Temat: n2n - otwarcie portu
Witam
Mam problem z otwarciem portu potrzebnego do supernode n2n. Gargoyle PL AA ostatnia wersja.
Supernode chyba działa:
10501 root 832 S /usr/sbin/edge -r -a x.x.x.x -s 255.255.255.0 -c xxxx -k xxxxxx -l xxxxxxxxxx:86
10503 root 780 S /usr/sbin/supernode -l 86
10849 root 1500 R psFeb 18 22:29:10 wr740 daemon.info n2n[10313]: Starting n2n edge 2.1.0 Jul 25 2013 12:23:01
Feb 18 22:29:10 wr740 daemon.info n2n[10313]: supernode 0 => xxxxxxxx:86
Feb 18 22:29:10 wr740 daemon.info n2n[10313]: supernode 1 =>
Feb 18 22:29:10 wr740 daemon.info n2n[10315]: supernode is listening on UDP 86 (main)
Feb 18 22:29:10 wr740 daemon.info n2n[10315]: supernode is listening on UDP 5645 (management)
Feb 18 22:29:10 wr740 daemon.info n2n[10315]: supernode started
Feb 18 22:29:10 wr740 daemon.info n2n[10313]: ip_mode='static'
Feb 18 22:29:10 wr740 daemon.notice netifd: Interface 'n2n' is now up
Feb 18 22:29:10 wr740 daemon.info n2n[10313]: Interface edge0 has MAC xx:64:xx:16:69:5A
Feb 18 22:29:10 wr740 daemon.info n2n[10313]: edge started
Feb 18 22:29:10 wr740 daemon.info n2n[10313]: Chose new tx_transop_idx=1
Feb 18 22:29:10 wr740 daemon.info n2n[10313]: Rx REGISTER_SUPER_ACK myMAC=xx:64:xx:16:69:5A [xx.xx.16.87:86] (external xx.xx.16.87:55472). Attempts 2
Feb 18 22:29:10 wr740 user.notice firewall: Reloading firewall due to ifup of n2n (edge0)etc/config/n2n
config edge
option ipaddr '10.0.0.6'
option netmask '255.255.255.0'
option supernode 'xxxxxxxxxx'
option port '86'
option community 'xxxxxx'
option key 'xxxxxxx'
option route '1'
config supernode
option port '86'etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
option reload '1'
config include
option type 'script'
option path '/usr/lib/gargoyle_firewall_util/gargoyle_additions.firewall'
option family 'IPv4'
option reload '1'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'IPv4'
option reload '1'
config zone
option name 'n2n'
option network 'n2n'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
config forwarding
option src 'lan'
option dest 'n2n'
config rule
option name 'n2n'
option src 'wan'
option target 'ACCEPT'
option proto 'udp'
option dest_port '86'iptables -v -L
root@wr740:~# iptables -v -L
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
182 38778 bw_ingress all -- eth1 any anywhere anywhere
2124 226K delegate_input all -- any any anywhere anywhere
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
11874 1024K bw_ingress all -- eth1 any anywhere anywhere
11928 1027K ingress_restrictions all -- eth1 any anywhere anywhere
18220 4814K egress_restrictions all -- any eth1 anywhere anywhere
30175 5843K delegate_forward all -- any any anywhere anywhere
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
706 113K delegate_output all -- any any anywhere anywhere
Chain MINIUPNPD (1 references)
pkts bytes target prot opt in out source destination
Chain bw_ingress (2 references)
pkts bytes target prot opt in out source destination
0 0 all -- any any anywhere anywhere bandwidth --id total1-download-2-449 --type combined --current_bandwidth 0 --reset_interval 2 --reset_time 2 --intervals_to_save 449
0 0 all -- any any anywhere anywhere match-set local_addr_set dst bandwidth --id bdist1-download-minute-15 --type individual_dst --reset_interval minute --intervals_to_save 15
0 0 all -- any any anywhere anywhere bandwidth --id total2-download-minute-359 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 359
0 0 all -- any any anywhere anywhere match-set local_addr_set dst bandwidth --id bdist2-download-900-24 --type individual_dst --reset_interval 900 --reset_time 900 --intervals_to_save 24
0 0 all -- any any anywhere anywhere bandwidth --id total3-download-180-479 --type combined --current_bandwidth 0 --reset_interval 180 --reset_time 180 --intervals_to_save 479
0 0 all -- any any anywhere anywhere match-set local_addr_set dst bandwidth --id bdist3-download-hour-24 --type individual_dst --reset_interval hour --intervals_to_save 24
0 0 all -- any any anywhere anywhere bandwidth --id total4-download-7200-359 --type combined --current_bandwidth 0 --reset_interval 7200 --reset_time 7200 --intervals_to_save 359
0 0 all -- any any anywhere anywhere match-set local_addr_set dst bandwidth --id bdist4-download-day-31 --type individual_dst --reset_interval day --intervals_to_save 31
0 0 all -- any any anywhere anywhere bandwidth --id total5-download-day-365 --type combined --current_bandwidth 0 --reset_interval day --intervals_to_save 365
0 0 all -- any any anywhere anywhere match-set local_addr_set dst bandwidth --id bdist5-download-month-12 --type individual_dst --reset_interval month --intervals_to_save 12
Chain delegate_forward (1 references)
pkts bytes target prot opt in out source destination
30175 5843K forwarding_rule all -- any any anywhere anywhere /* user chain for forwarding */
30126 5840K ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED
49 3685 zone_lan_forward all -- br-lan any anywhere anywhere
0 0 zone_wan_forward all -- eth1 any anywhere anywhere
0 0 zone_n2n_forward all -- edge0 any anywhere anywhere
0 0 reject all -- any any anywhere anywhere
Chain delegate_input (1 references)
pkts bytes target prot opt in out source destination
26 1795 ACCEPT all -- lo any anywhere anywhere
2098 224K input_rule all -- any any anywhere anywhere /* user chain for input */
508 82941 ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED
64 3320 syn_flood tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
1496 117K zone_lan_input all -- br-lan any anywhere anywhere
94 23871 zone_wan_input all -- eth1 any anywhere anywhere
0 0 zone_n2n_input all -- edge0 any anywhere anywhere
Chain delegate_output (1 references)
pkts bytes target prot opt in out source destination
26 1795 ACCEPT all -- any lo anywhere anywhere
680 112K output_rule all -- any any anywhere anywhere /* user chain for output */
590 103K ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED
8 2624 zone_lan_output all -- any br-lan anywhere anywhere
82 5948 zone_wan_output all -- any eth1 anywhere anywhere
0 0 zone_n2n_output all -- any edge0 anywhere anywhere
Chain egress_restrictions (1 references)
pkts bytes target prot opt in out source destination
18220 4814K egress_whitelist all -- any any anywhere anywhere
Chain egress_whitelist (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_lan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_n2n_rule (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_rule (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_wan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain ingress_restrictions (1 references)
pkts bytes target prot opt in out source destination
11928 1027K ingress_whitelist all -- any any anywhere anywhere
Chain ingress_whitelist (1 references)
pkts bytes target prot opt in out source destination
Chain input_lan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_n2n_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_wan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output_lan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output_n2n_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output_wan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain pf_loopback_B (1 references)
pkts bytes target prot opt in out source destination
Chain reject (3 references)
pkts bytes target prot opt in out source destination
11 569 REJECT tcp -- any any anywhere anywhere reject-with tcp-reset
5 448 REJECT all -- any any anywhere anywhere reject-with icmp-port-unreachable
Chain syn_flood (1 references)
pkts bytes target prot opt in out source destination
64 3320 RETURN tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
0 0 DROP all -- any any anywhere anywhere
Chain zone_lan_dest_ACCEPT (1 references)
pkts bytes target prot opt in out source destination
8 2624 ACCEPT all -- any br-lan anywhere anywhere
Chain zone_lan_forward (1 references)
pkts bytes target prot opt in out source destination
39 2580 pf_loopback_B all -- any any anywhere anywhere
0 0 ACCEPT all -- br-lan br-lan anywhere anywhere
49 3685 forwarding_lan_rule all -- any any anywhere anywhere /* user chain for forwarding */
49 3685 zone_wan_dest_ACCEPT all -- any any anywhere anywhere /* forwarding lan -> wan */
0 0 zone_n2n_dest_ACCEPT all -- any any anywhere anywhere /* forwarding lan -> n2n */
0 0 zone_lan_src_REJECT all -- any any anywhere anywhere
Chain zone_lan_input (1 references)
pkts bytes target prot opt in out source destination
1496 117K input_lan_rule all -- any any anywhere anywhere /* user chain for input */
1496 117K zone_lan_src_ACCEPT all -- any any anywhere anywhere
Chain zone_lan_output (1 references)
pkts bytes target prot opt in out source destination
8 2624 output_lan_rule all -- any any anywhere anywhere /* user chain for output */
8 2624 zone_lan_dest_ACCEPT all -- any any anywhere anywhere
Chain zone_lan_src_ACCEPT (1 references)
pkts bytes target prot opt in out source destination
1496 117K ACCEPT all -- br-lan any anywhere anywhere
Chain zone_lan_src_REJECT (1 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- br-lan any anywhere anywhere
Chain zone_n2n_dest_ACCEPT (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any edge0 anywhere anywhere
Chain zone_n2n_forward (1 references)
pkts bytes target prot opt in out source destination
0 0 forwarding_n2n_rule all -- any any anywhere anywhere /* user chain for forwarding */
0 0 zone_n2n_src_ACCEPT all -- any any anywhere anywhere
Chain zone_n2n_input (1 references)
pkts bytes target prot opt in out source destination
0 0 input_n2n_rule all -- any any anywhere anywhere /* user chain for input */
0 0 zone_n2n_src_ACCEPT all -- any any anywhere anywhere
Chain zone_n2n_output (1 references)
pkts bytes target prot opt in out source destination
0 0 output_n2n_rule all -- any any anywhere anywhere /* user chain for output */
0 0 zone_n2n_dest_ACCEPT all -- any any anywhere anywhere
Chain zone_n2n_src_ACCEPT (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- edge0 any anywhere anywhere
Chain zone_wan_dest_ACCEPT (2 references)
pkts bytes target prot opt in out source destination
131 9633 ACCEPT all -- any eth1 anywhere anywhere
Chain zone_wan_forward (1 references)
pkts bytes target prot opt in out source destination
0 0 MINIUPNPD all -- any any anywhere anywhere
0 0 forwarding_wan_rule all -- any any anywhere anywhere /* user chain for forwarding */
0 0 zone_wan_src_REJECT all -- any any anywhere anywhere
Chain zone_wan_input (1 references)
pkts bytes target prot opt in out source destination
94 23871 input_wan_rule all -- any any anywhere anywhere /* user chain for input */
67 22172 ACCEPT udp -- any any anywhere anywhere udp dpt:bootpc /* Allow-DHCP-Renew */
0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-request /* Allow-Ping */
11 682 ACCEPT udp -- any any anywhere anywhere udp dpt:86 /* n2n */
16 1017 zone_wan_src_REJECT all -- any any anywhere anywhere
Chain zone_wan_output (1 references)
pkts bytes target prot opt in out source destination
82 5948 output_wan_rule all -- any any anywhere anywhere /* user chain for output */
82 5948 zone_wan_dest_ACCEPT all -- any any anywhere anywhere
Chain zone_wan_src_REJECT (2 references)
pkts bytes target prot opt in out source destination
16 1017 reject all -- eth1 any anywhere anywhereNie wiem gdzie jest problem. Otwarcie portu ssh przez gui działa bardzo dobrze.