1 Odpowiedź przez Chriso

(8 odpowiedzi, napisanych Oprogramowanie / Software)

Ale ja to wszystko mam dodane z tego poradnika

Idź do forum: Oprogramowanie / Software

2 Odpowiedź przez Chriso

(8 odpowiedzi, napisanych Oprogramowanie / Software)

root@Armor_G5:/tmp/run# nft -a list ruleset
table ip nat { # handle 19
        chain postrouting { # handle 1
                type nat hook postrouting priority srcnat; policy accept;
                oifname "br-lan" ip saddr 10.8.0.0/24 counter packets 0 bytes 0 masquerade # handle 2
                oifname "tun0" ip saddr 192.168.5.0/24 counter packets 0 bytes 0 masquerade # handle 3
        }
}

Niestety po dodaniu takich reguł dalej nie mam dostępu do sieci LAN za serwerem OpenVPN.

Idź do forum: Oprogramowanie / Software

3 Odpowiedź przez Chriso

(8 odpowiedzi, napisanych Oprogramowanie / Software)

Wycinek firewall:

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option output 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        option input 'ACCEPT'
        option forward 'ACCEPT'

config forwarding
        option src 'lan'
        option dest 'wan'


config rule
        option name 'openvpn'
        option target 'ACCEPT'
        option src 'vpn'
        option family 'ipv4'
        list proto 'tcp'
        list proto 'udp'
        option dest_port '54545'

config zone
        option name 'vpn'
        option input 'ACCEPT'
        option forward 'ACCEPT'
        option output 'ACCEPT'
        option network 'vpn'
        option family 'ipv4'
        option masq '1'

config forwarding
        option src 'vpn'
        option dest 'lan'

"fw4 print" reguła z maskaradą wygląda tak

        chain srcnat_wan {
                meta nfproto ipv4 masquerade comment "!fw4: Masquerade IPv4 wan traffic"
        }

        chain srcnat_vpn {
                meta nfproto ipv4 masquerade comment "!fw4: Masquerade IPv4 vpn traffic"
        }

Idź do forum: Oprogramowanie / Software

4 Temat przez Chriso

(8 odpowiedzi, napisanych Oprogramowanie / Software)

Witam
Na starym routerze Netgear R6220 z OpenWrt miałem uruchomiony OpenVPN serwer i w Firewallu we własnych regułach miałem wpisane:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.5.0/24 -o tun0 -j MASQUERADE

Teraz mam nowy router Armor G5 NBG7815 z wgranym OpenWrt SNAPSHOT r22199-1f53fa2b83, na którym jest nft i pytanie jak mam taką regułę wpisać?

Idź do forum: Oprogramowanie / Software

5 Odpowiedź przez Chriso

(20 odpowiedzi, napisanych Inne)

@mexpert, Udało Ci się odnaleźć hasło do telnetu?

Idź do forum: Inne

6 Odpowiedź przez Chriso

(12 odpowiedzi, napisanych Oprogramowanie / Software)

@Cezary, dzięki ponownie.
Po do kompilowaniu odpowiednich pakietów i zainstalowaniu ze swoich wersji, brak błędów.

Idź do forum: Oprogramowanie / Software

7 Temat przez Chriso

(12 odpowiedzi, napisanych Oprogramowanie / Software)

Witam
Skompilowałem swój firmware LEDE i przy instalacji pakietu ppp-mod-pptp wyskakuje błąd

root@LEDE:~# opkg install ppp-mod-pptp
Installing ppp-mod-pptp (2.4.7-10) to root...
Downloading http://downloads.lede-project.org/snapshots/packages/mips_24kc/base/ppp-mod-pptp_2.4.7-10_mips_24kc.ipk
Collected errors:
 * satisfy_dependencies_for: Cannot satisfy the following dependencies for ppp-mod-pptp:
 *      kernel (= 4.4.45-1-2fde264ed13ab3f43ac5a3172db6cd63) *  kernel (= 4.4.45-1-2fde264ed13ab3f43ac5a3172db6cd63) *  kernel (= 4.4.45-1-2fde264ed13ab3f43ac5a3172db6cd63) *  kernel (= 4.4.45-1-2fde264ed13ab3f43ac5a3172db6cd63) *  kernel (= 4.4.45-1-2fde264ed13ab3f43ac5a3172db6cd63) *  kernel (= 4.4.45-1-2fde264ed13ab3f43ac5a3172db6cd63) *  kernel (= 4.4.45-1-2fde264ed13ab3f43ac5a3172db6cd63) *  kernel (= 4.4.45-1-2fde264ed13ab3f43ac5a3172db6cd63) *  kernel (= 4.4.45-1-2fde264ed13ab3f43ac5a3172db6cd63) *  kernel (= 4.4.45-1-2fde264ed13ab3f43ac5a3172db6cd63) *
 * opkg_install_cmd: Cannot install package ppp-mod-pptp.

Wersja mojego kernela 4.4.45 i nowszego brak w źródłach.

Idź do forum: Oprogramowanie / Software

8 Odpowiedź przez Chriso

(17 odpowiedzi, napisanych Oprogramowanie / Software)

Problem rozwiązany, odznaczyłem ext4 i kompilacja przeszła do końca bez błędów.
Firmware wgrane, extroot zrobiony i docelowo dump1090 zainstalowany w najnowszej wersji ;-)
Dzięki za pomoc.

Idź do forum: Oprogramowanie / Software

9 Odpowiedź przez Chriso

(17 odpowiedzi, napisanych Oprogramowanie / Software)

Nie pyta się, po prostu mam tam wpisane 256 i chciałem się upewnić czy jest to wartość prawidłowa.

Od tego momentu wyskakuje mi błąd:

/home/chriso/lede/source/staging_dir/host/bin/mktplinkfw -H 0x30200001 -W 0x1 -F 4Mlzma -N OpenWrt -V r3157-2ef3810 -m 1 -k /home/chriso/lede/source/build_dir/target-mips_24kc_musl-1.1.16/linux-ar71xx_generic/tl-mr3020-v1-kernel.bin -r /home/chriso/lede/source/build_dir/target-mips_24kc_musl-1.1.16/linux-ar71xx_generic/tmp/lede-ar71xx-generic-tl-mr3020-v1-ext4-factory.bin -o /home/chriso/lede/source/build_dir/target-mips_24kc_musl-1.1.16/linux-ar71xx_generic/tmp/lede-ar71xx-generic-tl-mr3020-v1-ext4-factory.bin.new -j -X 0x40000 -a ext4   && mv /home/chriso/lede/source/build_dir/target-mips_24kc_musl-1.1.16/linux-ar71xx_generic/tmp/lede-ar71xx-generic-tl-mr3020-v1-ext4-factory.bin.new /home/chriso/lede/source/build_dir/target-mips_24kc_musl-1.1.16/linux-ar71xx_generic/tmp/lede-ar71xx-generic-tl-mr3020-v1-ext4-factory.bin || rm -f /home/chriso/lede/source/build_dir/target-mips_24kc_musl-1.1.16/linux-ar71xx_generic/tmp/lede-ar71xx-generic-tl-mr3020-v1-ext4-factory.bin
[mktplinkfw] *** error: kernel image is too big by 179163 bytes
[mktplinkfw] *** error: kernel image is too big by 179163 bytes
gzip -c -9n /home/chriso/lede/source/build_dir/target-mips_24kc_musl-1.1.16/linux-ar71xx_generic/tmp/lede-ar71xx-generic-tl-mr3020-v1-ext4-sysupgrade.bin > /home/chriso/lede/source/bin/targets/ar71xx/generic/lede-ar71xx-generic-tl-mr3020-v1-ext4-sysupgrade.bin.gz
[ -f /home/chriso/lede/source/build_dir/target-mips_24kc_musl-1.1.16/linux-ar71xx_generic/tl-mr3020-v1-kernel.bin -a -f /home/chriso/lede/source/build_dir/target-mips_24kc_musl-1.1.16/linux-ar71xx_generic/root.squashfs ]
dd if=/home/chriso/lede/source/build_dir/target-mips_24kc_musl-1.1.16/linux-ar71xx_generic/root.squashfs >> /home/chriso/lede/source/build_dir/target-mips_24kc_musl-1.1.16/linux-ar71xx_generic/tmp/lede-ar71xx-generic-tl-mr3020-v1-squashfs-sysupgrade.bin
gzip: /home/chriso/lede/source/build_dir/target-mips_24kc_musl-1.1.16/linux-ar71xx_generic/tmp/lede-ar71xx-generic-tl-mr3020-v1-ext4-sysupgrade.bin: No such file or directory
Makefile:113: recipe for target '/home/chriso/lede/source/bin/targets/ar71xx/generic/lede-ar71xx-generic-tl-mr3020-v1-ext4-sysupgrade.bin.gz' failed
make[5]: *** [/home/chriso/lede/source/bin/targets/ar71xx/generic/lede-ar71xx-generic-tl-mr3020-v1-ext4-sysupgrade.bin.gz] Error 1
make[5]: *** Waiting for unfinished jobs....
3798+1 records in
3798+1 records out
1944610 bytes (1.9 MB, 1.9 MiB) copied, 0.102161 s, 19.0 MB/s
/home/chriso/lede/source/staging_dir/host/bin/mktplinkfw -H 0x30200001 -W 0x1 -F 4Mlzma -N OpenWrt -V r3157-2ef3810 -m 1 -k /home/chriso/lede/source/build_dir/target-mips_24kc_musl-1.1.16/linux-ar71xx_generic/tl-mr3020-v1-kernel.bin -r /home/chriso/lede/source/build_dir/target-mips_24kc_musl-1.1.16/linux-ar71xx_generic/tmp/lede-ar71xx-generic-tl-mr3020-v1-squashfs-sysupgrade.bin -o /home/chriso/lede/source/build_dir/target-mips_24kc_musl-1.1.16/linux-ar71xx_generic/tmp/lede-ar71xx-generic-tl-mr3020-v1-squashfs-sysupgrade.bin.new -j -X 0x40000 -a 0x4  -s && mv /home/chriso/lede/source/build_dir/target-mips_24kc_musl-1.1.16/linux-ar71xx_generic/tmp/lede-ar71xx-generic-tl-mr3020-v1-squashfs-sysupgrade.bin.new /home/chriso/lede/source/build_dir/target-mips_24kc_musl-1.1.16/linux-ar71xx_generic/tmp/lede-ar71xx-generic-tl-mr3020-v1-squashfs-sysupgrade.bin || rm -f /home/chriso/lede/source/build_dir/target-mips_24kc_musl-1.1.16/linux-ar71xx_generic/tmp/lede-ar71xx-generic-tl-mr3020-v1-squashfs-sysupgrade.bin
[mktplinkfw] kernel length aligned to 1227228
[mktplinkfw] firmware file "/home/chriso/lede/source/build_dir/target-mips_24kc_musl-1.1.16/linux-ar71xx_generic/tmp/lede-ar71xx-generic-tl-mr3020-v1-squashfs-sysupgrade.bin.new" completed
make[5]: Leaving directory '/home/chriso/lede/source/target/linux/ar71xx/image'
Makefile:24: recipe for target 'install' failed
make[4]: *** [install] Error 2
make[4]: Leaving directory '/home/chriso/lede/source/target/linux/ar71xx'
Makefile:13: recipe for target 'install' failed
make[3]: *** [install] Error 2
make[3]: Leaving directory '/home/chriso/lede/source/target/linux'
target/Makefile:22: recipe for target 'target/linux/install' failed
make[2]: *** [target/linux/install] Error 2
make[2]: Leaving directory '/home/chriso/lede/source'
target/Makefile:18: recipe for target '/home/chriso/lede/source/staging_dir/target-mips_24kc_musl-1.1.16/stamp/.target_install' failed
make[1]: *** [/home/chriso/lede/source/staging_dir/target-mips_24kc_musl-1.1.16/stamp/.target_install] Error 2
make[1]: Leaving directory '/home/chriso/lede/source'
Build failed - please re-run with -j1 to see the real error message
/home/chriso/lede/source/include/toplevel.mk:197: polecenia dla obiektu 'world' nie powiodły się
make: *** [world] Błąd 1

Idź do forum: Oprogramowanie / Software

10 Odpowiedź przez Chriso

(17 odpowiedzi, napisanych Oprogramowanie / Software)

Tak dla pewności dopytam, w menuconfig w "Root filesystem partition size" ile ma być wpisane MB?
Dodam, że firmware ma być do routera TL-MR3020.

Idź do forum: Oprogramowanie / Software

11 Odpowiedź przez Chriso

(17 odpowiedzi, napisanych Oprogramowanie / Software)

Próbowałem skompilować lede z pakietami od USB ale niestety wyskakuje również, że za mało miejsca.

@Cezary, mógłbyś podpowiedzieć, które pakiety mogę "odhaczyć" żeby tylko zadziałał extroot?
Resztę se doinstaluję po zrobieniu extroota.

Idź do forum: Oprogramowanie / Software

12 Odpowiedź przez Chriso

(17 odpowiedzi, napisanych Oprogramowanie / Software)

Niestety nie da rady tak zrobić bo żeby zadziałał extroot to potrzeba zainstalować pakiety
kmod-usb-core
kmod-usb2
kmod-usb-storage
kmod-fs-ext4
block-mount
i niestety wszystkie nie mieszczą się na pamięć na tym routerku.
Twój firmware jest dobry bo ma już to w kompilowane i nie ma problemu z miejscem.

Idź do forum: Oprogramowanie / Software

13 Odpowiedź przez Chriso

(17 odpowiedzi, napisanych Oprogramowanie / Software)

Może być i lede, aby działał ten pakiet w najnowszym wydaniu  ;-)

Idź do forum: Oprogramowanie / Software

14 Odpowiedź przez Chriso

(17 odpowiedzi, napisanych Oprogramowanie / Software)

A mógłbyś zrobić firmware na podstawie trunka do routera TL-MR3020 z obsługą USB i extroota, tak żeby można było wgrać ten najnowszy dump1090?

Idź do forum: Oprogramowanie / Software

15 Odpowiedź przez Chriso

(17 odpowiedzi, napisanych Oprogramowanie / Software)

@Cezary, Wielka prośba, czy mógłbyś dołączyć ten pakiet?

Idź do forum: Oprogramowanie / Software

16 Temat przez Chriso

(17 odpowiedzi, napisanych Oprogramowanie / Software)

Witam
Czy jest możliwość dołączenie do repo pakietu "dump1090_2016-11-26" dla platformy ar71xx dla wersji OpenWrt Chaos Calmer 15.05.1 (r49474)?

Idź do forum: Oprogramowanie / Software

17 Odpowiedź przez Chriso

(11 odpowiedzi, napisanych Oprogramowanie / Software)

Tak, bo tam gdzie jest podłączony do internetu klient (router z openwrt), w sieci lan normalnie wchodzę na luci

Idź do forum: Oprogramowanie / Software

18 Odpowiedź przez Chriso

(11 odpowiedzi, napisanych Oprogramowanie / Software)

Zauważyłem jeszcze jedno, jak wchodzę z komputera na www LuCI (http://192.168.0.101/) to wyskakuje mi napis
"LuCI - Lua Configuration Interface" i dalej jest przekierowanie na http://192.168.0.101/cgi-bin/luci ale właśnie już tam nie wchodzi.

Idź do forum: Oprogramowanie / Software

19 Odpowiedź przez Chriso

(11 odpowiedzi, napisanych Oprogramowanie / Software)

Tak, po SSH łącze się

Idź do forum: Oprogramowanie / Software

20 Odpowiedź przez Chriso

(11 odpowiedzi, napisanych Oprogramowanie / Software)

Po skasowaniu tego dalej nie mogę dostać się do gui.

Idź do forum: Oprogramowanie / Software

21 Odpowiedź przez Chriso

(11 odpowiedzi, napisanych Oprogramowanie / Software)

root@OpenWrt:~# netstat -apn
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      999/uhttpd
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      1151/dnsmasq
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      960/dropbear
tcp        0   3573 192.168.0.101:22        192.168.0.38:62674      LAST_ACK    -
tcp        0    300 192.168.43.189:22       192.168.43.51:62816     ESTABLISHED 1736/dropbear
tcp        0      0 192.168.43.189:58419    83.9.164.233:1723       ESTABLISHED 1326/pppd
tcp        0   3677 192.168.0.101:22        192.168.0.38:62691      LAST_ACK    -
tcp        0      0 :::80                   :::*                    LISTEN      999/uhttpd
tcp        0      0 :::53                   :::*                    LISTEN      1151/dnsmasq
tcp        0      0 :::22                   :::*                    LISTEN      960/dropbear
udp        0      0 0.0.0.0:53              0.0.0.0:*                           1151/dnsmasq
udp        0      0 :::53                   :::*                                1151/dnsmasq
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node PID/Program name    Path
unix  2      [ ACC ]     STREAM     LISTENING        279 498/ubusd           /var/run/ubus.sock
unix  7      [ ]         DGRAM                      1076 873/logd            /dev/log
unix  2      [ ACC ]     STREAM     LISTENING       3810 1326/pppd           /var/run/pptp/83.9.164.233:1
unix  2      [ ]         DGRAM                      2031 1202/wpa_supplicant /var/run/wpa_supplicant/wlan0
unix  3      [ ]         STREAM     CONNECTED        304 498/ubusd           /var/run/ubus.sock
unix  3      [ ]         STREAM     CONNECTED        303 1/procd
unix  2      [ ]         DGRAM                      1866 1151/dnsmasq
unix  3      [ ]         STREAM     CONNECTED       1078 873/logd
unix  3      [ ]         STREAM     CONNECTED       1159 498/ubusd           /var/run/ubus.sock
unix  3      [ ]         STREAM     CONNECTED       3922 1326/pppd           /var/run/pptp/83.9.164.233:1
unix  3      [ ]         STREAM     CONNECTED       1158 915/netifd
unix  3      [ ]         STREAM     CONNECTED       1079 498/ubusd           /var/run/ubus.sock
unix  3      [ ]         STREAM     CONNECTED       1429 999/uhttpd
unix  2      [ ]         DGRAM                      1231 960/dropbear
unix  2      [ ]         DGRAM                      1469 915/netifd
unix  2      [ ]         DGRAM                      1509 915/netifd
unix  2      [ ]         DGRAM                      3765 1324/pppd
unix  3      [ ]         STREAM     CONNECTED       1430 498/ubusd           /var/run/ubus.sock
unix  3      [ ]         STREAM     CONNECTED       1095 882/rpcd
unix  2      [ ]         DGRAM                      1170 1/procd
unix  3      [ ]         STREAM     CONNECTED       3772 1324/pppd
unix  3      [ ]         STREAM     CONNECTED       1096 498/ubusd           /var/run/ubus.sock
root@OpenWrt:~# uci show firewall
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='ACCEPT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[0].network='lan'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].input='ACCEPT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='ACCEPT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@zone[1].network='wan wan6 wwan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fe80::/10'
firewall.@rule[3].src_port='547'
firewall.@rule[3].dest_ip='fe80::/10'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.@rule[7]=rule
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@zone[2]=zone
firewall.@zone[2].input='ACCEPT'
firewall.@zone[2].forward='ACCEPT'
firewall.@zone[2].output='ACCEPT'
firewall.@zone[2].name='vpnZone'
firewall.@zone[2].network='VPN'
firewall.@zone[2].mtu_fix='1'
firewall.@zone[2].log='1'
firewall.@zone[2].log_limit='60'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].dest='wan'
firewall.@forwarding[0].src='lan'
firewall.@rule[9]=rule
firewall.@rule[9].enabled='1'
firewall.@rule[9].target='ACCEPT'
firewall.@rule[9].proto='tcp'
firewall.@rule[9].dest_port='80'
firewall.@rule[9].name='HTTP'
firewall.@rule[9].src='*'
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].dest='lan'
firewall.@forwarding[1].src='vpnZone'
firewall.@forwarding[2]=forwarding
firewall.@forwarding[2].dest='wan'
firewall.@forwarding[2].src='vpnZone'
firewall.@forwarding[3]=forwarding
firewall.@forwarding[3].dest='vpnZone'
firewall.@forwarding[3].src='lan'
firewall.@forwarding[4]=forwarding
firewall.@forwarding[4].dest='vpnZone'
firewall.@forwarding[4].src='wan'
firewall.@redirect[0]=redirect
firewall.@redirect[0].target='DNAT'
firewall.@redirect[0].src='vpnZone'
firewall.@redirect[0].dest='vpnZone'
firewall.@redirect[0].proto='tcp'
firewall.@redirect[0].src_dport='80'
firewall.@redirect[0].dest_port='80'
firewall.@redirect[0].name='HTTP'
root@OpenWrt:~# iptables -v -L
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    4   272 delegate_input  all  --  any    any     anywhere             anywhere

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 delegate_forward  all  --  any    any     anywhere             anywhere

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    3   188 delegate_output  all  --  any    any     anywhere             anywhere

Chain delegate_forward (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 forwarding_rule  all  --  any    any     anywhere             anywhere             /* user chain for forwarding */
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate RELATED,ESTABLISHED
    0     0 zone_lan_forward  all  --  br-lan any     anywhere             anywhere
    0     0 zone_wan_forward  all  --  wlan0  any     anywhere             anywhere
    0     0 zone_vpnZone_forward  all  --  pptp-VPN any     anywhere             anywhere

Chain delegate_input (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  lo     any     anywhere             anywhere
    4   272 input_rule  all  --  any    any     anywhere             anywhere             /* user chain for input */
    3   224 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate RELATED,ESTABLISHED
    0     0 syn_flood  tcp  --  any    any     anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:www /* HTTP */
    0     0 zone_lan_input  all  --  br-lan any     anywhere             anywhere
    1    48 zone_wan_input  all  --  wlan0  any     anywhere             anywhere
    0     0 zone_vpnZone_input  all  --  pptp-VPN any     anywhere             anywhere

Chain delegate_output (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  any    lo      anywhere             anywhere
    3   188 output_rule  all  --  any    any     anywhere             anywhere             /* user chain for output */
    2   144 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate RELATED,ESTABLISHED
    0     0 zone_lan_output  all  --  any    br-lan  anywhere             anywhere
    1    44 zone_wan_output  all  --  any    wlan0   anywhere             anywhere
    0     0 zone_vpnZone_output  all  --  any    pptp-VPN  anywhere             anywhere

Chain forwarding_lan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain forwarding_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain forwarding_vpnZone_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain forwarding_wan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain input_lan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain input_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain input_vpnZone_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain input_wan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain output_lan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain output_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain output_vpnZone_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain output_wan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain reject (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 REJECT     tcp  --  any    any     anywhere             anywhere             reject-with tcp-reset
    0     0 REJECT     all  --  any    any     anywhere             anywhere             reject-with icmp-port-unreachable

Chain syn_flood (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     tcp  --  any    any     anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
    0     0 DROP       all  --  any    any     anywhere             anywhere

Chain zone_lan_dest_ACCEPT (5 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  any    br-lan  anywhere             anywhere

Chain zone_lan_forward (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 forwarding_lan_rule  all  --  any    any     anywhere             anywhere             /* user chain for forwarding */
    0     0 zone_wan_dest_ACCEPT  all  --  any    any     anywhere             anywhere             /* forwarding lan -> wan */
    0     0 zone_vpnZone_dest_ACCEPT  all  --  any    any     anywhere             anywhere             /* forwarding lan -> vpnZone */
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate DNAT /* Accept port forwards */
    0     0 zone_lan_dest_ACCEPT  all  --  any    any     anywhere             anywhere

Chain zone_lan_input (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 input_lan_rule  all  --  any    any     anywhere             anywhere             /* user chain for input */
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate DNAT /* Accept port redirections */
    0     0 zone_lan_src_ACCEPT  all  --  any    any     anywhere             anywhere

Chain zone_lan_output (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 output_lan_rule  all  --  any    any     anywhere             anywhere             /* user chain for output */
    0     0 zone_lan_dest_ACCEPT  all  --  any    any     anywhere             anywhere

Chain zone_lan_src_ACCEPT (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  br-lan any     anywhere             anywhere

Chain zone_vpnZone_dest_ACCEPT (4 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  any    pptp-VPN  anywhere             anywhere

Chain zone_vpnZone_forward (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 forwarding_vpnZone_rule  all  --  any    any     anywhere             anywhere             /* user chain for forwarding */
    0     0 zone_lan_dest_ACCEPT  all  --  any    any     anywhere             anywhere             /* forwarding vpnZone -> lan */
    0     0 zone_wan_dest_ACCEPT  all  --  any    any     anywhere             anywhere             /* forwarding vpnZone -> wan */
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate DNAT /* Accept port forwards */
    0     0 zone_vpnZone_dest_ACCEPT  all  --  any    any     anywhere             anywhere

Chain zone_vpnZone_input (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 input_vpnZone_rule  all  --  any    any     anywhere             anywhere             /* user chain for input */
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate DNAT /* Accept port redirections */
    0     0 zone_vpnZone_src_ACCEPT  all  --  any    any     anywhere             anywhere

Chain zone_vpnZone_output (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 output_vpnZone_rule  all  --  any    any     anywhere             anywhere             /* user chain for output */
    0     0 zone_vpnZone_dest_ACCEPT  all  --  any    any     anywhere             anywhere

Chain zone_vpnZone_src_ACCEPT (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  pptp-VPN any     anywhere             anywhere

Chain zone_wan_dest_ACCEPT (4 references)
 pkts bytes target     prot opt in     out     source               destination
    1    44 ACCEPT     all  --  any    wlan0   anywhere             anywhere

Chain zone_wan_forward (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 forwarding_wan_rule  all  --  any    any     anywhere             anywhere             /* user chain for forwarding */
    0     0 zone_lan_dest_ACCEPT  esp  --  any    any     anywhere             anywhere             /* @rule[7] */
    0     0 zone_lan_dest_ACCEPT  udp  --  any    any     anywhere             anywhere             udp dpt:isakmp /* @rule[8] */
    0     0 zone_vpnZone_dest_ACCEPT  all  --  any    any     anywhere             anywhere             /* forwarding wan -> vpnZone */
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate DNAT /* Accept port forwards */
    0     0 zone_wan_dest_ACCEPT  all  --  any    any     anywhere             anywhere

Chain zone_wan_input (1 references)
 pkts bytes target     prot opt in     out     source               destination
    1    48 input_wan_rule  all  --  any    any     anywhere             anywhere             /* user chain for input */
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             udp dpt:bootpc /* Allow-DHCP-Renew */
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere             icmp echo-request /* Allow-Ping */
    0     0 ACCEPT     igmp --  any    any     anywhere             anywhere             /* Allow-IGMP */
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate DNAT /* Accept port redirections */
    1    48 zone_wan_src_ACCEPT  all  --  any    any     anywhere             anywhere

Chain zone_wan_output (1 references)
 pkts bytes target     prot opt in     out     source               destination
    1    44 output_wan_rule  all  --  any    any     anywhere             anywhere             /* user chain for output */
    1    44 zone_wan_dest_ACCEPT  all  --  any    any     anywhere             anywhere

Chain zone_wan_src_ACCEPT (1 references)
 pkts bytes target     prot opt in     out     source               destination
    1    48 ACCEPT     all  --  wlan0  any     anywhere             anywhere

Idź do forum: Oprogramowanie / Software

22 Odpowiedź przez Chriso

(11 odpowiedzi, napisanych Oprogramowanie / Software)

Nie otwierałem portu 22.
Po otwarciu portu 80 dalej nie mogę dostać się do gui.

Idź do forum: Oprogramowanie / Software

23 Temat przez Chriso

(11 odpowiedzi, napisanych Oprogramowanie / Software)

Witam
Mam serwer VPN na routerze z Tomato na protokole PPTP.
Podłączyłem się zdalnie routerem z OpenWRT jako klient do tego serwera i teraz z komputera (w sieci za routerem z Tomato) mam dostęp do klienta poprzez SSH ale nie mogę dostać się do gui (LuCI) przez www.

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd35:8d7c:5092::/48'

config interface 'lan'
        option ifname 'eth0'
        option force_link '1'
        option type 'bridge'
        option proto 'dhcp'
        option ipaddr '192.168.0.54'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'VPN'
        option proto 'pptp'
        option password 'xxxxx'
        option username 'radar1'
        option buffering '1'
        option server 'xxx.xxx.x.x'
        option peerdns '0'
        option defaultroute '0'
        option delegate '0'

config interface 'wwan'
        option proto 'dhcp'
        option _orig_ifname 'wlan0'
        option _orig_bridge 'true'

config route
        option interface 'VPN'
        option target '192.168.0.0'
        option netmask '255.255.255.0'

Idź do forum: Oprogramowanie / Software

24 Odpowiedź przez Chriso

(23 odpowiedzi, napisanych Oprogramowanie / Software)

Ok, błąd usunąłem ale pozostaje dalej problem braku wykrywalności kamery

Idź do forum: Oprogramowanie / Software

25 Odpowiedź przez Chriso

(23 odpowiedzi, napisanych Oprogramowanie / Software)

Zauważyłem jeszcze, że przy instalowaniu jakiegokolwiek pakietu (w tym przypadku instalowałem usbreset) wyskakuje mi bład kmod-lib80211

Installing usbreset (4) to root...
Downloading http://downloads.lede-project.org/snapshots/packages/i386_i486/base/usbreset_4_i386_i486.ipk.
Configuring kmod-lib80211.
Configuring usbreset.
Collected errors:
 * pkg_run_script: package "kmod-lib80211" postinst script returned status 255.
 * opkg_configure: kmod-lib80211.postinst returned 255.

Nie wiem przypadkiem czy ma coś on związanego z moim problemem wykrycia kamery (oraz pendrive)

Idź do forum: Oprogramowanie / Software