[Berlin-wireless] komisches Problem
Sebastian Re
sebastian.re at posteo.de
Mo Okt 2 06:12:20 CEST 2017
Na was ist denn hier los,
ganzschön ruhig seit Donnerstag.
Dann will ich mal mein Problemchen in die Community werfen:
Seit einem Stromausfall leitet mein Freifunkrouter keine Pakete mehr an
die Clients weiter.
Bis zum Router flutscht alles. Nur wenn ich per SSH einen dynamischen
Port auf dem Router öffne und diesen auf dem Client als SOCKS-Proxy
angebe fließen die Pakete auch bis zum Client. Ich würde mal die
IPtables verdächtigen, auf dem Gebiet kenn ich mich allerdings noch
recht schlecht aus.
Kurz zum Setup: TL-WR1043ND verbunden per Lanmesh mit CPE510 auf dem
Dach, die am BBB hängt.
Für Hilfe bin ich immer dankbar.
LG Basti
[root] ~> iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
delegate_input all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
delegate_forward all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
delegate_output all -- anywhere anywhere
Chain delegate_forward (1 references)
target prot opt source destination
forwarding_rule all -- anywhere anywhere
/* user chain for forwarding */
ACCEPT all -- anywhere anywhere
ctstate RELATED,ESTABLISHED
zone_wan_forward all -- anywhere anywhere
zone_freifunk_forward all -- anywhere
anywhere
zone_freifunk_forward all -- anywhere
anywhere
zone_freifunk_forward all -- anywhere
anywhere
zone_freifunk_forward all -- anywhere
anywhere
zone_freifunk_forward all -- anywhere
anywhere
reject all -- anywhere anywhere
Chain delegate_input (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
input_rule all -- anywhere anywhere /*
user chain for input */
ACCEPT all -- anywhere anywhere
ctstate RELATED,ESTABLISHED
syn_flood tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,ACK/SYN
zone_wan_input all -- anywhere anywhere
zone_freifunk_input all -- anywhere anywhere
zone_freifunk_input all -- anywhere anywhere
zone_freifunk_input all -- anywhere anywhere
zone_freifunk_input all -- anywhere anywhere
zone_freifunk_input all -- anywhere anywhere
Chain delegate_output (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
output_rule all -- anywhere anywhere /*
user chain for output */
ACCEPT all -- anywhere anywhere
ctstate RELATED,ESTABLISHED
zone_wan_output all -- anywhere anywhere
zone_freifunk_output all -- anywhere anywhere
zone_freifunk_output all -- anywhere anywhere
zone_freifunk_output all -- anywhere anywhere
zone_freifunk_output all -- anywhere anywhere
zone_freifunk_output all -- anywhere anywhere
Chain forwarding_freifunk_rule (1 references)
target prot opt source destination
Chain forwarding_rule (1 references)
target prot opt source destination
Chain forwarding_wan_rule (1 references)
target prot opt source destination
Chain input_freifunk_rule (1 references)
target prot opt source destination
Chain input_rule (1 references)
target prot opt source destination
Chain input_wan_rule (1 references)
target prot opt source destination
Chain output_freifunk_rule (1 references)
target prot opt source destination
Chain output_rule (1 references)
target prot opt source destination
Chain output_wan_rule (1 references)
target prot opt source destination
Chain reject (2 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere
reject-with tcp-reset
REJECT all -- anywhere anywhere
reject-with icmp-port-unreachable
Chain syn_flood (1 references)
target prot opt source destination
RETURN tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
DROP all -- anywhere anywhere
Chain zone_freifunk_dest_ACCEPT (4 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain zone_freifunk_forward (5 references)
target prot opt source destination
forwarding_freifunk_rule all -- anywhere
anywhere /* user chain for forwarding */
zone_freifunk_dest_ACCEPT all -- anywhere
anywhere /* forwarding freifunk -> freifunk */
ACCEPT all -- anywhere anywhere
ctstate DNAT /* Accept port forwards */
zone_freifunk_dest_ACCEPT all -- anywhere
anywhere
Chain zone_freifunk_input (5 references)
target prot opt source destination
input_freifunk_rule all -- anywhere
anywhere /* user chain for input */
ACCEPT icmp -- anywhere anywhere /*
@rule[5] */
ACCEPT tcp -- anywhere anywhere tcp
dpt:www /* @rule[6] */
ACCEPT tcp -- anywhere anywhere tcp
dpt:https /* @rule[7] */
ACCEPT tcp -- anywhere anywhere tcp
dpt:ssh /* @rule[8] */
ACCEPT all -- anywhere anywhere
ctstate DNAT /* Accept port redirections */
zone_freifunk_src_ACCEPT all -- anywhere
anywhere
Chain zone_freifunk_output (5 references)
target prot opt source destination
output_freifunk_rule all -- anywhere
anywhere /* user chain for output */
zone_freifunk_dest_ACCEPT all -- anywhere
anywhere
Chain zone_freifunk_src_ACCEPT (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain zone_wan_dest_ACCEPT (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain zone_wan_dest_REJECT (1 references)
target prot opt source destination
reject all -- anywhere anywhere
Chain zone_wan_forward (1 references)
target prot opt source destination
forwarding_wan_rule all -- anywhere
anywhere /* user chain for forwarding */
zone_freifunk_dest_ACCEPT all -- anywhere
anywhere /* forwarding wan -> freifunk */
ACCEPT all -- anywhere anywhere
ctstate DNAT /* Accept port forwards */
zone_wan_dest_REJECT all -- anywhere anywhere
Chain zone_wan_input (1 references)
target prot opt source destination
input_wan_rule all -- anywhere anywhere
/* user chain for input */
ACCEPT udp -- anywhere anywhere udp
dpt:bootpc /* Allow-DHCP-Renew */
ACCEPT icmp -- anywhere anywhere icmp
echo-request /* Allow-Ping */
ACCEPT all -- anywhere anywhere
ctstate DNAT /* Accept port redirections */
zone_wan_src_ACCEPT all -- anywhere anywhere
Chain zone_wan_output (1 references)
target prot opt source destination
output_wan_rule all -- anywhere anywhere
/* user chain for output */
zone_wan_dest_ACCEPT all -- anywhere anywhere
Chain zone_wan_src_ACCEPT (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <https://lists.berlin.freifunk.net/pipermail/berlin/attachments/20171002/68c25cf0/attachment.html>
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname : 0xBDE8DFA7.asc
Dateityp : application/pgp-keys
Dateigröße : 5609 bytes
Beschreibung: nicht verfügbar
URL : <https://lists.berlin.freifunk.net/pipermail/berlin/attachments/20171002/68c25cf0/attachment.key>
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname : signature.asc
Dateityp : application/pgp-signature
Dateigröße : 833 bytes
Beschreibung: OpenPGP digital signature
URL : <https://lists.berlin.freifunk.net/pipermail/berlin/attachments/20171002/68c25cf0/attachment.sig>
Mehr Informationen über die Mailingliste Berlin