[Berlin-wireless] komisches Problem
Philipp Borgers
borgers at mi.fu-berlin.de
Mo Okt 2 12:37:39 CEST 2017
Was bekommst du denn als Antwort, wenn du einen Host im Internet pingst?
Manchmal kann man aus der Antwort etwas ablesen. Wie weit kommt ein Traceroute?
Was lässt dich vermuten, dass es die Firewall ist?
Es gibt noch Routing Regeln (ip rule), die manchmal ein Routing ins Internet
verhindern.
Wird das Netz der Clients im OLSR annouced als HNA?
Gruß Philipp
On Mon, Oct 02, 2017 at 06:12:20AM +0200, Sebastian Re wrote:
> Na was ist denn hier los,
>
> ganzschön ruhig seit Donnerstag.
>
> Dann will ich mal mein Problemchen in die Community werfen:
>
> Seit einem Stromausfall leitet mein Freifunkrouter keine Pakete mehr an
> die Clients weiter.
>
> Bis zum Router flutscht alles. Nur wenn ich per SSH einen dynamischen
> Port auf dem Router öffne und diesen auf dem Client als SOCKS-Proxy
> angebe fließen die Pakete auch bis zum Client. Ich würde mal die
> IPtables verdächtigen, auf dem Gebiet kenn ich mich allerdings noch
> recht schlecht aus.
>
> Kurz zum Setup: TL-WR1043ND verbunden per Lanmesh mit CPE510 auf dem
> Dach, die am BBB hängt.
>
> Für Hilfe bin ich immer dankbar.
>
> LG Basti
>
>
> [root] ~> iptables -L
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> delegate_input all -- anywhere anywhere
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
> delegate_forward all -- anywhere anywhere
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> delegate_output all -- anywhere anywhere
>
> Chain delegate_forward (1 references)
> target prot opt source destination
> forwarding_rule all -- anywhere anywhere
> /* user chain for forwarding */
> ACCEPT all -- anywhere anywhere
> ctstate RELATED,ESTABLISHED
> zone_wan_forward all -- anywhere anywhere
> zone_freifunk_forward all -- anywhere
> anywhere
> zone_freifunk_forward all -- anywhere
> anywhere
> zone_freifunk_forward all -- anywhere
> anywhere
> zone_freifunk_forward all -- anywhere
> anywhere
> zone_freifunk_forward all -- anywhere
> anywhere
> reject all -- anywhere anywhere
>
> Chain delegate_input (1 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
> input_rule all -- anywhere anywhere /*
> user chain for input */
> ACCEPT all -- anywhere anywhere
> ctstate RELATED,ESTABLISHED
> syn_flood tcp -- anywhere anywhere tcp
> flags:FIN,SYN,RST,ACK/SYN
> zone_wan_input all -- anywhere anywhere
> zone_freifunk_input all -- anywhere anywhere
> zone_freifunk_input all -- anywhere anywhere
> zone_freifunk_input all -- anywhere anywhere
> zone_freifunk_input all -- anywhere anywhere
> zone_freifunk_input all -- anywhere anywhere
>
> Chain delegate_output (1 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
> output_rule all -- anywhere anywhere /*
> user chain for output */
> ACCEPT all -- anywhere anywhere
> ctstate RELATED,ESTABLISHED
> zone_wan_output all -- anywhere anywhere
> zone_freifunk_output all -- anywhere anywhere
> zone_freifunk_output all -- anywhere anywhere
> zone_freifunk_output all -- anywhere anywhere
> zone_freifunk_output all -- anywhere anywhere
> zone_freifunk_output all -- anywhere anywhere
>
> Chain forwarding_freifunk_rule (1 references)
> target prot opt source destination
>
> Chain forwarding_rule (1 references)
> target prot opt source destination
>
> Chain forwarding_wan_rule (1 references)
> target prot opt source destination
>
> Chain input_freifunk_rule (1 references)
> target prot opt source destination
>
> Chain input_rule (1 references)
> target prot opt source destination
>
> Chain input_wan_rule (1 references)
> target prot opt source destination
>
> Chain output_freifunk_rule (1 references)
> target prot opt source destination
>
> Chain output_rule (1 references)
> target prot opt source destination
>
> Chain output_wan_rule (1 references)
> target prot opt source destination
>
> Chain reject (2 references)
> target prot opt source destination
> REJECT tcp -- anywhere anywhere
> reject-with tcp-reset
> REJECT all -- anywhere anywhere
> reject-with icmp-port-unreachable
>
> Chain syn_flood (1 references)
> target prot opt source destination
> RETURN tcp -- anywhere anywhere tcp
> flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
> DROP all -- anywhere anywhere
>
> Chain zone_freifunk_dest_ACCEPT (4 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere
>
> Chain zone_freifunk_forward (5 references)
> target prot opt source destination
> forwarding_freifunk_rule all -- anywhere
> anywhere /* user chain for forwarding */
> zone_freifunk_dest_ACCEPT all -- anywhere
> anywhere /* forwarding freifunk -> freifunk */
> ACCEPT all -- anywhere anywhere
> ctstate DNAT /* Accept port forwards */
> zone_freifunk_dest_ACCEPT all -- anywhere
> anywhere
>
> Chain zone_freifunk_input (5 references)
> target prot opt source destination
> input_freifunk_rule all -- anywhere
> anywhere /* user chain for input */
> ACCEPT icmp -- anywhere anywhere /*
> @rule[5] */
> ACCEPT tcp -- anywhere anywhere tcp
> dpt:www /* @rule[6] */
> ACCEPT tcp -- anywhere anywhere tcp
> dpt:https /* @rule[7] */
> ACCEPT tcp -- anywhere anywhere tcp
> dpt:ssh /* @rule[8] */
> ACCEPT all -- anywhere anywhere
> ctstate DNAT /* Accept port redirections */
> zone_freifunk_src_ACCEPT all -- anywhere
> anywhere
>
> Chain zone_freifunk_output (5 references)
> target prot opt source destination
> output_freifunk_rule all -- anywhere
> anywhere /* user chain for output */
> zone_freifunk_dest_ACCEPT all -- anywhere
> anywhere
>
> Chain zone_freifunk_src_ACCEPT (1 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere
>
> Chain zone_wan_dest_ACCEPT (1 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
>
> Chain zone_wan_dest_REJECT (1 references)
> target prot opt source destination
> reject all -- anywhere anywhere
>
> Chain zone_wan_forward (1 references)
> target prot opt source destination
> forwarding_wan_rule all -- anywhere
> anywhere /* user chain for forwarding */
> zone_freifunk_dest_ACCEPT all -- anywhere
> anywhere /* forwarding wan -> freifunk */
> ACCEPT all -- anywhere anywhere
> ctstate DNAT /* Accept port forwards */
> zone_wan_dest_REJECT all -- anywhere anywhere
>
> Chain zone_wan_input (1 references)
> target prot opt source destination
> input_wan_rule all -- anywhere anywhere
> /* user chain for input */
> ACCEPT udp -- anywhere anywhere udp
> dpt:bootpc /* Allow-DHCP-Renew */
> ACCEPT icmp -- anywhere anywhere icmp
> echo-request /* Allow-Ping */
> ACCEPT all -- anywhere anywhere
> ctstate DNAT /* Accept port redirections */
> zone_wan_src_ACCEPT all -- anywhere anywhere
>
> Chain zone_wan_output (1 references)
> target prot opt source destination
> output_wan_rule all -- anywhere anywhere
> /* user chain for output */
> zone_wan_dest_ACCEPT all -- anywhere anywhere
>
> Chain zone_wan_src_ACCEPT (1 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
>
> pub rsa4096 2017-03-08 [SCA] [expires: 2022-03-07]
> 59BA6E1DDB996B0B9512A0F349936030BDE8DFA7
> uid Wans Hurst <x47i at posteo.me>
> uid Wans Hurst <iopunk at posteo.me>
> uid Sebastian Re <sebastian.re at posteo.de>
> sub rsa4096 2017-03-08 [E] [expires: 2022-03-07]
> _______________________________________________
> Berlin mailing list
> Berlin at berlin.freifunk.net
> http://lists.berlin.freifunk.net/cgi-bin/mailman/listinfo/berlin
> Diese Mailingliste besitzt ein ?ffentlich einsehbares Archiv
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname : signature.asc
Dateityp : application/pgp-signature
Dateigröße : 833 bytes
Beschreibung: nicht verfügbar
URL : <https://lists.berlin.freifunk.net/pipermail/berlin/attachments/20171002/56d133f8/attachment.sig>
Mehr Informationen über die Mailingliste Berlin