Nie jesteś zalogowany. Proszę się zalogować lub zarejestrować.
eko.one.pl → Oprogramowanie / Software → Gargoyle:1.5.4 przekierowanie portu z WAN
Zaloguj się lub zarejestruj by napisać odpowiedź
Witam.
Czy w wersji Gargoyle:1.5.4 (30752) poprawnie działa wam przekierowanie portów z wan do lan?
Mam przekierowany port 8090 do adresu lokalnego ip 192.168.178.5 na port 80. Wszystko jest skonfigurowane za pomocą GUI i nie działa. Działa tylko lokalnie. Co jest grane?
nawet próbowałem przekierować na telnet, i też się nie udało, wszystkie firewall mam powyłączane
wpisy w firewall
config 'redirect' 'redirect_enabled_number_0'
option 'name' '8090'
option 'src' 'wan'
option 'dest' 'lan'
option 'proto' 'tcp'
option 'src_dport' '8090'
option 'dest_ip' '192.168.178.100'
option 'dest_port' '23'
config 'redirect' 'redirect_enabled_number_1'
option 'name' '8090'
option 'src' 'wan'
option 'dest' 'lan'
option 'proto' 'udp'
option 'src_dport' '8090'
option 'dest_ip' '192.168.178.100'
option 'dest_port' '23'Działa. Nie będę już po raz kolejny udowadniał że wszystko jest w porządku. Przeszukaj forum, w którym wątku też to było.
Najprościej jest właśnie tak napisać - ustawić, nie działa więc to na pewno problem z firmware. Podejście takie same jak ktoś ma antywirusa i blokuje mu dostęp do www. Na pewno musi to być problem firmware, a po wyłączeniu okazuje się że jednak to wina podstawowych ustawień komputera.
poważnie nie działa, jeżeli z dwóch różnych miejsc nie działa to znaczy że coś jest nie tak
tak zrobiłem przekierowanie z wan do lan na 192.168.178.5 z portu 7090 na 80
iptables -L -v
root@1043nd:~$ iptables -L -v
Chain INPUT (policy ACCEPT 75 packets, 4011 bytes)
pkts bytes target prot opt in out source destination
766 99228 bw_ingress all -- pppoe-wan any anywhere anywhere
1014 135K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
60 4415 ACCEPT all -- lo any anywhere anywhere
50 2400 syn_flood tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
108 5373 input_rule all -- any any anywhere anywhere
108 5373 input all -- any any anywhere anywhere
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
64 3060 bw_ingress all -- pppoe-wan any anywhere anywhere
0 0 REJECT all -- any any anywhere anywhere connmark match 0x8000/0x8000 reject-with icmp-port-unreachable
64 3060 ingress_restrictions all -- pppoe-wan any anywhere anywhere
89 3690 egress_restrictions all -- any pppoe-wan anywhere anywhere
125 5760 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
28 990 forwarding_rule all -- any any anywhere anywhere
28 990 forward all -- any any anywhere anywhere
0 0 reject all -- any any anywhere anywhere
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
991 207K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
60 4415 ACCEPT all -- any lo anywhere anywhere
33 2113 output_rule all -- any any anywhere anywhere
33 2113 output all -- any any anywhere anywhere
Chain bw_ingress (2 references)
pkts bytes target prot opt in out source destination
0 0 all -- any any anywhere anywhere bandwidth --id total1-download-2-449 --type combined --current_bandwidth 305 --reset_interval 2 --reset_time 2 --intervals_to_save 449
0 0 all -- any any anywhere anywhere match-set local_addr_set dst bandwidth --id bdist1-download-minute-15 --type individual_dst --reset_interval minute --intervals_to_save 15
0 0 all -- any any anywhere anywhere bandwidth --id total2-download-minute-359 --type combined --current_bandwidth 717 --reset_interval minute --intervals_to_save 359
0 0 all -- any any anywhere anywhere match-set local_addr_set dst bandwidth --id bdist2-download-900-24 --type individual_dst --reset_interval 900 --reset_time 900 --intervals_to_save 24
0 0 all -- any any anywhere anywhere bandwidth --id total3-download-180-479 --type combined --current_bandwidth 10567 --reset_interval 180 --reset_time 180 --intervals_to_save 479
0 0 all -- any any anywhere anywhere match-set local_addr_set dst bandwidth --id bdist3-download-hour-24 --type individual_dst --reset_interval hour --intervals_to_save 24
0 0 all -- any any anywhere anywhere bandwidth --id total4-download-7200-359 --type combined --current_bandwidth 1448922 --reset_interval 7200 --reset_time 7200 --intervals_to_save 359
0 0 all -- any any anywhere anywhere match-set local_addr_set dst bandwidth --id bdist4-download-day-31 --type individual_dst --reset_interval day --intervals_to_save 31
0 0 all -- any any anywhere anywhere bandwidth --id total5-download-day-365 --type combined --current_bandwidth 182002296 --reset_interval day --intervals_to_save 365
0 0 all -- any any anywhere anywhere match-set local_addr_set dst bandwidth --id bdist5-download-month-12 --type individual_dst --reset_interval month --intervals_to_save 12
Chain egress_restrictions (1 references)
pkts bytes target prot opt in out source destination
89 3690 egress_whitelist all -- any any anywhere anywhere
Chain egress_whitelist (1 references)
pkts bytes target prot opt in out source destination
Chain forward (1 references)
pkts bytes target prot opt in out source destination
28 990 zone_lan_forward all -- br-lan any anywhere anywhere
0 0 zone_wan_forward all -- pppoe-wan any anywhere anywhere
Chain forwarding_lan (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_rule (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any eth0.2 anywhere anywhere
28 990 nat_reflection_fwd all -- any any anywhere anywhere
Chain forwarding_wan (1 references)
pkts bytes target prot opt in out source destination
Chain ingress_restrictions (1 references)
pkts bytes target prot opt in out source destination
64 3060 ingress_whitelist all -- any any anywhere anywhere
Chain ingress_whitelist (1 references)
pkts bytes target prot opt in out source destination
Chain input (1 references)
pkts bytes target prot opt in out source destination
3 96 zone_lan all -- br-lan any anywhere anywhere
30 1266 zone_wan all -- pppoe-wan any anywhere anywhere
Chain input_lan (1 references)
pkts bytes target prot opt in out source destination
Chain input_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_wan (1 references)
pkts bytes target prot opt in out source destination
25 1050 ACCEPT udp -- any any anywhere anywhere udp dpt:openvpn
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https
1 48 tcp -- any any anywhere anywhere tcp dpt:ssh recent: SET name: SSH_CHECK side: source
0 0 DROP all -- any any anywhere anywhere recent: UPDATE seconds: 300 hit_count: 11 name: SSH_CHECK side: source
1 48 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh connmark match 0x80/0x80
4 168 ACCEPT udp -- any any anywhere anywhere udp dpt:8194
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:8194
Chain nat_reflection_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any 192.168.178.0/24 192.168.178.5 tcp dpt:www
0 0 ACCEPT udp -- any any 192.168.178.0/24 192.168.178.5 udp dpt:80
Chain output (1 references)
pkts bytes target prot opt in out source destination
33 2113 zone_lan_ACCEPT all -- any any anywhere anywhere
33 2113 zone_wan_ACCEPT all -- any any anywhere anywhere
Chain output_rule (1 references)
pkts bytes target prot opt in out source destination
Chain pf_loopback_B (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any anywhere 192.168.178.5 tcp dpt:www
0 0 ACCEPT udp -- any any anywhere 192.168.178.5 udp dpt:80
Chain reject (5 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- any any anywhere anywhere reject-with tcp-reset
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-port-unreachable
Chain syn_flood (1 references)
pkts bytes target prot opt in out source destination
50 2400 RETURN tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
0 0 DROP all -- any any anywhere anywhere
Chain zone_lan (1 references)
pkts bytes target prot opt in out source destination
3 96 input_lan all -- any any anywhere anywhere
3 96 zone_lan_ACCEPT all -- any any anywhere anywhere
Chain zone_lan_ACCEPT (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any br-lan anywhere anywhere
3 96 ACCEPT all -- br-lan any anywhere anywhere
Chain zone_lan_DROP (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any br-lan anywhere anywhere
0 0 DROP all -- br-lan any anywhere anywhere
Chain zone_lan_REJECT (1 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- any br-lan anywhere anywhere
0 0 reject all -- br-lan any anywhere anywhere
Chain zone_lan_forward (1 references)
pkts bytes target prot opt in out source destination
28 990 pf_loopback_B all -- any any anywhere anywhere
0 0 ACCEPT all -- br-lan br-lan anywhere anywhere
28 990 zone_wan_ACCEPT all -- any any anywhere anywhere
0 0 forwarding_lan all -- any any anywhere anywhere
0 0 zone_lan_REJECT all -- any any anywhere anywhere
Chain zone_wan (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:bootpc
0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-request
30 1266 input_wan all -- any any anywhere anywhere
0 0 zone_wan_REJECT all -- any any anywhere anywhere
Chain zone_wan_ACCEPT (2 references)
pkts bytes target prot opt in out source destination
61 3103 ACCEPT all -- any pppoe-wan anywhere anywhere
0 0 ACCEPT all -- pppoe-wan any anywhere anywhere
Chain zone_wan_DROP (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any pppoe-wan anywhere anywhere
0 0 DROP all -- pppoe-wan any anywhere anywhere
Chain zone_wan_REJECT (2 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- any pppoe-wan anywhere anywhere
0 0 reject all -- pppoe-wan any anywhere anywhere
Chain zone_wan_forward (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any anywhere 192.168.178.5 tcp dpt:www
0 0 ACCEPT udp -- any any anywhere 192.168.178.5 udp dpt:80
0 0 forwarding_wan all -- any any anywhere anywhere
0 0 zone_wan_REJECT all -- any any anywhere anywhere iptables -t nat -L -v
root@1043nd:~$ iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 93 packets, 4697 bytes)
pkts bytes target prot opt in out source destination
111 5437 prerouting_rule all -- any any anywhere anywhere
20 746 zone_lan_prerouting all -- br-lan any anywhere anywhere
11 468 zone_wan_prerouting all -- pppoe-wan any anywhere anywhere
Chain POSTROUTING (policy ACCEPT 33 packets, 2427 bytes)
pkts bytes target prot opt in out source destination
126 8749 postrouting_rule all -- any any anywhere anywhere
0 0 zone_lan_nat all -- any br-lan anywhere anywhere
38 2367 zone_wan_nat all -- any pppoe-wan anywhere anywhere
Chain OUTPUT (policy ACCEPT 64 packets, 4396 bytes)
pkts bytes target prot opt in out source destination
Chain nat_reflection_in (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- any any 192.168.178.0/24 77-255-236-22.adsl.inetia.pl tcp dpt:7090 to:192.168.178.5:80
0 0 DNAT udp -- any any 192.168.178.0/24 77-255-236-22.adsl.inetia.pl udp dpt:7090 to:192.168.178.5:80
Chain nat_reflection_out (1 references)
pkts bytes target prot opt in out source destination
0 0 SNAT tcp -- any any 192.168.178.0/24 192.168.178.5 tcp dpt:www to:192.168.178.1
0 0 SNAT udp -- any any 192.168.178.0/24 192.168.178.5 udp dpt:80 to:192.168.178.1
Chain pf_loopback_A (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- any any anywhere anywhere tcp dpt:7090 to:192.168.178.5:80
0 0 DNAT udp -- any any anywhere anywhere udp dpt:7090 to:192.168.178.5:80
Chain pf_loopback_C (1 references)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE tcp -- any any 192.168.178.0/24 192.168.178.5 tcp dpt:www
0 0 MASQUERADE udp -- any any 192.168.178.0/24 192.168.178.5 udp dpt:80
Chain postrouting_rule (1 references)
pkts bytes target prot opt in out source destination
0 0 pf_loopback_C all -- any br-lan anywhere anywhere
0 0 MASQUERADE all -- any eth0.2 anywhere anywhere
114 7966 nat_reflection_out all -- any any anywhere anywhere
Chain prerouting_lan (1 references)
pkts bytes target prot opt in out source destination
Chain prerouting_rule (1 references)
pkts bytes target prot opt in out source destination
105 5197 nat_reflection_in all -- any any anywhere anywhere
Chain prerouting_wan (1 references)
pkts bytes target prot opt in out source destination
6 252 ACCEPT udp -- any any anywhere anywhere udp dpt:openvpn
Chain quota_redirects (1 references)
pkts bytes target prot opt in out source destination
18 670 CONNMARK all -- any any anywhere anywhere CONNMARK and 0xffffff
18 670 CONNMARK all -- any any anywhere anywhere CONNMARK and 0xffffff
Chain zone_lan_nat (1 references)
pkts bytes target prot opt in out source destination
Chain zone_lan_prerouting (1 references)
pkts bytes target prot opt in out source destination
0 0 pf_loopback_A all -- any any anywhere 77-255-236-22.adsl.inetia.pl
18 670 quota_redirects all -- any any anywhere anywhere
20 746 prerouting_lan all -- any any anywhere anywhere
Chain zone_wan_nat (1 references)
pkts bytes target prot opt in out source destination
38 2367 MASQUERADE all -- any any anywhere anywhere
Chain zone_wan_prerouting (1 references)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- any any anywhere anywhere tcp dpt:8194 redir ports 8194
4 168 REDIRECT udp -- any any anywhere anywhere udp dpt:8194 redir ports 8194
1 48 CONNMARK tcp -- any any anywhere anywhere tcp dpt:6022 CONNMARK or 0x80
1 48 REDIRECT tcp -- any any anywhere anywhere tcp dpt:6022 redir ports 22
0 0 REDIRECT tcp -- any any anywhere anywhere tcp dpt:https redir ports 443
0 0 DNAT tcp -- any any anywhere anywhere tcp dpt:7090 to:192.168.178.5:80
0 0 DNAT udp -- any any anywhere anywhere udp dpt:7090 to:192.168.178.5:80
6 252 prerouting_wan all -- any any anywhere anywherecat /etc/config/firewall
root@1043nd:~$ cat /etc/config/firewall
config 'defaults'
option 'syn_flood' '1'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'REJECT'
config 'zone'
option 'name' 'lan'
option 'network' 'lan'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'REJECT'
config 'zone'
option 'name' 'wan'
option 'network' 'wan'
option 'input' 'REJECT'
option 'output' 'ACCEPT'
option 'forward' 'REJECT'
option 'masq' '1'
option 'mtu_fix' '1'
config 'forwarding'
option 'src' 'lan'
option 'dest' 'wan'
config 'rule'
option 'name' 'Allow-DHCP-Renew'
option 'src' 'wan'
option 'proto' 'udp'
option 'dest_port' '68'
option 'target' 'ACCEPT'
option 'family' 'ipv4'
config 'rule'
option 'name' 'Allow-Ping'
option 'src' 'wan'
option 'proto' 'icmp'
option 'icmp_type' 'echo-request'
option 'family' 'ipv4'
option 'target' 'ACCEPT'
config 'rule'
option 'name' 'Allow-DHCPv6'
option 'src' 'wan'
option 'proto' 'udp'
option 'src_ip' 'fe80::/10'
option 'src_port' '547'
option 'dest_ip' 'fe80::/10'
option 'dest_port' '546'
option 'family' 'ipv6'
option 'target' 'ACCEPT'
config 'rule'
option 'name' 'Allow-ICMPv6-Input'
option 'src' 'wan'
option 'proto' 'icmp'
option 'limit' '1000/sec'
option 'family' 'ipv6'
option 'target' 'ACCEPT'
list 'icmp_type' 'echo-request'
list 'icmp_type' 'destination-unreachable'
list 'icmp_type' 'packet-too-big'
list 'icmp_type' 'time-exceeded'
list 'icmp_type' 'bad-header'
list 'icmp_type' 'unknown-header-type'
list 'icmp_type' 'router-solicitation'
list 'icmp_type' 'neighbour-solicitation'
config 'rule'
option 'name' 'Allow-ICMPv6-Forward'
option 'src' 'wan'
option 'dest' '*'
option 'proto' 'icmp'
option 'limit' '1000/sec'
option 'family' 'ipv6'
option 'target' 'ACCEPT'
list 'icmp_type' 'echo-request'
list 'icmp_type' 'destination-unreachable'
list 'icmp_type' 'packet-too-big'
list 'icmp_type' 'time-exceeded'
list 'icmp_type' 'bad-header'
list 'icmp_type' 'unknown-header-type'
config 'include'
option 'path' '/etc/firewall.user'
config 'include'
option 'path' '/usr/lib/gargoyle_firewall_util/gargoyle_additions.firewall'
config 'quota' 'quota_1'
option 'ingress_limit' '104857600'
option 'exceeded_up_speed' '100'
option 'exceeded_down_speed' '250'
option 'reset_interval' 'hour'
option 'ip' '192.168.178.101'
option 'id' '192.168.178.101'
option 'enabled' '0'
config 'remote_accept' 'ra_443_443'
option 'local_port' '443'
option 'remote_port' '443'
option 'proto' 'tcp'
option 'zone' 'wan'
config 'remote_accept' 'ra_22_6022'
option 'local_port' '22'
option 'remote_port' '6022'
option 'proto' 'tcp'
option 'zone' 'wan'
config 'remote_accept' 'ra_8194_8194'
option 'local_port' '8194'
option 'remote_port' '8194'
option 'proto' 'udp'
option 'zone' 'wan'
config 'remote_accept' 'ra_8194_8194_tcp'
option 'local_port' '8194'
option 'remote_port' '8194'
option 'proto' 'tcp'
option 'zone' 'wan'
config 'redirect' 'redirect_enabled_number_0'
option 'name' '7090'
option 'src' 'wan'
option 'dest' 'lan'
option 'proto' 'tcp'
option 'src_dport' '7090'
option 'dest_ip' '192.168.178.5'
option 'dest_port' '80'
config 'redirect' 'redirect_enabled_number_1'
option 'name' '7090'
option 'src' 'wan'
option 'dest' 'lan'
option 'proto' 'udp'
option 'src_dport' '7090'
option 'dest_ip' '192.168.178.5'
option 'dest_port' '80'Właśnie pokazałeś że żaden (ani jeden) pakiet nie złapał się w tą regułę. Co więcej - pingować 77-255-236-22.adsl.inetia.pl też się nie da pingować. Na pewno masz stronę wan otworzoną na tym porcie?
ta dwa wątki i ten sam temat fajnie 
Cezary działa. Dzięki za info.
Próbuje teraz ograniczyć przez src_ip żeby tylko z wan z określonego adresu ip łączył się na na porcie 7000. Jednak poniższa reguła nie działa wszyscy mają dostęp z zewnątrz. Jak ograniczyć ruch przychodzący do określonego adresu ip
Oto moja nie działająca regułą
config 'redirect'
option '_name' 'ftp'
option 'src' 'wan'
option 'src_ip' '85.12.108.70'
option 'proto' 'tcpudp'
option 'src_dport' '7000'
option 'dest_port' '7000'
option 'dest_ip' '192.168.178.40'
Cześć,
Mam problem z przekierowaniem portów. Tzn nie wiem czy mam otwarte porty "na świat". Mój provider twierdzi, ze nie zamykał żadnych portów, nikomu. Jak sprawdzam swój adres ip, przez jakieś "port checkery" to wszystko zablokowane (oprócz podstawowych, http, ftp, itp). Czy Gargulec jakoś domyślnie blokuje porty "na świat"? Jeśli tak to jak mogę to odblokować? Czy porpostu mój provider mnie kłamie jawnie?
Wszsytko oczywiście działa mi lokalnie. Tzn ta aplikacja do której chce się łączyć zdalnie.
Jeśli pisze jakieś głupoty, albo czegos do konca nie rozumiem, serdecznie prosze o oswiecenie
Jak w każdym openwrt - domyślnie na wan jest wszystko poblokowane. Potrzebujesz to otwórz dany port (jeżeli usługa jest na routerze) lub przekieruj port (jeżeli jest na innym komputerze w sieci za routerem).
Dzieki za super szybko odp.
Da sie to zrobic z web'a? Tzn otworzyc port WAN, bo nie widze takiej opcji... ;/
Nie, otworzyć port możesz ręcznie: http://eko.one.pl/?p=openwrt-konfigurac … estronywan
Wszystkie usługi które tego wymagają a są w gargoyle mają to ("zdalny dostęp").
Dzięki wielkie, jesteś super!
PS. na jaki adres mogę ci wysłać stary router?
Dzięki wielkie, jesteś super!
PS. na jaki adres mogę ci wysłać stary router?
Wysłałem Ci mejla.
Hej, wydaje mi się że mam podobny problem. próbuje przekierować www na serwerek w LAN. router to gargoyle 192.186.1.1, serwerej raspberry pi z www 192.186.1.2
lokalnie laczac sie przez przeglądarkę z adresem 192.168.1.2 jest ok a jak probuje przez zewnetrzne ip albo domene to dostaje connection refused 
router z zewnątrz
Nmap scan report for szczuro.com (46.238.244.246)
Host is up (0.0098s latency).
rDNS record for 46.238.244.246: static-46-238-244-246.awacom.net
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
443/tcp open https
8080/tcp open http-proxy router z wewnatrz
Nmap scan report for szczuro.szczuro.com (192.168.1.1)
Host is up (0.00095s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp open http
111/tcp open rpcbind
443/tcp open https serwer z www
Nmap scan report for malinka.szczuro.com (192.168.1.2)
Host is up (0.0054s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
139/tcp open netbios-ssn
445/tcp open microsoft-ds wyklikałem w panelu www przekiweowanie z 80 na 80, do tego jeszcze otworzylem port 80. Mimo to otwarte porty sie nie zmienily, co może być nie tak ?
config redirect 'redirect_enabled_number_0'
option name 'ww22'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '80'
option dest_ip '192.168.1.2'
option dest_port '80'
config redirect 'redirect_enabled_number_1'
option name 'ww22'
option src 'wan'
option dest 'lan'
option proto 'udp'
option src_dport '80'
option dest_ip '192.168.1.2'
option dest_port '80'
config rule 'allow_www'
option name 'www'
option src 'wan'
option proto 'tcp'
option target 'ACCEPT'
option dest_port '80'A serwer gargoyle słucha na 80 czy nie? config rule 'allow_www' nie jest ci potrzebny.
jesli chodzi Ci o własny serwer www gargoyla (ten z panelem administracyjnym) to tak
To go przestaw na inny port bo nie możesz słuchać na 80 i mieć go jednocześnie przekierowanego na inny host.
myslałem że 80 lan to inny port niż 80 wan. ok przestawiłem na 81, i usunąłem ten allow_www ale dalej mam pozamykane porty i refused
gargoyle od strony wan
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
443/tcp open https
8080/tcp open http-proxyod lan
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
81/tcp open hosts2-ns
111/tcp open rpcbind
443/tcp open httpsI pokaż teraz co masz po /etc/init.d/firewall restart
w miedzyczasie zmienilem nazwe redirecta z ww22 na www
# /etc/init.d/firewall restart
Warning: Section @zone[1] (wan) cannot resolve device of network 'wan6'
Warning: Section 'redirect_enabled_number_0' has no target specified, defaulting to DNAT
Warning: Section 'redirect_enabled_number_1' has no target specified, defaulting to DNAT
* Flushing IPv4 filter table
* Flushing IPv4 nat table
* Flushing IPv4 mangle table
* Flushing IPv4 raw table
* Flushing conntrack table ...
* Populating IPv4 filter table
* Zone 'lan'
* Zone 'wan'
* Rule 'Allow-DHCP-Renew'
* Rule 'Allow-Ping'
* Redirect 'www'
* Redirect 'www'
* Forward 'lan' -> 'wan'
* Populating IPv4 nat table
* Zone 'lan'
* Zone 'wan'
* Redirect 'www'
* Redirect 'www'
* Populating IPv4 mangle table
* Zone 'lan'
* Zone 'wan'
* Populating IPv4 raw table
* Zone 'lan'
* Zone 'wan'
* Set tcp_ecn to off
* Set tcp_syncookies to on
* Set tcp_window_scaling to on
* Running script '/etc/firewall.user'
* Running script '/usr/lib/gargoyle_firewall_util/gargoyle_additions.firewall'
* Running script '/usr/share/miniupnpd/firewall.include'
* Running script '/etc/openvpn.firewall'hmm o co chodzi z tym targetem ?
Warning: Section 'redirect_enabled_number_0' has no target specified, defaulting to DNAT
Warning: Section 'redirect_enabled_number_1' has no target specified, defaulting to DNAT
czegos tu jeszcze brakuje ?
config redirect 'redirect_enabled_number_0'
option name 'www'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '80'
option dest_ip '192.168.1.2'
option dest_port '80'
hmm o co chodzi z tym targetem ?
Warning: Section 'redirect_enabled_number_0' has no target specified, defaulting to DNAT
Warning: Section 'redirect_enabled_number_1' has no target specified, defaulting to DNAT
czegos tu jeszcze brakuje ?config redirect 'redirect_enabled_number_0' option name 'www' option src 'wan' option dest 'lan' option proto 'tcp' option src_dport '80' option dest_ip '192.168.1.2' option dest_port '80'
Bo pewnie jak napisał, nie ma target'a. Jak nie chcesz żeby wypisywał dodaj "option target 'DNAT'"
właśnie dopisałem ale nic to nie zmienia
Sam sobie dodaje, niczego nie brakuje. iptables -v -L pokaż.
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1060 165K delegate_input all -- any any anywhere anywhere
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
167K 149M delegate_forward all -- any any anywhere anywhere
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1095 245K delegate_output all -- any any anywhere anywhere
Chain MINIUPNPD (1 references)
pkts bytes target prot opt in out source destination
Chain delegate_forward (1 references)
pkts bytes target prot opt in out source destination
167K 149M forwarding_rule all -- any any anywhere anywhere /* user chain for forwarding */
165K 149M ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED
2041 130K zone_lan_forward all -- br-lan any anywhere anywhere
4 240 zone_wan_forward all -- eth0.2 any anywhere anywhere
0 0 reject all -- any any anywhere anywhere
Chain delegate_input (1 references)
pkts bytes target prot opt in out source destination
16 1436 ACCEPT all -- lo any anywhere anywhere
1044 164K input_rule all -- any any anywhere anywhere /* user chain for input */
554 129K ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED
20 968 syn_flood tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
473 31566 zone_lan_input all -- br-lan any anywhere anywhere
17 3253 zone_wan_input all -- eth0.2 any anywhere anywhere
Chain delegate_output (1 references)
pkts bytes target prot opt in out source destination
16 1436 ACCEPT all -- any lo anywhere anywhere
1079 243K output_rule all -- any any anywhere anywhere /* user chain for output */
633 213K ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED
0 0 zone_lan_output all -- any br-lan anywhere anywhere
446 30817 zone_wan_output all -- any eth0.2 anywhere anywhere
Chain forwarding_lan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_rule (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_wan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_lan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_wan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output_lan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output_rule (1 references)
pkts bytes target prot opt in out source destination
Chain output_wan_rule (1 references)
pkts bytes target prot opt in out source destination
Chain reject (3 references)
pkts bytes target prot opt in out source destination
11 1347 REJECT tcp -- any any anywhere anywhere reject-with tcp-reset
6 1906 REJECT all -- any any anywhere anywhere reject-with icmp-port-unreachable
Chain syn_flood (1 references)
pkts bytes target prot opt in out source destination
20 968 RETURN tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
0 0 DROP all -- any any anywhere anywhere
Chain zone_lan_dest_ACCEPT (3 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any br-lan anywhere anywhere
Chain zone_lan_forward (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- br-lan br-lan anywhere anywhere
2041 130K forwarding_lan_rule all -- any any anywhere anywhere /* user chain for forwarding */
0 0 zone_lan_dest_ACCEPT tcp -- any any 192.168.1.0/24 malinka tcp dpt:www /* www (reflection) */
0 0 zone_lan_dest_ACCEPT udp -- any any 192.168.1.0/24 malinka udp dpt:80 /* www (reflection) */
2041 130K zone_wan_dest_ACCEPT all -- any any anywhere anywhere /* forwarding lan -> wan */
0 0 zone_lan_src_REJECT all -- any any anywhere anywhere
Chain zone_lan_input (1 references)
pkts bytes target prot opt in out source destination
473 31566 input_lan_rule all -- any any anywhere anywhere /* user chain for input */
473 31566 zone_lan_src_ACCEPT all -- any any anywhere anywhere
Chain zone_lan_output (1 references)
pkts bytes target prot opt in out source destination
0 0 output_lan_rule all -- any any anywhere anywhere /* user chain for output */
0 0 zone_lan_dest_ACCEPT all -- any any anywhere anywhere
Chain zone_lan_src_ACCEPT (1 references)
pkts bytes target prot opt in out source destination
473 31566 ACCEPT all -- br-lan any anywhere anywhere
Chain zone_lan_src_REJECT (1 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- br-lan any anywhere anywhere
Chain zone_wan_dest_ACCEPT (2 references)
pkts bytes target prot opt in out source destination
2487 160K ACCEPT all -- any eth0.2 anywhere anywhere
Chain zone_wan_forward (1 references)
pkts bytes target prot opt in out source destination
4 240 MINIUPNPD all -- any any anywhere anywhere
4 240 forwarding_wan_rule all -- any any anywhere anywhere /* user chain for forwarding */
4 240 ACCEPT tcp -- any any anywhere malinka tcp dpt:www /* www */
0 0 ACCEPT udp -- any any anywhere malinka udp dpt:80 /* www */
0 0 zone_wan_src_REJECT all -- any any anywhere anywhere
Chain zone_wan_input (1 references)
pkts bytes target prot opt in out source destination
17 3253 input_wan_rule all -- any any anywhere anywhere /* user chain for input */
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:bootpc /* Allow-DHCP-Renew */
0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-request /* Allow-Ping */
17 3253 zone_wan_src_REJECT all -- any any anywhere anywhere
Chain zone_wan_output (1 references)
pkts bytes target prot opt in out source destination
446 30817 output_wan_rule all -- any any anywhere anywhere /* user chain for output */
446 30817 zone_wan_dest_ACCEPT all -- any any anywhere anywhere
Chain zone_wan_src_REJECT (2 references)
pkts bytes target prot opt in out source destination
17 3253 reject all -- eth0.2 any anywhere anywhereZaloguj się lub zarejestruj by napisać odpowiedź
eko.one.pl → Oprogramowanie / Software → Gargoyle:1.5.4 przekierowanie portu z WAN
Forum oparte o PunBB, wspierane przez Informer Technologies, Inc