[Berlin-wireless] Port Forwarding von wan nach freifunk

Nicco Kunzmann niccokunzmann at gmx.de
So Sep 11 19:34:02 CEST 2022


Hallo,

ich dachte, dass ich mal einen Port-Forward aus der WAN-Zone in meine
Freifunk-Zone mache.

Das habe ich versucht.

Was nun passiert: Es wird eine Verbindung hergestellt aber nix drüber
geschickt von WAN:

$ wget -O- http://192.168.1.78:1234
--2022-09-11 18:13:05--  http://192.168.1.78:1234/
Connecting to 192.168.1.78:1234...

Von dem Freifunk netz aus kommt garnix durch:

$ wget -O- http://frei.funk:1234
--2022-09-11 18:25:23--  http://frei.funk:1234/
Resolving frei.funk (frei.funk)... fd00:24ca:599c::1, 172.16.0.1
Connecting to frei.funk (frei.funk)|fd00:24ca:599c::1|:1234... failed:
Connection refused.
Connecting to frei.funk (frei.funk)|172.16.0.1|:1234... failed:
Connection refused.

Komischer Weise geht es aber von freifunk nach der externen IP:

$ wget -O- http://192.168.1.78:1234/
--2022-09-11 18:28:06--  http://192.168.1.78:1234/
Connecting to 192.168.1.78:1234... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘STDOUT’

-                       [<=>                 ]       0
--.-KB/s               <html>
<head><title>Index of /</title></head>
<body bgcolor="white">
<h1>Index of /</h1><hr><pre><a href="../">../</a>
</pre><hr></body>
</html>
-                       [ <=>                ]     151 --.-KB/s    in 0s

2022-09-11 18:28:06 (3,18 MB/s) - written to stdout [151]

Das verstehe ich nich!

Wie kann ich einen Port Forward einrichten?

Ich habe mal die GUI und die firewall config hier.

Liebe Grüße,

Nicco

Bilder:
https://ammanvalley.foss.wales/t/port-forwarding-from-wan-to-freifunk/35

root at TL-WR1043ND:~# cat /etc/config/firewall

config redirect
     option enabled '0'

config redirect
     option target 'DNAT'
     option src 'wan'
     option dest 'freifunk'
     option proto 'tcp udp'
     option src_dport '444'
     option dest_port '443'
     option dest_ip '172.16.0.118'
     option name 'https screen'
     option enabled '0'

config redirect
     option target 'DNAT'
     option dest 'freifunk'
     option proto 'tcp udp'
     option dest_ip '172.16.0.42'
     option dest_port '80'
     option name 'http on pi.makerspace'
     option src_dport '81'
     option src_dip '192.168.1.78'
     option src 'wan'
     option enabled '0'

config defaults
     option syn_flood '1'
     option input 'ACCEPT'
     option output 'ACCEPT'
     option forward 'REJECT'

config zone
     option name 'wan'
     option masq '1'
     option output 'ACCEPT'
     option local_restrict '1'
     option input 'ACCEPT'
     option network 'wan wwan ms'
     option forward 'REJECT'

config rule
     option name 'Allow-DHCP-Renew'
     option src 'wan'
     option proto 'udp'
     option dest_port '68'
     option target 'ACCEPT'
     option family 'ipv4'

config rule
     option name 'Allow-Ping'
     option src 'wan'
     option proto 'icmp'
     option icmp_type 'echo-request'
     option family 'ipv4'
     option target 'ACCEPT'

config rule
     option name 'Allow-DHCPv6'
     option src 'wan'
     option proto 'udp'
     option src_ip 'fe80::/10'
     option src_port '547'
     option dest_ip 'fe80::/10'
     option dest_port '546'
     option family 'ipv6'
     option target 'ACCEPT'

config rule
     option name 'Allow-ICMPv6-Input'
     option src 'wan'
     option proto 'icmp'
     option icmp_type 'echo-request echo-reply destination-unreachable
packet-too-big time-exceeded bad-header unknown-header-type
router-solicitation neighbour-solicitation router-advertisement
neighbour-advertisement'
     option limit '1000/sec'
     option family 'ipv6'
     option target 'ACCEPT'

config rule
     option name 'Allow-ICMPv6-Forward'
     option src 'wan'
     option dest '*'
     option proto 'icmp'
     option icmp_type 'echo-request echo-reply destination-unreachable
packet-too-big time-exceeded bad-header unknown-header-type'
     option limit '1000/sec'
     option family 'ipv6'
     option target 'ACCEPT'

config include
     option path '/etc/firewall.user'

config zone 'zone_freifunk'
     option input 'ACCEPT'
     option forward 'REJECT'
     option name 'freifunk'
     option output 'ACCEPT'
     option device 'tnl_+'
     option network 'tunl0 wireless0 dhcp'

config zone 'zone_ffuplink'
     option name 'ffuplink'
     option input 'REJECT'
     option forward 'ACCEPT'
     option output 'ACCEPT'
     option network 'ffuplink'
     option masq '1'

config forwarding
     option dest 'freifunk'
     option src 'freifunk'

config rule
     option proto 'icmp'
     option target 'ACCEPT'
     option src 'freifunk'

config rule
     option dest_port '80'
     option proto 'tcp'
     option target 'ACCEPT'
     option src 'freifunk'

config rule
     option dest_port '443'
     option proto 'tcp'
     option target 'ACCEPT'
     option src 'freifunk'

config rule
     option dest_port '22'
     option proto 'tcp'
     option target 'ACCEPT'
     option src 'freifunk'

config advanced
     option tcp_westwood '1'
     option tcp_ecn '0'
     option ip_conntrack_max '8192'

config forwarding
     option dest 'freifunk'
     option src 'wan'

config forwarding 'fwd_ff_ffuplink'
     option src 'freifunk'
     option dest 'ffuplink'

config forwarding
     option dest 'freifunk'
     option src 'lan'

config forwarding
     option dest 'freifunk'
     option src 'freifunk'

config rule
     option proto 'icmp'
     option target 'ACCEPT'
     option src 'freifunk'

config rule
     option dest_port '80'
     option proto 'tcp'
     option target 'ACCEPT'
     option src 'freifunk'

config rule
     option dest_port '443'
     option proto 'tcp'
     option target 'ACCEPT'
     option src 'freifunk'

config rule
     option dest_port '22'
     option proto 'tcp'
     option target 'ACCEPT'
     option src 'freifunk'

config rule
     option dest_port '698'
     option proto 'udp'
     option target 'ACCEPT'
     option src 'freifunk'

config rule
     option dest_port '17990'
     option proto 'tcp'
     option target 'ACCEPT'
     option src 'freifunk'

config rule
     option src 'freifunk'
     option target 'ACCEPT'
     option dest_port '53'
     option proto 'icmp'

config rule
     option src_port '68'
     option leasetime '30m'
     option target 'ACCEPT'
     option src 'freifunk'
     option dest_port '80'
     option proto 'tcp'

config rule
     option proto 'tcp'
     option src 'freifunk'
     option target 'ACCEPT'
     option dest_port '443'

config forwarding
     option dest 'freifunk'
     option src 'lan'

config forwarding
     option dest 'freifunk'
     option src 'freifunk'

config rule
     option dest_port '22'
     option proto 'tcp'
     option target 'ACCEPT'
     option src 'freifunk'

config rule
     option dest_port '698'
     option proto 'udp'
     option target 'ACCEPT'
     option src 'freifunk'

config rule
     option dest_port '17990'
     option proto 'tcp'
     option target 'ACCEPT'
     option src 'freifunk'

config rule
     option proto 'udp'
     option src 'freifunk'
     option target 'ACCEPT'
     option dest_port '53'

config rule
     option src_port '68'
     option leasetime '30m'
     option proto 'udp'
     option target 'ACCEPT'
     option dest_port '67'
     option src 'freifunk'

config rule
     option proto 'tcp'
     option src 'freifunk'
     option target 'ACCEPT'
     option dest_port '8082'

config rule
     option enabled '1'
     option target 'ACCEPT'

config redirect
     option target 'DNAT'
     option proto 'tcpudp'
     option src_dport '1234'
     option dest_ip '172.16.0.42'
     option dest_port '1234'
     option name 'public share'
     option src 'wan'
     option dest 'freifunk'





Mehr Informationen über die Mailingliste Berlin