[Berlin-wireless] Port Forwarding von wan nach freifunk
Nick
nick at systemli.org
So Sep 11 20:10:46 CEST 2022
Guck mal in "ip rule list". Es werden bei den Images automatisch
unreachable rules gesetzt. Kann sein, dass dort was blockt.
On 9/11/22 19:34, Nicco Kunzmann wrote:
> Hallo,
>
> ich dachte, dass ich mal einen Port-Forward aus der WAN-Zone in meine
> Freifunk-Zone mache.
>
> Das habe ich versucht.
>
> Was nun passiert: Es wird eine Verbindung hergestellt aber nix drüber
> geschickt von WAN:
>
> $ wget -O- http://192.168.1.78:1234
> --2022-09-11 18:13:05-- http://192.168.1.78:1234/
> Connecting to 192.168.1.78:1234...
>
> Von dem Freifunk netz aus kommt garnix durch:
>
> $ wget -O- http://frei.funk:1234
> --2022-09-11 18:25:23-- http://frei.funk:1234/
> Resolving frei.funk (frei.funk)... fd00:24ca:599c::1, 172.16.0.1
> Connecting to frei.funk (frei.funk)|fd00:24ca:599c::1|:1234... failed:
> Connection refused.
> Connecting to frei.funk (frei.funk)|172.16.0.1|:1234... failed:
> Connection refused.
>
> Komischer Weise geht es aber von freifunk nach der externen IP:
>
> $ wget -O- http://192.168.1.78:1234/
> --2022-09-11 18:28:06-- http://192.168.1.78:1234/
> Connecting to 192.168.1.78:1234... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: unspecified [text/html]
> Saving to: ‘STDOUT’
>
> - [<=> ] 0
> --.-KB/s <html>
> <head><title>Index of /</title></head>
> <body bgcolor="white">
> <h1>Index of /</h1><hr><pre><a href="../">../</a>
> </pre><hr></body>
> </html>
> - [ <=> ] 151 --.-KB/s in 0s
>
> 2022-09-11 18:28:06 (3,18 MB/s) - written to stdout [151]
>
> Das verstehe ich nich!
>
> Wie kann ich einen Port Forward einrichten?
>
> Ich habe mal die GUI und die firewall config hier.
>
> Liebe Grüße,
>
> Nicco
>
> Bilder:
> https://ammanvalley.foss.wales/t/port-forwarding-from-wan-to-freifunk/35
>
> root at TL-WR1043ND:~# cat /etc/config/firewall
>
> config redirect
> option enabled '0'
>
> config redirect
> option target 'DNAT'
> option src 'wan'
> option dest 'freifunk'
> option proto 'tcp udp'
> option src_dport '444'
> option dest_port '443'
> option dest_ip '172.16.0.118'
> option name 'https screen'
> option enabled '0'
>
> config redirect
> option target 'DNAT'
> option dest 'freifunk'
> option proto 'tcp udp'
> option dest_ip '172.16.0.42'
> option dest_port '80'
> option name 'http on pi.makerspace'
> option src_dport '81'
> option src_dip '192.168.1.78'
> option src 'wan'
> option enabled '0'
>
> config defaults
> option syn_flood '1'
> option input 'ACCEPT'
> option output 'ACCEPT'
> option forward 'REJECT'
>
> config zone
> option name 'wan'
> option masq '1'
> option output 'ACCEPT'
> option local_restrict '1'
> option input 'ACCEPT'
> option network 'wan wwan ms'
> option forward 'REJECT'
>
> config rule
> option name 'Allow-DHCP-Renew'
> option src 'wan'
> option proto 'udp'
> option dest_port '68'
> option target 'ACCEPT'
> option family 'ipv4'
>
> config rule
> option name 'Allow-Ping'
> option src 'wan'
> option proto 'icmp'
> option icmp_type 'echo-request'
> option family 'ipv4'
> option target 'ACCEPT'
>
> config rule
> option name 'Allow-DHCPv6'
> option src 'wan'
> option proto 'udp'
> option src_ip 'fe80::/10'
> option src_port '547'
> option dest_ip 'fe80::/10'
> option dest_port '546'
> option family 'ipv6'
> option target 'ACCEPT'
>
> config rule
> option name 'Allow-ICMPv6-Input'
> option src 'wan'
> option proto 'icmp'
> option icmp_type 'echo-request echo-reply destination-unreachable
> packet-too-big time-exceeded bad-header unknown-header-type
> router-solicitation neighbour-solicitation router-advertisement
> neighbour-advertisement'
> option limit '1000/sec'
> option family 'ipv6'
> option target 'ACCEPT'
>
> config rule
> option name 'Allow-ICMPv6-Forward'
> option src 'wan'
> option dest '*'
> option proto 'icmp'
> option icmp_type 'echo-request echo-reply destination-unreachable
> packet-too-big time-exceeded bad-header unknown-header-type'
> option limit '1000/sec'
> option family 'ipv6'
> option target 'ACCEPT'
>
> config include
> option path '/etc/firewall.user'
>
> config zone 'zone_freifunk'
> option input 'ACCEPT'
> option forward 'REJECT'
> option name 'freifunk'
> option output 'ACCEPT'
> option device 'tnl_+'
> option network 'tunl0 wireless0 dhcp'
>
> config zone 'zone_ffuplink'
> option name 'ffuplink'
> option input 'REJECT'
> option forward 'ACCEPT'
> option output 'ACCEPT'
> option network 'ffuplink'
> option masq '1'
>
> config forwarding
> option dest 'freifunk'
> option src 'freifunk'
>
> config rule
> option proto 'icmp'
> option target 'ACCEPT'
> option src 'freifunk'
>
> config rule
> option dest_port '80'
> option proto 'tcp'
> option target 'ACCEPT'
> option src 'freifunk'
>
> config rule
> option dest_port '443'
> option proto 'tcp'
> option target 'ACCEPT'
> option src 'freifunk'
>
> config rule
> option dest_port '22'
> option proto 'tcp'
> option target 'ACCEPT'
> option src 'freifunk'
>
> config advanced
> option tcp_westwood '1'
> option tcp_ecn '0'
> option ip_conntrack_max '8192'
>
> config forwarding
> option dest 'freifunk'
> option src 'wan'
>
> config forwarding 'fwd_ff_ffuplink'
> option src 'freifunk'
> option dest 'ffuplink'
>
> config forwarding
> option dest 'freifunk'
> option src 'lan'
>
> config forwarding
> option dest 'freifunk'
> option src 'freifunk'
>
> config rule
> option proto 'icmp'
> option target 'ACCEPT'
> option src 'freifunk'
>
> config rule
> option dest_port '80'
> option proto 'tcp'
> option target 'ACCEPT'
> option src 'freifunk'
>
> config rule
> option dest_port '443'
> option proto 'tcp'
> option target 'ACCEPT'
> option src 'freifunk'
>
> config rule
> option dest_port '22'
> option proto 'tcp'
> option target 'ACCEPT'
> option src 'freifunk'
>
> config rule
> option dest_port '698'
> option proto 'udp'
> option target 'ACCEPT'
> option src 'freifunk'
>
> config rule
> option dest_port '17990'
> option proto 'tcp'
> option target 'ACCEPT'
> option src 'freifunk'
>
> config rule
> option src 'freifunk'
> option target 'ACCEPT'
> option dest_port '53'
> option proto 'icmp'
>
> config rule
> option src_port '68'
> option leasetime '30m'
> option target 'ACCEPT'
> option src 'freifunk'
> option dest_port '80'
> option proto 'tcp'
>
> config rule
> option proto 'tcp'
> option src 'freifunk'
> option target 'ACCEPT'
> option dest_port '443'
>
> config forwarding
> option dest 'freifunk'
> option src 'lan'
>
> config forwarding
> option dest 'freifunk'
> option src 'freifunk'
>
> config rule
> option dest_port '22'
> option proto 'tcp'
> option target 'ACCEPT'
> option src 'freifunk'
>
> config rule
> option dest_port '698'
> option proto 'udp'
> option target 'ACCEPT'
> option src 'freifunk'
>
> config rule
> option dest_port '17990'
> option proto 'tcp'
> option target 'ACCEPT'
> option src 'freifunk'
>
> config rule
> option proto 'udp'
> option src 'freifunk'
> option target 'ACCEPT'
> option dest_port '53'
>
> config rule
> option src_port '68'
> option leasetime '30m'
> option proto 'udp'
> option target 'ACCEPT'
> option dest_port '67'
> option src 'freifunk'
>
> config rule
> option proto 'tcp'
> option src 'freifunk'
> option target 'ACCEPT'
> option dest_port '8082'
>
> config rule
> option enabled '1'
> option target 'ACCEPT'
>
> config redirect
> option target 'DNAT'
> option proto 'tcpudp'
> option src_dport '1234'
> option dest_ip '172.16.0.42'
> option dest_port '1234'
> option name 'public share'
> option src 'wan'
> option dest 'freifunk'
>
>
>
> _______________________________________________
> Berlin mailing list
> Berlin at berlin.freifunk.net
> http://lists.berlin.freifunk.net/cgi-bin/mailman/listinfo/berlin
> Diese Mailingliste besitzt ein ffentlich einsehbares Archiv
Mehr Informationen über die Mailingliste Berlin