.@redirect[29].dest=lan
firewall.@redirect[29].proto=tcp
firewall.@redirect[29].dest_ip=192.168.1.10
firewall.@redirect[29].name=gs-arcade_4
firewall.@redirect[29].src_dport=28900-28910
firewall.@redirect[29].dest_port=28900-28910
firewall.@redirect[30]=redirect
firewall.@redirect[30].target=DNAT
firewall.@redirect[30].src=wan
firewall.@redirect[30].dest=lan
firewall.@redirect[30].proto=tcp
firewall.@redirect[30].src_dport=3783
firewall.@redirect[30].dest_ip=192.168.1.10
firewall.@redirect[30].dest_port=3783
firewall.@redirect[30].name=gs-arcade_5
firewall.@redirect[31]=redirect
firewall.@redirect[31].target=DNAT
firewall.@redirect[31].src=wan
firewall.@redirect[31].dest=lan
firewall.@redirect[31].proto=tcp
firewall.@redirect[31].src_dport=29900-29901
firewall.@redirect[31].dest_ip=192.168.1.10
firewall.@redirect[31].dest_port=29900-29901
firewall.@redirect[31].name=gs-arcade_6
firewall.@redirect[32]=redirect
firewall.@redirect[32].target=DNAT
firewall.@redirect[32].src=wan
firewall.@redirect[32].dest=lan
firewall.@redirect[32].proto=udp
firewall.@redirect[32].src_dport=8871
firewall.@redirect[32].dest_ip=192.168.1.10
firewall.@redirect[32].dest_port=8871
firewall.@redirect[32].name=gs_1
firewall.@redirect[33]=redirect
firewall.@redirect[33].target=DNAT
firewall.@redirect[33].src=wan
firewall.@redirect[33].dest=lan
firewall.@redirect[33].proto=tcp
firewall.@redirect[33].src_dport=1001-1002
firewall.@redirect[33].dest_ip=192.168.1.10
firewall.@redirect[33].dest_port=1001-1002
firewall.@redirect[33].name=uplay-grfs_1
firewall.@redirect[34]=redirect
firewall.@redirect[34].target=DNAT
firewall.@redirect[34].src=wan
firewall.@redirect[34].dest=lan
firewall.@redirect[34].proto=tcp udp
firewall.@redirect[34].src_dport=2348-2348
firewall.@redirect[34].dest_ip=192.168.1.10
firewall.@redirect[34].dest_port=2348-2348
firewall.@redirect[34].name=uplay-grfs_2
firewall.@redirect[35]=redirect
firewall.@redirect[35].target=DNAT
firewall.@redirect[35].src=wan
firewall.@redirect[35].dest=lan
firewall.@redirect[35].proto=udp
firewall.@redirect[35].src_dport=10007
firewall.@redirect[35].dest_ip=192.168.1.10
firewall.@redirect[35].dest_port=10007
firewall.@redirect[35].name=uplay-grfs_3
firewall.@redirect[36]=redirect
firewall.@redirect[36].target=DNAT
firewall.@redirect[36].src=wan
firewall.@redirect[36].dest=lan
firewall.@redirect[36].proto=udp
firewall.@redirect[36].src_dport=15765
firewall.@redirect[36].dest_ip=192.168.1.10
firewall.@redirect[36].dest_port=15765
firewall.@redirect[36].name=uplay-grfs_4
firewall.@redirect[37]=redirect
firewall.@redirect[37].target=DNAT
firewall.@redirect[37].src=wan
firewall.@redirect[37].dest=lan
firewall.@redirect[37].proto=udp
firewall.@redirect[37].src_dport=24340
firewall.@redirect[37].dest_ip=192.168.1.10
firewall.@redirect[37].dest_port=24340
firewall.@redirect[37].name=uplay-grfs_5
firewall.@redirect[38]=redirect
firewall.@redirect[38].target=DNAT
firewall.@redirect[38].src=wan
firewall.@redirect[38].dest=lan
firewall.@redirect[38].proto=udp
firewall.@redirect[38].src_dport=24360
firewall.@redirect[38].dest_ip=192.168.1.10
firewall.@redirect[38].dest_port=24360
firewall.@redirect[38].name=uplay-grfs_6
firewall.@redirect[39]=redirect
firewall.@redirect[39].target=DNAT
firewall.@redirect[39].src=wan
firewall.@redirect[39].dest=lan
firewall.@redirect[39].proto=tcp udp
firewall.@redirect[39].src_dport=3659
firewall.@redirect[39].dest_ip=192.168.1.10
firewall.@redirect[39].dest_port=3659
firewall.@redirect[39].name=origin-ds3_1
firewall.@redirect[40]=redirect
firewall.@redirect[40].target=DNAT
firewall.@redirect[40].src=wan
firewall.@redirect[40].dest=lan
firewall.@redirect[40].proto=tcp udp
firewall.@redirect[40].src_dport=9999
firewall.@redirect[40].dest_ip=192.168.1.10
firewall.@redirect[40].dest_port=9999
firewall.@redirect[40].name=origin-ds3_2
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood=1
firewall.@defaults[0].input=ACCEPT
firewall.@defaults[0].output=ACCEPT
firewall.@defaults[0].forward=ACCEPT
firewall.@zone[0]=zone
firewall.@zone[0].name=lan
firewall.@zone[0].input=ACCEPT
firewall.@zone[0].output=ACCEPT
firewall.@zone[0].forward=ACCEPT
firewall.@zone[0].network=lan
firewall.@zone[1]=zone
firewall.@zone[1].name=wan
firewall.@zone[1].masq=1
firewall.@zone[1].mtu_fix=1
firewall.@zone[1].network=wan
firewall.@zone[1].output=ACCEPT
firewall.@zone[1].forward=ACCEPT
firewall.@zone[1].input=DROP
firewall.@rule[0]=rule
firewall.@rule[0].name=Allow-DHCP-Renew
firewall.@rule[0].src=wan
firewall.@rule[0].proto=udp
firewall.@rule[0].dest_port=68
firewall.@rule[0].target=ACCEPT
firewall.@rule[0].family=ipv4
firewall.@rule[1]=rule
firewall.@rule[1].src=wan
firewall.@rule[1].proto=icmp
firewall.@rule[1].icmp_type=echo-request
firewall.@rule[1].family=ipv4
firewall.@rule[1].target=DROP
firewall.@rule[1].name=Drop-Ping
firewall.@rule[2]=rule
firewall.@rule[2].name=Allow-DHCPv6
firewall.@rule[2].src=wan
firewall.@rule[2].proto=udp
firewall.@rule[2].src_ip=fe80::/10
firewall.@rule[2].src_port=547
firewall.@rule[2].dest_ip=fe80::/10
firewall.@rule[2].dest_port=546
firewall.@rule[2].family=ipv6
firewall.@rule[2].target=ACCEPT
firewall.@rule[3]=rule
firewall.@rule[3].name=Allow-ICMPv6-Input
firewall.@rule[3].src=wan
firewall.@rule[3].proto=icmp
firewall.@rule[3].icmp_type=echo-request echo-reply destination-unreachable packet-too-big time-exceeded bad-header unknown-header-type router-solicitation neighbour-solicitation router-advertisement neighbour-advertisement
firewall.@rule[3].limit=1000/sec
firewall.@rule[3].family=ipv6
firewall.@rule[3].target=ACCEPT
firewall.@rule[4]=rule
firewall.@rule[4].name=Allow-ICMPv6-Forward
firewall.@rule[4].src=wan
firewall.@rule[4].dest=*
firewall.@rule[4].proto=icmp
firewall.@rule[4].icmp_type=echo-request echo-reply destination-unreachable packet-too-big time-exceeded bad-header unknown-header-type
firewall.@rule[4].limit=1000/sec
firewall.@rule[4].family=ipv6
firewall.@rule[4].target=ACCEPT
firewall.@include[0]=include
firewall.@include[0].path=/etc/firewall.user
firewall.miniupnpd=include
firewall.miniupnpd.type=script
firewall.miniupnpd.path=/usr/share/miniupnpd/firewall.include
firewall.miniupnpd.family=IPv4
firewall.miniupnpd.reload=1
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].dest=lan
firewall.@forwarding[0].src=wan
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].dest=wan
firewall.@forwarding[1].src=lanChodzi Ci o dane z firewalla i z iptables czy o coś innego?
Wczoraj/dziś dla Mnie ostatnio to to samo
. Tak czy siak można ten temat już zamknąć/skasować - przerzuciłem uaktualnianie dns'a na QNAPa i na routerze wyłączyłem ddns-scripts. Do tego zmieniłem kilka opcji w ustawieniach DNS i samym firewallu (wan => lan input ustawione na drop, reszta bez zmian). W teście na grc wyskakują mi porty w trybie stealth ale na stronę mogę wejść i ftp też działa. Zostaje jak jest do momentu kolejnego uaktualnienia, ewentualnie kolejnego maila od dostawcy. Dzięki za pomoc i przepraszam za zamieszanie spowodowane niespójnymi danymi.
Przepraszam bardzo ale od wczoraj trochę sie zmieniło, musiałem wyciąć ruch z zewnątrz bo znów dostałem maila od swojego dostawcy neta i stąd te zmienione dane. Zrozumiem jak nie zechcesz tego sprawdzać czy nawet sobie tym głowy zawracać - najwyżej będę grzebał w google i coś znajdę sensownego żeby pozbyć się tego problemu. Tak czy siak dzięki za okazana do tej pory pomoc i wyrozumiałość.
Przeedytowałem poprzednie posty i wkleiłem najświeższe dane. Co do skryptu firewalla czy też modyfikacji to nie, nic takiego nie używam bo uważam że ten Firewall jest o wiele lepszy niż to co miałem wcześniej w Asusie WL-500gP.
Już wrzucam
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
185K 12M delegate_input all -- any any anywhere anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
145K 118M delegate_forward all -- any any anywhere anywhere
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
3133 814K delegate_output all -- any any anywhere anywhere
Chain delegate_forward (1 references)
pkts bytes target prot opt in out source destination
145K 118M forwarding_rule all -- any any anywhere anywhere /* user chain for forwarding */
142K 118M ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED
2749 144K zone_lan_forward all -- br-lan any anywhere anywhere
403 23260 zone_wan_forward all -- eth0.2 any anywhere anywhere
Chain delegate_input (1 references)
pkts bytes target prot opt in out source destination
464 37614 ACCEPT all -- lo any anywhere anywhere
184K 12M input_rule all -- any any anywhere anywhere /* user chain for input */
2061 327K ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED
4413 196K syn_flood tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
949 89363 zone_lan_input all -- br-lan any anywhere anywhere
179K 11M zone_wan_input all -- eth0.2 any anywhere anywhere
Chain delegate_output (1 references)
pkts bytes target prot opt in out source destination
464 37614 ACCEPT all -- any lo anywhere anywhere
2669 776K output_rule all -- any any anywhere anywhere /* user chain for output */
2342 752K ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED
25 4900 zone_lan_output all -- any br-lan anywhere anywhere
302 19379 zone_wan_output all -- any eth0.2 anywhere anywhere
Chain forwarding_lan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_rule (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_wan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_lan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_wan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output_lan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output_wan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain reject (0 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- any any anywhere anywhere reject-with tcp-reset
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-port-unreachable
Chain syn_flood (1 references)
pkts bytes target prot opt in out source destination
1932 86808 RETURN tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
2481 109K DROP all -- any any anywhere anywhere
Chain zone_lan_dest_ACCEPT (53 references)
pkts bytes target prot opt in out source destination
32 5264 ACCEPT all -- any br-lan anywhere anywhere
Chain zone_lan_forward (1 references)
pkts bytes target prot opt in out source destination
2749 144K forwarding_lan_rule all -- any any anywhere anywhere /* user chain for forwarding */
0 0 zone_lan_dest_ACCEPT tcp -- any any 192.168.1.0/24 QNAP.lan tcp dpt:51413 /* transmission (reflection) */
7 364 zone_lan_dest_ACCEPT tcp -- any any 192.168.1.0/24 QNAP.lan tcp dpt:www /* www (reflection) */
0 0 zone_lan_dest_ACCEPT tcp -- any any 192.168.1.0/24 QNAP.lan tcp dpt:26 /* ftp (reflection) */
0 0 zone_lan_dest_ACCEPT tcp -- any any 192.168.1.0/24 QNAP.lan tcp dpts:55536:55559 /* ftp_psv (reflection) */
0 0 zone_lan_dest_ACCEPT udp -- any any 192.168.1.0/24 INTEL.lan udp dpt:1200 /* steam_1 (reflection) */
0 0 zone_lan_dest_ACCEPT tcp -- any any 192.168.1.0/24 INTEL.lan tcp dpts:26900:27050 /* steam_2 (reflection) */
0 0 zone_lan_dest_ACCEPT udp -- any any 192.168.1.0/24 INTEL.lan udp dpts:26900:27050 /* steam_2 (reflection) */
0 0 zone_lan_dest_ACCEPT tcp -- any any 192.168.1.0/24 INTEL.lan tcp dpt:3478 /* steam_3 (reflection) */
0 0 zone_lan_dest_ACCEPT udp -- any any 192.168.1.0/24 INTEL.lan udp dpt:3478 /* steam_3 (reflection) */
0 0 zone_lan_dest_ACCEPT udp -- any any 192.168.1.0/24 INTEL.lan udp dpts:4379:4380 /* steam_4 (reflection) */
0 0 zone_lan_dest_ACCEPT tcp -- any any 192.168.1.0/24 INTEL.lan tcp dpt:28852 /* kf_1 (reflection) */
0 0 zone_lan_dest_ACCEPT tcp -- any any 192.168.1.0/24 INTEL.lan tcp dpts:7707:7708 /* kf_2 (reflection) */
0 0 zone_lan_dest_ACCEPT udp -- any any 192.168.1.0/24 INTEL.lan udp dpts:7707:7708 /* kf_2 (reflection) */
0 0 zone_lan_dest_ACCEPT udp -- any any 192.168.1.0/24 INTEL.lan udp dpt:7717 /* kf_3 (reflection) */
0 0 zone_lan_dest_ACCEPT udp -- any any 192.168.1.0/24 INTEL.lan udp dpt:20560 /* kf_4 (reflection) */
0 0 zone_lan_dest_ACCEPT tcp -- any any 192.168.1.0/24 INTEL.lan tcp dpt:7718 /* kf_5 (reflection) */
0 0 zone_lan_dest_ACCEPT udp -- any any 192.168.1.0/24 INTEL.lan udp dpt:7718 /* kf_5 (reflection) */
0 0 zone_lan_dest_ACCEPT tcp -- any any 192.168.1.0/24 INTEL.lan tcp dpt:8777 /* ut_1 (reflection) */
0 0 zone_lan_dest_ACCEPT tcp -- any any 192.168.1.0/24 INTEL.lan tcp dpt:9777 /* ut_2 (reflection) */
0 0 zone_lan_dest_ACCEPT tcp -- any any 192.168.1.0/24 INTEL.lan tcp dpts:7777:7788 /* ut_3 (reflection) */
0 0 zone_lan_dest_ACCEPT udp -- any any 192.168.1.0/24 INTEL.lan udp dpts:7777:7788 /* ut_3 (reflection) */
0 0 zone_lan_dest_ACCEPT tcp -- any any 192.168.1.0/24 INTEL.lan tcp dpt:27900 /* ut_4 (reflection) */
0 0 zone_lan_dest_ACCEPT udp -- any any 192.168.1.0/24 INTEL.lan udp dpt:27900 /* ut_4 (reflection) */
0 0 zone_lan_dest_ACCEPT tcp -- any any 192.168.1.0/24 INTEL.lan tcp dpt:42292 /* ut_5 (reflection) */
0 0 zone_lan_dest_ACCEPT udp -- any any 192.168.1.0/24 INTEL.lan udp dpt:42292 /* ut_5 (reflection) */
0 0 zone_lan_dest_ACCEPT tcp -- any any 192.168.1.0/24 INTEL.lan tcp dpt:13000 /* ut_6-uplay (reflection) */
0 0 zone_lan_dest_ACCEPT udp -- any any 192.168.1.0/24 INTEL.lan udp dpt:13000 /* ut_6-uplay (reflection) */
0 0 zone_lan_dest_ACCEPT tcp -- any any 192.168.1.0/24 INTEL.lan tcp dpt:6500 /* ut_7-gsarcade (reflection) */
0 0 zone_lan_dest_ACCEPT udp -- any any 192.168.1.0/24 INTEL.lan udp dpt:6500 /* ut_7-gsarcade (reflection) */
0 0 zone_lan_dest_ACCEPT tcp -- any any 192.168.1.0/24 INTEL.lan tcp dpt:13005 /* uplay_1 (reflection) */
0 0 zone_lan_dest_ACCEPT tcp -- any any 192.168.1.0/24 INTEL.lan tcp dpt:13200 /* uplay_2 (reflection) */
0 0 zone_lan_dest_ACCEPT tcp -- any any 192.168.1.0/24 INTEL.lan tcp dpt:6515 /* gs-arcade_1 (reflection) */
0 0 zone_lan_dest_ACCEPT udp -- any any 192.168.1.0/24 INTEL.lan udp dpt:6515 /* gs-arcade_1 (reflection) */
0 0 zone_lan_dest_ACCEPT tcp -- any any 192.168.1.0/24 INTEL.lan tcp dpt:13139 /* gs-arcade_2 (reflection) */
0 0 zone_lan_dest_ACCEPT udp -- any any 192.168.1.0/24 INTEL.lan udp dpt:13139 /* gs-arcade_2 (reflection) */
0 0 zone_lan_dest_ACCEPT tcp -- any any 192.168.1.0/24 INTEL.lan tcp dpt:ircd /* gs-arcade_3 (reflection) */
0 0 zone_lan_dest_ACCEPT tcp -- any any 192.168.1.0/24 INTEL.lan tcp dpts:28900:28910 /* gs-arcade_4 (reflection) */
0 0 zone_lan_dest_ACCEPT tcp -- any any 192.168.1.0/24 INTEL.lan tcp dpt:3783 /* gs-arcade_5 (reflection) */
0 0 zone_lan_dest_ACCEPT tcp -- any any 192.168.1.0/24 INTEL.lan tcp dpts:29900:29901 /* gs-arcade_6 (reflection) */
0 0 zone_lan_dest_ACCEPT udp -- any any 192.168.1.0/24 INTEL.lan udp dpt:8871 /* gs_1 (reflection) */
0 0 zone_lan_dest_ACCEPT tcp -- any any 192.168.1.0/24 INTEL.lan tcp dpts:1001:1002 /* uplay-grfs_1 (reflection) */
0 0 zone_lan_dest_ACCEPT tcp -- any any 192.168.1.0/24 INTEL.lan tcp dpt:2348 /* uplay-grfs_2 (reflection) */
0 0 zone_lan_dest_ACCEPT udp -- any any 192.168.1.0/24 INTEL.lan udp dpt:2348 /* uplay-grfs_2 (reflection) */
0 0 zone_lan_dest_ACCEPT udp -- any any 192.168.1.0/24 INTEL.lan udp dpt:10007 /* uplay-grfs_3 (reflection) */
0 0 zone_lan_dest_ACCEPT udp -- any any 192.168.1.0/24 INTEL.lan udp dpt:15765 /* uplay-grfs_4 (reflection) */
0 0 zone_lan_dest_ACCEPT udp -- any any 192.168.1.0/24 INTEL.lan udp dpt:24340 /* uplay-grfs_5 (reflection) */
0 0 zone_lan_dest_ACCEPT udp -- any any 192.168.1.0/24 INTEL.lan udp dpt:24360 /* uplay-grfs_6 (reflection) */
0 0 zone_lan_dest_ACCEPT tcp -- any any 192.168.1.0/24 INTEL.lan tcp dpt:3659 /* origin-ds3_1 (reflection) */
0 0 zone_lan_dest_ACCEPT udp -- any any 192.168.1.0/24 INTEL.lan udp dpt:3659 /* origin-ds3_1 (reflection) */
0 0 zone_lan_dest_ACCEPT tcp -- any any 192.168.1.0/24 INTEL.lan tcp dpt:9999 /* origin-ds3_2 (reflection) */
0 0 zone_lan_dest_ACCEPT udp -- any any 192.168.1.0/24 INTEL.lan udp dpt:9999 /* origin-ds3_2 (reflection) */
2742 143K zone_wan_dest_ACCEPT all -- any any anywhere anywhere /* forwarding lan -> wan */
0 0 zone_lan_src_ACCEPT all -- any any anywhere anywhere
Chain zone_lan_input (1 references)
pkts bytes target prot opt in out source destination
949 89363 input_lan_rule all -- any any anywhere anywhere /* user chain for input */
949 89363 zone_lan_src_ACCEPT all -- any any anywhere anywhere
Chain zone_lan_output (1 references)
pkts bytes target prot opt in out source destination
25 4900 output_lan_rule all -- any any anywhere anywhere /* user chain for output */
25 4900 zone_lan_dest_ACCEPT all -- any any anywhere anywhere
Chain zone_lan_src_ACCEPT (2 references)
pkts bytes target prot opt in out source destination
949 89363 ACCEPT all -- br-lan any anywhere anywhere
Chain zone_wan_dest_ACCEPT (2 references)
pkts bytes target prot opt in out source destination
3044 163K ACCEPT all -- any eth0.2 anywhere anywhere
Chain zone_wan_forward (1 references)
pkts bytes target prot opt in out source destination
403 23260 forwarding_wan_rule all -- any any anywhere anywhere /* user chain for forwarding */
365 21412 ACCEPT tcp -- any any anywhere QNAP.lan tcp dpt:51413 /* transmission */
6 320 ACCEPT tcp -- any any anywhere QNAP.lan tcp dpt:www /* www */
2 104 ACCEPT tcp -- any any anywhere QNAP.lan tcp dpt:26 /* ftp */
0 0 ACCEPT tcp -- any any anywhere QNAP.lan tcp dpts:55536:55559 /* ftp_psv */
0 0 ACCEPT udp -- any any anywhere INTEL.lan udp dpt:1200 /* steam_1 */
0 0 ACCEPT tcp -- any any anywhere INTEL.lan tcp dpts:26900:27050 /* steam_2 */
0 0 ACCEPT udp -- any any anywhere INTEL.lan udp dpts:26900:27050 /* steam_2 */
0 0 ACCEPT tcp -- any any anywhere INTEL.lan tcp dpt:3478 /* steam_3 */
0 0 ACCEPT udp -- any any anywhere INTEL.lan udp dpt:3478 /* steam_3 */
0 0 ACCEPT udp -- any any anywhere INTEL.lan udp dpts:4379:4380 /* steam_4 */
6 360 ACCEPT tcp -- any any anywhere INTEL.lan tcp dpt:28852 /* kf_1 */
6 360 ACCEPT tcp -- any any anywhere INTEL.lan tcp dpts:7707:7708 /* kf_2 */
0 0 ACCEPT udp -- any any anywhere INTEL.lan udp dpts:7707:7708 /* kf_2 */
10 352 ACCEPT udp -- any any anywhere INTEL.lan udp dpt:7717 /* kf_3 */
0 0 ACCEPT udp -- any any anywhere INTEL.lan udp dpt:20560 /* kf_4 */
0 0 ACCEPT tcp -- any any anywhere INTEL.lan tcp dpt:7718 /* kf_5 */
0 0 ACCEPT udp -- any any anywhere INTEL.lan udp dpt:7718 /* kf_5 */
0 0 ACCEPT tcp -- any any anywhere INTEL.lan tcp dpt:8777 /* ut_1 */
0 0 ACCEPT tcp -- any any anywhere INTEL.lan tcp dpt:9777 /* ut_2 */
0 0 ACCEPT tcp -- any any anywhere INTEL.lan tcp dpts:7777:7788 /* ut_3 */
0 0 ACCEPT udp -- any any anywhere INTEL.lan udp dpts:7777:7788 /* ut_3 */
0 0 ACCEPT tcp -- any any anywhere INTEL.lan tcp dpt:27900 /* ut_4 */
0 0 ACCEPT udp -- any any anywhere INTEL.lan udp dpt:27900 /* ut_4 */
0 0 ACCEPT tcp -- any any anywhere INTEL.lan tcp dpt:42292 /* ut_5 */
0 0 ACCEPT udp -- any any anywhere INTEL.lan udp dpt:42292 /* ut_5 */
0 0 ACCEPT tcp -- any any anywhere INTEL.lan tcp dpt:13000 /* ut_6-uplay */
0 0 ACCEPT udp -- any any anywhere INTEL.lan udp dpt:13000 /* ut_6-uplay */
0 0 ACCEPT tcp -- any any anywhere INTEL.lan tcp dpt:6500 /* ut_7-gsarcade */
0 0 ACCEPT udp -- any any anywhere INTEL.lan udp dpt:6500 /* ut_7-gsarcade */
0 0 ACCEPT tcp -- any any anywhere INTEL.lan tcp dpt:13005 /* uplay_1 */
0 0 ACCEPT tcp -- any any anywhere INTEL.lan tcp dpt:13200 /* uplay_2 */
0 0 ACCEPT tcp -- any any anywhere INTEL.lan tcp dpt:6515 /* gs-arcade_1 */
0 0 ACCEPT udp -- any any anywhere INTEL.lan udp dpt:6515 /* gs-arcade_1 */
0 0 ACCEPT tcp -- any any anywhere INTEL.lan tcp dpt:13139 /* gs-arcade_2 */
0 0 ACCEPT udp -- any any anywhere INTEL.lan udp dpt:13139 /* gs-arcade_2 */
0 0 ACCEPT tcp -- any any anywhere INTEL.lan tcp dpt:ircd /* gs-arcade_3 */
0 0 ACCEPT tcp -- any any anywhere INTEL.lan tcp dpts:28900:28910 /* gs-arcade_4 */
0 0 ACCEPT tcp -- any any anywhere INTEL.lan tcp dpt:3783 /* gs-arcade_5 */
0 0 ACCEPT tcp -- any any anywhere INTEL.lan tcp dpts:29900:29901 /* gs-arcade_6 */
0 0 ACCEPT udp -- any any anywhere INTEL.lan udp dpt:8871 /* gs_1 */
8 352 ACCEPT tcp -- any any anywhere INTEL.lan tcp dpts:1001:1002 /* uplay-grfs_1 */
0 0 ACCEPT tcp -- any any anywhere INTEL.lan tcp dpt:2348 /* uplay-grfs_2 */
0 0 ACCEPT udp -- any any anywhere INTEL.lan udp dpt:2348 /* uplay-grfs_2 */
0 0 ACCEPT udp -- any any anywhere INTEL.lan udp dpt:10007 /* uplay-grfs_3 */
0 0 ACCEPT udp -- any any anywhere INTEL.lan udp dpt:15765 /* uplay-grfs_4 */
0 0 ACCEPT udp -- any any anywhere INTEL.lan udp dpt:24340 /* uplay-grfs_5 */
0 0 ACCEPT udp -- any any anywhere INTEL.lan udp dpt:24360 /* uplay-grfs_6 */
0 0 ACCEPT tcp -- any any anywhere INTEL.lan tcp dpt:3659 /* origin-ds3_1 */
0 0 ACCEPT udp -- any any anywhere INTEL.lan udp dpt:3659 /* origin-ds3_1 */
0 0 ACCEPT tcp -- any any anywhere INTEL.lan tcp dpt:9999 /* origin-ds3_2 */
0 0 ACCEPT udp -- any any anywhere INTEL.lan udp dpt:9999 /* origin-ds3_2 */
0 0 zone_lan_dest_ACCEPT all -- any any anywhere anywhere /* forwarding wan -> lan */
0 0 zone_wan_src_ACCEPT all -- any any anywhere anywhere
Chain zone_wan_input (1 references)
pkts bytes target prot opt in out source destination
179K 11M input_wan_rule all -- any any anywhere anywhere /* user chain for input */
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:bootpc /* Allow-DHCP-Renew */
3 92 ACCEPT icmp -- any any anywhere anywhere icmp echo-request /* Allow-Ping */
179K 11M zone_wan_src_DROP all -- any any anywhere anywhere
Chain zone_wan_output (1 references)
pkts bytes target prot opt in out source destination
302 19379 output_wan_rule all -- any any anywhere anywhere /* user chain for output */
302 19379 zone_wan_dest_ACCEPT all -- any any anywhere anywhere
Chain zone_wan_src_ACCEPT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- eth0.2 any anywhere anywhere
Chain zone_wan_src_DROP (1 references)
pkts bytes target prot opt in out source destination
179K 11M DROP all -- eth0.2 any anywhere anywhere Nie wiedziałem że tak można zrobić ![]()
firewall.@redirect[0]=redirect
firewall.@redirect[0].target=DNAT
firewall.@redirect[0].src=wan
firewall.@redirect[0].dest=lan
firewall.@redirect[0].proto=tcp
firewall.@redirect[0].src_dport=51413
firewall.@redirect[0].dest_ip=192.168.1.30
firewall.@redirect[0].dest_port=51413
firewall.@redirect[0].name=transmission
firewall.@redirect[1]=redirect
firewall.@redirect[1].target=DNAT
firewall.@redirect[1].src=wan
firewall.@redirect[1].dest=lan
firewall.@redirect[1].proto=tcp
firewall.@redirect[1].src_dport=80
firewall.@redirect[1].dest_ip=192.168.1.30
firewall.@redirect[1].dest_port=80
firewall.@redirect[1].name=www
firewall.@redirect[2]=redirect
firewall.@redirect[2].target=DNAT
firewall.@redirect[2].src=wan
firewall.@redirect[2].dest=lan
firewall.@redirect[2].proto=tcp
firewall.@redirect[2].src_dport=26
firewall.@redirect[2].dest_ip=192.168.1.30
firewall.@redirect[2].dest_port=26
firewall.@redirect[2].name=ftp
firewall.@redirect[3]=redirect
firewall.@redirect[3].target=DNAT
firewall.@redirect[3].src=wan
firewall.@redirect[3].dest=lan
firewall.@redirect[3].proto=tcp
firewall.@redirect[3].src_dport=55536-55559
firewall.@redirect[3].dest_ip=192.168.1.30
firewall.@redirect[3].dest_port=55536-55559
firewall.@redirect[3].name=ftp_psv
firewall.@redirect[4]=redirect
firewall.@redirect[4].target=DNAT
firewall.@redirect[4].src=wan
firewall.@redirect[4].dest=lan
firewall.@redirect[4].proto=udp
firewall.@redirect[4].src_dport=1200
firewall.@redirect[4].dest_ip=192.168.1.10
firewall.@redirect[4].dest_port=1200
firewall.@redirect[4].name=steam_1
firewall.@redirect[5]=redirect
firewall.@redirect[5].target=DNAT
firewall.@redirect[5].src=wan
firewall.@redirect[5].dest=lan
firewall.@redirect[5].dest_ip=192.168.1.10
firewall.@redirect[5].name=steam_2
firewall.@redirect[5].proto=tcp udp
firewall.@redirect[5].src_dport=26900-27050
firewall.@redirect[5].dest_port=26900-27050
firewall.@redirect[6]=redirect
firewall.@redirect[6].target=DNAT
firewall.@redirect[6].src=wan
firewall.@redirect[6].dest=lan
firewall.@redirect[6].proto=tcp udp
firewall.@redirect[6].src_dport=3478
firewall.@redirect[6].dest_ip=192.168.1.10
firewall.@redirect[6].dest_port=3478
firewall.@redirect[6].name=steam_3
firewall.@redirect[7]=redirect
firewall.@redirect[7].target=DNAT
firewall.@redirect[7].src=wan
firewall.@redirect[7].dest=lan
firewall.@redirect[7].proto=udp
firewall.@redirect[7].src_dport=4379-4380
firewall.@redirect[7].dest_ip=192.168.1.10
firewall.@redirect[7].dest_port=4379-4380
firewall.@redirect[7].name=steam_4
firewall.@redirect[8]=redirect
firewall.@redirect[8].target=DNAT
firewall.@redirect[8].src=wan
firewall.@redirect[8].dest=lan
firewall.@redirect[8].proto=tcp
firewall.@redirect[8].src_dport=28852
firewall.@redirect[8].dest_ip=192.168.1.10
firewall.@redirect[8].dest_port=28852
firewall.@redirect[8].name=kf_1
firewall.@redirect[9]=redirect
firewall.@redirect[9].target=DNAT
firewall.@redirect[9].src=wan
firewall.@redirect[9].dest=lan
firewall.@redirect[9].src_dport=7707-7708
firewall.@redirect[9].dest_ip=192.168.1.10
firewall.@redirect[9].dest_port=7707-7708
firewall.@redirect[9].name=kf_2
firewall.@redirect[9].proto=tcp udp
firewall.@redirect[10]=redirect
firewall.@redirect[10].target=DNAT
firewall.@redirect[10].src=wan
firewall.@redirect[10].dest=lan
firewall.@redirect[10].proto=udp
firewall.@redirect[10].src_dport=7717
firewall.@redirect[10].dest_ip=192.168.1.10
firewall.@redirect[10].dest_port=7717
firewall.@redirect[10].name=kf_3
firewall.@redirect[11]=redirect
firewall.@redirect[11].target=DNAT
firewall.@redirect[11].src=wan
firewall.@redirect[11].dest=lan
firewall.@redirect[11].proto=udp
firewall.@redirect[11].src_dport=20560
firewall.@redirect[11].dest_ip=192.168.1.10
firewall.@redirect[11].dest_port=20560
firewall.@redirect[11].name=kf_4
firewall.@redirect[12]=redirect
firewall.@redirect[12].target=DNAT
firewall.@redirect[12].src=wan
firewall.@redirect[12].dest=lan
firewall.@redirect[12].proto=tcp udp
firewall.@redirect[12].src_dport=7718
firewall.@redirect[12].dest_ip=192.168.1.10
firewall.@redirect[12].dest_port=7718
firewall.@redirect[12].name=kf_5
firewall.@redirect[13]=redirect
firewall.@redirect[13].target=DNAT
firewall.@redirect[13].src=wan
firewall.@redirect[13].dest=lan
firewall.@redirect[13].proto=tcp
firewall.@redirect[13].src_dport=28852
firewall.@redirect[13].dest_ip=192.168.1.20
firewall.@redirect[13].dest_port=28852
firewall.@redirect[13].name=kf_1_aska
firewall.@redirect[13].enabled=0
firewall.@redirect[14]=redirect
firewall.@redirect[14].target=DNAT
firewall.@redirect[14].src=wan
firewall.@redirect[14].dest=lan
firewall.@redirect[14].proto=udp
firewall.@redirect[14].src_dport=7707-7708
firewall.@redirect[14].dest_ip=192.168.1.20
firewall.@redirect[14].dest_port=7707-7708
firewall.@redirect[14].name=kf_2_aska
firewall.@redirect[14].enabled=0
firewall.@redirect[15]=redirect
firewall.@redirect[15].target=DNAT
firewall.@redirect[15].src=wan
firewall.@redirect[15].dest=lan
firewall.@redirect[15].proto=udp
firewall.@redirect[15].src_dport=7717
firewall.@redirect[15].dest_ip=192.168.1.20
firewall.@redirect[15].dest_port=7717
firewall.@redirect[15].name=kf_3_aska
firewall.@redirect[15].enabled=0
firewall.@redirect[16]=redirect
firewall.@redirect[16].target=DNAT
firewall.@redirect[16].src=wan
firewall.@redirect[16].dest=lan
firewall.@redirect[16].proto=udp
firewall.@redirect[16].src_dport=20560
firewall.@redirect[16].dest_ip=192.168.1.20
firewall.@redirect[16].dest_port=20560
firewall.@redirect[16].name=kf_4_aska
firewall.@redirect[16].enabled=0
firewall.@redirect[17]=redirect
firewall.@redirect[17].target=DNAT
firewall.@redirect[17].src=wan
firewall.@redirect[17].dest=lan
firewall.@redirect[17].proto=tcp
firewall.@redirect[17].src_dport=8777
firewall.@redirect[17].dest_ip=192.168.1.10
firewall.@redirect[17].dest_port=8777
firewall.@redirect[17].name=ut_1
firewall.@redirect[18]=redirect
firewall.@redirect[18].target=DNAT
firewall.@redirect[18].src=wan
firewall.@redirect[18].dest=lan
firewall.@redirect[18].proto=tcp
firewall.@redirect[18].src_dport=9777
firewall.@redirect[18].dest_ip=192.168.1.10
firewall.@redirect[18].dest_port=9777
firewall.@redirect[18].name=ut_2
firewall.@redirect[19]=redirect
firewall.@redirect[19].target=DNAT
firewall.@redirect[19].src=wan
firewall.@redirect[19].dest=lan
firewall.@redirect[19].proto=tcp udp
firewall.@redirect[19].src_dport=7777-7788
firewall.@redirect[19].dest_ip=192.168.1.10
firewall.@redirect[19].dest_port=7777-7788
firewall.@redirect[19].name=ut_3
firewall.@redirect[20]=redirect
firewall.@redirect[20].target=DNAT
firewall.@redirect[20].src=wan
firewall.@redirect[20].dest=lan
firewall.@redirect[20].proto=tcp udp
firewall.@redirect[20].src_dport=27900
firewall.@redirect[20].dest_ip=192.168.1.10
firewall.@redirect[20].dest_port=27900
firewall.@redirect[20].name=ut_4
firewall.@redirect[21]=redirect
firewall.@redirect[21].target=DNAT
firewall.@redirect[21].src=wan
firewall.@redirect[21].dest=lan
firewall.@redirect[21].proto=tcp udp
firewall.@redirect[21].src_dport=42292
firewall.@redirect[21].dest_ip=192.168.1.10
firewall.@redirect[21].dest_port=42292
firewall.@redirect[21].name=ut_5
firewall.@redirect[22]=redirect
firewall.@redirect[22].target=DNAT
firewall.@redirect[22].src=wan
firewall.@redirect[22].dest=lan
firewall.@redirect[22].src_dport=13000
firewall.@redirect[22].dest_ip=192.168.1.10
firewall.@redirect[22].dest_port=13000
firewall.@redirect[22].name=ut_6-uplay
firewall.@redirect[22].proto=tcp udp
firewall.@redirect[23]=redirect
firewall.@redirect[23].target=DNAT
firewall.@redirect[23].src=wan
firewall.@redirect[23].dest=lan
firewall.@redirect[23].proto=tcp udp
firewall.@redirect[23].src_dport=6500
firewall.@redirect[23].dest_ip=192.168.1.10
firewall.@redirect[23].dest_port=6500
firewall.@redirect[23].name=ut_7-gsarcade
firewall.@redirect[24]=redirect
firewall.@redirect[24].target=DNAT
firewall.@redirect[24].src=wan
firewall.@redirect[24].dest=lan
firewall.@redirect[24].proto=tcp
firewall.@redirect[24].src_dport=13005
firewall.@redirect[24].dest_ip=192.168.1.10
firewall.@redirect[24].dest_port=13005
firewall.@redirect[24].name=uplay_1
firewall.@redirect[25]=redirect
firewall.@redirect[25].target=DNAT
firewall.@redirect[25].src=wan
firewall.@redirect[25].dest=lan
firewall.@redirect[25].proto=tcp
firewall.@redirect[25].src_dport=13200
firewall.@redirect[25].dest_ip=192.168.1.10
firewall.@redirect[25].dest_port=13200
firewall.@redirect[25].name=uplay_2
firewall.@redirect[26]=redirect
firewall.@redirect[26].target=DNAT
firewall.@redirect[26].src=wan
firewall.@redirect[26].dest=lan
firewall.@redirect[26].proto=tcp udp
firewall.@redirect[26].src_dport=6515
firewall.@redirect[26].dest_ip=192.168.1.10
firewall.@redirect[26].dest_port=6515
firewall.@redirect[26].name=gs-arcade_1
firewall.@redirect[27]=redirect
firewall.@redirect[27].target=DNAT
firewall.@redirect[27].src=wan
firewall.@redirect[27].dest=lan
firewall.@redirect[27].proto=tcp udp
firewall.@redirect[27].src_dport=13139
firewall.@redirect[27].dest_ip=192.168.1.10
firewall.@redirect[27].dest_port=13139
firewall.@redirect[27].name=gs-arcade_2
firewall.@redirect[28]=redirect
firewall.@redirect[28].target=DNAT
firewall.@redirect[28].src=wan
firewall.@redirect[28].dest=lan
firewall.@redirect[28].proto=tcp
firewall.@redirect[28].src_dport=6667
firewall.@redirect[28].dest_ip=192.168.1.10
firewall.@redirect[28].dest_port=6667
firewall.@redirect[28].name=gs-arcade_3
firewall.@redirect[29]=redirect
firewall.@redirect[29].target=DNAT
firewall.@redirect[29].src=wan
firewall.@redirect[29].dest=lan
firewall.@redirect[29].proto=tcp
firewall.@redirect[29].dest_ip=192.168.1.10
firewall.@redirect[29].name=gs-arcade_4
firewall.@redirect[29].src_dport=28900-28910
firewall.@redirect[29].dest_port=28900-28910
firewall.@redirect[30]=redirect
firewall.@redirect[30].target=DNAT
firewall.@redirect[30].src=wan
firewall.@redirect[30].dest=lan
firewall.@redirect[30].proto=tcp
firewall.@redirect[30].src_dport=3783
firewall.@redirect[30].dest_ip=192.168.1.10
firewall.@redirect[30].dest_port=3783
firewall.@redirect[30].name=gs-arcade_5
firewall.@redirect[31]=redirect
firewall.@redirect[31].target=DNAT
firewall.@redirect[31].src=wan
firewall.@redirect[31].dest=lan
firewall.@redirect[31].proto=tcp
firewall.@redirect[31].src_dport=29900-29901
firewall.@redirect[31].dest_ip=192.168.1.10
firewall.@redirect[31].dest_port=29900-29901
firewall.@redirect[31].name=gs-arcade_6
firewall.@redirect[32]=redirect
firewall.@redirect[32].target=DNAT
firewall.@redirect[32].src=wan
firewall.@redirect[32].dest=lan
firewall.@redirect[32].proto=udp
firewall.@redirect[32].src_dport=8871
firewall.@redirect[32].dest_ip=192.168.1.10
firewall.@redirect[32].dest_port=8871
firewall.@redirect[32].name=gs_1
firewall.@redirect[33]=redirect
firewall.@redirect[33].target=DNAT
firewall.@redirect[33].src=wan
firewall.@redirect[33].dest=lan
firewall.@redirect[33].proto=tcp
firewall.@redirect[33].src_dport=1001-1002
firewall.@redirect[33].dest_ip=192.168.1.10
firewall.@redirect[33].dest_port=1001-1002
firewall.@redirect[33].name=uplay-grfs_1
firewall.@redirect[34]=redirect
firewall.@redirect[34].target=DNAT
firewall.@redirect[34].src=wan
firewall.@redirect[34].dest=lan
firewall.@redirect[34].proto=tcp udp
firewall.@redirect[34].src_dport=2348-2348
firewall.@redirect[34].dest_ip=192.168.1.10
firewall.@redirect[34].dest_port=2348-2348
firewall.@redirect[34].name=uplay-grfs_2
firewall.@redirect[35]=redirect
firewall.@redirect[35].target=DNAT
firewall.@redirect[35].src=wan
firewall.@redirect[35].dest=lan
firewall.@redirect[35].proto=udp
firewall.@redirect[35].src_dport=10007
firewall.@redirect[35].dest_ip=192.168.1.10
firewall.@redirect[35].dest_port=10007
firewall.@redirect[35].name=uplay-grfs_3
firewall.@redirect[36]=redirect
firewall.@redirect[36].target=DNAT
firewall.@redirect[36].src=wan
firewall.@redirect[36].dest=lan
firewall.@redirect[36].proto=udp
firewall.@redirect[36].src_dport=15765
firewall.@redirect[36].dest_ip=192.168.1.10
firewall.@redirect[36].dest_port=15765
firewall.@redirect[36].name=uplay-grfs_4
firewall.@redirect[37]=redirect
firewall.@redirect[37].target=DNAT
firewall.@redirect[37].src=wan
firewall.@redirect[37].dest=lan
firewall.@redirect[37].proto=udp
firewall.@redirect[37].src_dport=24340
firewall.@redirect[37].dest_ip=192.168.1.10
firewall.@redirect[37].dest_port=24340
firewall.@redirect[37].name=uplay-grfs_5
firewall.@redirect[38]=redirect
firewall.@redirect[38].target=DNAT
firewall.@redirect[38].src=wan
firewall.@redirect[38].dest=lan
firewall.@redirect[38].proto=udp
firewall.@redirect[38].src_dport=24360
firewall.@redirect[38].dest_ip=192.168.1.10
firewall.@redirect[38].dest_port=24360
firewall.@redirect[38].name=uplay-grfs_6
firewall.@redirect[39]=redirect
firewall.@redirect[39].target=DNAT
firewall.@redirect[39].src=wan
firewall.@redirect[39].dest=lan
firewall.@redirect[39].proto=tcp udp
firewall.@redirect[39].src_dport=3659
firewall.@redirect[39].dest_ip=192.168.1.10
firewall.@redirect[39].dest_port=3659
firewall.@redirect[39].name=origin-ds3_1
firewall.@redirect[40]=redirect
firewall.@redirect[40].target=DNAT
firewall.@redirect[40].src=wan
firewall.@redirect[40].dest=lan
firewall.@redirect[40].proto=tcp udp
firewall.@redirect[40].src_dport=9999
firewall.@redirect[40].dest_ip=192.168.1.10
firewall.@redirect[40].dest_port=9999
firewall.@redirect[40].name=origin-ds3_2
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood=1
firewall.@defaults[0].input=ACCEPT
firewall.@defaults[0].output=ACCEPT
firewall.@defaults[0].forward=ACCEPT
firewall.@zone[0]=zone
firewall.@zone[0].name=lan
firewall.@zone[0].input=ACCEPT
firewall.@zone[0].output=ACCEPT
firewall.@zone[0].forward=ACCEPT
firewall.@zone[0].network=lan
firewall.@zone[1]=zone
firewall.@zone[1].name=wan
firewall.@zone[1].masq=1
firewall.@zone[1].mtu_fix=1
firewall.@zone[1].network=wan
firewall.@zone[1].output=ACCEPT
firewall.@zone[1].forward=ACCEPT
firewall.@zone[1].input=DROP
firewall.@rule[0]=rule
firewall.@rule[0].name=Allow-DHCP-Renew
firewall.@rule[0].src=wan
firewall.@rule[0].proto=udp
firewall.@rule[0].dest_port=68
firewall.@rule[0].target=ACCEPT
firewall.@rule[0].family=ipv4
firewall.@rule[1]=rule
firewall.@rule[1].name=Allow-Ping
firewall.@rule[1].src=wan
firewall.@rule[1].proto=icmp
firewall.@rule[1].icmp_type=echo-request
firewall.@rule[1].family=ipv4
firewall.@rule[1].target=ACCEPT
firewall.@rule[2]=rule
firewall.@rule[2].name=Allow-DHCPv6
firewall.@rule[2].src=wan
firewall.@rule[2].proto=udp
firewall.@rule[2].src_ip=fe80::/10
firewall.@rule[2].src_port=547
firewall.@rule[2].dest_ip=fe80::/10
firewall.@rule[2].dest_port=546
firewall.@rule[2].family=ipv6
firewall.@rule[2].target=ACCEPT
firewall.@rule[3]=rule
firewall.@rule[3].name=Allow-ICMPv6-Input
firewall.@rule[3].src=wan
firewall.@rule[3].proto=icmp
firewall.@rule[3].icmp_type=echo-request echo-reply destination-unreachable packet-too-big time-exceeded bad-header unknown-header-type router-solicitation neighbour-solicitation router-advertisement neighbour-advertisement
firewall.@rule[3].limit=1000/sec
firewall.@rule[3].family=ipv6
firewall.@rule[3].target=ACCEPT
firewall.@rule[4]=rule
firewall.@rule[4].name=Allow-ICMPv6-Forward
firewall.@rule[4].src=wan
firewall.@rule[4].dest=*
firewall.@rule[4].proto=icmp
firewall.@rule[4].icmp_type=echo-request echo-reply destination-unreachable packet-too-big time-exceeded bad-header unknown-header-type
firewall.@rule[4].limit=1000/sec
firewall.@rule[4].family=ipv6
firewall.@rule[4].target=ACCEPT
firewall.@include[0]=include
firewall.@include[0].path=/etc/firewall.user
firewall.miniupnpd=include
firewall.miniupnpd.type=script
firewall.miniupnpd.path=/usr/share/miniupnpd/firewall.include
firewall.miniupnpd.family=IPv4
firewall.miniupnpd.reload=1
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].dest=lan
firewall.@forwarding[0].src=wan
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].dest=wan
firewall.@forwarding[1].src=lanŻebym jeszcze wiedział jak. Przejrzałem reguły które dodawałem do Firewalla i w żadnej nie ma portu 53. Wrzucam paczkę ze screenami z ustawień jakie mam w DHCP i Firewallu może coś tam mam pokiełbaszonego. Nie chciałbym ponownie resetować ustawień i wszystkiego klepać od nowa ![]()
Witajcie,
Mam TP-Linka TL-WDR4300 v1, wrzuciłem na niego OpenWrt Attitude Adjustment 12.09.1 / LuCI 0.11 Branch (0.11+svn9933) i wszystko działa jak ta lala ale jest mały problem. W sieci lokalnej oprócz 2 kompów działa NAS od QNAPa na którym lata sobie serwer www (domyślnie na porcie 80) oraz FTP (26). Wszystko do pewnego czasu działało pięknie aż nie dostałem maila od swojego ISP że z mojego IP przeprowadzony był atak DDoS. W mailu był także link do strony http://openresolverproject.org/ sprawdziłem i faktycznie moje IP jest u nich w bazie. Co prędzej rzuciłem się w stronę Gibsona żeby sprawdzić czy faktycznie mam otwarty port 53 (odpytania DNS) - o zgrozo był otwarty. Jedyne co mi pozostało to reset ustawień do domyślnych i ponowne skanowanie portów. Oczywiście to pomogło, port 53 w skanie wyszedł zablokowany i sprawa ucichła.
Przekierowałem w międzyczasie potrzebne mi porty (steam plus kilka serwerów gier które uruchamiam u siebie) i zostawiłem router własnemu życiu. Ostatnio gdy chciałem pokazać znajomemu statystyki z gry, wklepałem swój adres (hostowany na dyn.com) i nie zadziałało - szybkie sprawdzenie i nazwa hosta po raz kolejny wyparowała z dyn.com, dodałem ją i wszystko ruszyło, ale znowu pojawił sie otwarty port 53 w teście ShieldsUP! Nie mam już bladego pojęcia co z tym zrobić, na chwilę obecną w ustawieniach Firewalla zmieniłem aby wszelkie przychodzące zapytania z WAN zostały dropnięte - oczywiście to pomaga, ale nie mam dostępu do strony poza siecią LAN a nie o to chodzi. Może jest jakiś sposób by to skonfigurować poprawnie?
Czekam na porady co z tym fantem zrobić, jak ustawić Firewall żeby to działało oraz żeby router zgłaszał co jakiś czas IP (IP mam stałe)do dyn.com bo po niecałych 2 tygodniach hostname znika z powodu braku aktualizacji i muszę to ręcznie wklepywać u nich.
Pozdrawiam
Korzystałem z tego narzędzia https://www.grc.com/x/ne.dll?bh0bkyd2 A wracając do portów to już wszystko ok, wgranie AA pomogło i poprawnie teraz przekierowuje porty. Dzięki za pomoc, temat do zamknięcia ![]()
Strony Poprzednia 1 2 3 Następna
eko.one.pl → Posty przez copernic_us
Forum oparte o PunBB, wspierane przez Informer Technologies, Inc