[Berlin-wireless] Port Forwarding von wan nach freifunk
Nicco Kunzmann
niccokunzmann at gmx.de
So Sep 11 20:23:54 CEST 2022
Danke! Das habe ich da:
# ip rule list
0: from all lookup local
1000: from all lookup olsr
2000: from all lookup localnets
10000: from 172.31.224.110 lookup ffuplink
19989: from all to 172.31.224.0/20 iif tunl0 prohibit
19989: from all to 172.31.224.0/20 iif wlan0-adhoc-2 prohibit
19989: from all to 172.31.224.0/20 iif br-dhcp prohibit
19990: from all iif tunl0 lookup ffuplink
19990: from all iif wlan0-adhoc-2 lookup ffuplink
19990: from all iif br-dhcp lookup ffuplink
19999: from all iif tunl0 lookup olsr-tunnel
19999: from all iif br-dhcp lookup olsr-tunnel
19999: from all iif wlan0-adhoc-2 lookup olsr-tunnel
20000: from all iif tunl0 lookup olsr-default
20000: from all iif br-dhcp lookup olsr-default
20000: from all iif wlan0-adhoc-2 lookup olsr-default
20000: from all iif wlan0-adhoc-2 lookup olsr-default
20000: from all to 172.31.224.110/20 lookup ffuplink
20001: from all iif tunl0 unreachable
20001: from all iif br-dhcp unreachable
20001: from all iif wlan0-adhoc-2 unreachable
32766: from all lookup main
32767: from all lookup default
90013: from all iif lo lookup ffuplink
100000: from all lookup olsr-tunnel
100010: from all lookup olsr-default
Noch weiß ich nix damit anzufangen.
Da steht nichts von wan...
Was bedeutet das ... mal nachsehen.
On 11.09.22 19:10, Nick wrote:
> Guck mal in "ip rule list". Es werden bei den Images automatisch
> unreachable rules gesetzt. Kann sein, dass dort was blockt.
>
> On 9/11/22 19:34, Nicco Kunzmann wrote:
>> Hallo,
>>
>> ich dachte, dass ich mal einen Port-Forward aus der WAN-Zone in meine
>> Freifunk-Zone mache.
>>
>> Das habe ich versucht.
>>
>> Was nun passiert: Es wird eine Verbindung hergestellt aber nix drüber
>> geschickt von WAN:
>>
>> $ wget -O- http://192.168.1.78:1234
>> --2022-09-11 18:13:05-- http://192.168.1.78:1234/
>> Connecting to 192.168.1.78:1234...
>>
>> Von dem Freifunk netz aus kommt garnix durch:
>>
>> $ wget -O- http://frei.funk:1234
>> --2022-09-11 18:25:23-- http://frei.funk:1234/
>> Resolving frei.funk (frei.funk)... fd00:24ca:599c::1, 172.16.0.1
>> Connecting to frei.funk (frei.funk)|fd00:24ca:599c::1|:1234... failed:
>> Connection refused.
>> Connecting to frei.funk (frei.funk)|172.16.0.1|:1234... failed:
>> Connection refused.
>>
>> Komischer Weise geht es aber von freifunk nach der externen IP:
>>
>> $ wget -O- http://192.168.1.78:1234/
>> --2022-09-11 18:28:06-- http://192.168.1.78:1234/
>> Connecting to 192.168.1.78:1234... connected.
>> HTTP request sent, awaiting response... 200 OK
>> Length: unspecified [text/html]
>> Saving to: ‘STDOUT’
>>
>> - [<=> ] 0
>> --.-KB/s <html>
>> <head><title>Index of /</title></head>
>> <body bgcolor="white">
>> <h1>Index of /</h1><hr><pre><a href="../">../</a>
>> </pre><hr></body>
>> </html>
>> - [ <=> ] 151 --.-KB/s in 0s
>>
>> 2022-09-11 18:28:06 (3,18 MB/s) - written to stdout [151]
>>
>> Das verstehe ich nich!
>>
>> Wie kann ich einen Port Forward einrichten?
>>
>> Ich habe mal die GUI und die firewall config hier.
>>
>> Liebe Grüße,
>>
>> Nicco
>>
>> Bilder:
>> https://ammanvalley.foss.wales/t/port-forwarding-from-wan-to-freifunk/35
>>
>> root at TL-WR1043ND:~# cat /etc/config/firewall
>>
>> config redirect
>> option enabled '0'
>>
>> config redirect
>> option target 'DNAT'
>> option src 'wan'
>> option dest 'freifunk'
>> option proto 'tcp udp'
>> option src_dport '444'
>> option dest_port '443'
>> option dest_ip '172.16.0.118'
>> option name 'https screen'
>> option enabled '0'
>>
>> config redirect
>> option target 'DNAT'
>> option dest 'freifunk'
>> option proto 'tcp udp'
>> option dest_ip '172.16.0.42'
>> option dest_port '80'
>> option name 'http on pi.makerspace'
>> option src_dport '81'
>> option src_dip '192.168.1.78'
>> option src 'wan'
>> option enabled '0'
>>
>> config defaults
>> option syn_flood '1'
>> option input 'ACCEPT'
>> option output 'ACCEPT'
>> option forward 'REJECT'
>>
>> config zone
>> option name 'wan'
>> option masq '1'
>> option output 'ACCEPT'
>> option local_restrict '1'
>> option input 'ACCEPT'
>> option network 'wan wwan ms'
>> option forward 'REJECT'
>>
>> config rule
>> option name 'Allow-DHCP-Renew'
>> option src 'wan'
>> option proto 'udp'
>> option dest_port '68'
>> option target 'ACCEPT'
>> option family 'ipv4'
>>
>> config rule
>> option name 'Allow-Ping'
>> option src 'wan'
>> option proto 'icmp'
>> option icmp_type 'echo-request'
>> option family 'ipv4'
>> option target 'ACCEPT'
>>
>> config rule
>> option name 'Allow-DHCPv6'
>> option src 'wan'
>> option proto 'udp'
>> option src_ip 'fe80::/10'
>> option src_port '547'
>> option dest_ip 'fe80::/10'
>> option dest_port '546'
>> option family 'ipv6'
>> option target 'ACCEPT'
>>
>> config rule
>> option name 'Allow-ICMPv6-Input'
>> option src 'wan'
>> option proto 'icmp'
>> option icmp_type 'echo-request echo-reply destination-unreachable
>> packet-too-big time-exceeded bad-header unknown-header-type
>> router-solicitation neighbour-solicitation router-advertisement
>> neighbour-advertisement'
>> option limit '1000/sec'
>> option family 'ipv6'
>> option target 'ACCEPT'
>>
>> config rule
>> option name 'Allow-ICMPv6-Forward'
>> option src 'wan'
>> option dest '*'
>> option proto 'icmp'
>> option icmp_type 'echo-request echo-reply destination-unreachable
>> packet-too-big time-exceeded bad-header unknown-header-type'
>> option limit '1000/sec'
>> option family 'ipv6'
>> option target 'ACCEPT'
>>
>> config include
>> option path '/etc/firewall.user'
>>
>> config zone 'zone_freifunk'
>> option input 'ACCEPT'
>> option forward 'REJECT'
>> option name 'freifunk'
>> option output 'ACCEPT'
>> option device 'tnl_+'
>> option network 'tunl0 wireless0 dhcp'
>>
>> config zone 'zone_ffuplink'
>> option name 'ffuplink'
>> option input 'REJECT'
>> option forward 'ACCEPT'
>> option output 'ACCEPT'
>> option network 'ffuplink'
>> option masq '1'
>>
>> config forwarding
>> option dest 'freifunk'
>> option src 'freifunk'
>>
>> config rule
>> option proto 'icmp'
>> option target 'ACCEPT'
>> option src 'freifunk'
>>
>> config rule
>> option dest_port '80'
>> option proto 'tcp'
>> option target 'ACCEPT'
>> option src 'freifunk'
>>
>> config rule
>> option dest_port '443'
>> option proto 'tcp'
>> option target 'ACCEPT'
>> option src 'freifunk'
>>
>> config rule
>> option dest_port '22'
>> option proto 'tcp'
>> option target 'ACCEPT'
>> option src 'freifunk'
>>
>> config advanced
>> option tcp_westwood '1'
>> option tcp_ecn '0'
>> option ip_conntrack_max '8192'
>>
>> config forwarding
>> option dest 'freifunk'
>> option src 'wan'
>>
>> config forwarding 'fwd_ff_ffuplink'
>> option src 'freifunk'
>> option dest 'ffuplink'
>>
>> config forwarding
>> option dest 'freifunk'
>> option src 'lan'
>>
>> config forwarding
>> option dest 'freifunk'
>> option src 'freifunk'
>>
>> config rule
>> option proto 'icmp'
>> option target 'ACCEPT'
>> option src 'freifunk'
>>
>> config rule
>> option dest_port '80'
>> option proto 'tcp'
>> option target 'ACCEPT'
>> option src 'freifunk'
>>
>> config rule
>> option dest_port '443'
>> option proto 'tcp'
>> option target 'ACCEPT'
>> option src 'freifunk'
>>
>> config rule
>> option dest_port '22'
>> option proto 'tcp'
>> option target 'ACCEPT'
>> option src 'freifunk'
>>
>> config rule
>> option dest_port '698'
>> option proto 'udp'
>> option target 'ACCEPT'
>> option src 'freifunk'
>>
>> config rule
>> option dest_port '17990'
>> option proto 'tcp'
>> option target 'ACCEPT'
>> option src 'freifunk'
>>
>> config rule
>> option src 'freifunk'
>> option target 'ACCEPT'
>> option dest_port '53'
>> option proto 'icmp'
>>
>> config rule
>> option src_port '68'
>> option leasetime '30m'
>> option target 'ACCEPT'
>> option src 'freifunk'
>> option dest_port '80'
>> option proto 'tcp'
>>
>> config rule
>> option proto 'tcp'
>> option src 'freifunk'
>> option target 'ACCEPT'
>> option dest_port '443'
>>
>> config forwarding
>> option dest 'freifunk'
>> option src 'lan'
>>
>> config forwarding
>> option dest 'freifunk'
>> option src 'freifunk'
>>
>> config rule
>> option dest_port '22'
>> option proto 'tcp'
>> option target 'ACCEPT'
>> option src 'freifunk'
>>
>> config rule
>> option dest_port '698'
>> option proto 'udp'
>> option target 'ACCEPT'
>> option src 'freifunk'
>>
>> config rule
>> option dest_port '17990'
>> option proto 'tcp'
>> option target 'ACCEPT'
>> option src 'freifunk'
>>
>> config rule
>> option proto 'udp'
>> option src 'freifunk'
>> option target 'ACCEPT'
>> option dest_port '53'
>>
>> config rule
>> option src_port '68'
>> option leasetime '30m'
>> option proto 'udp'
>> option target 'ACCEPT'
>> option dest_port '67'
>> option src 'freifunk'
>>
>> config rule
>> option proto 'tcp'
>> option src 'freifunk'
>> option target 'ACCEPT'
>> option dest_port '8082'
>>
>> config rule
>> option enabled '1'
>> option target 'ACCEPT'
>>
>> config redirect
>> option target 'DNAT'
>> option proto 'tcpudp'
>> option src_dport '1234'
>> option dest_ip '172.16.0.42'
>> option dest_port '1234'
>> option name 'public share'
>> option src 'wan'
>> option dest 'freifunk'
>>
>>
>>
>> _______________________________________________
>> Berlin mailing list
>> Berlin at berlin.freifunk.net
>> http://lists.berlin.freifunk.net/cgi-bin/mailman/listinfo/berlin
>> Diese Mailingliste besitzt ein ffentlich einsehbares Archiv
>
> _______________________________________________
> Berlin mailing list
> Berlin at berlin.freifunk.net
> http://lists.berlin.freifunk.net/cgi-bin/mailman/listinfo/berlin
> Diese Mailingliste besitzt ein ffentlich einsehbares Archiv
Mehr Informationen über die Mailingliste Berlin