<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Ich habe mal neue Traffic-Rules hinzugefügt.</p>
<p>Bild: <a moz-do-not-send="true"
href="https://ammanvalley.foss.wales/t/port-forwarding-from-wan-to-freifunk/35/2?u=niccokunzmann"
class="moz-txt-link-freetext">https://ammanvalley.foss.wales/t/port-forwarding-from-wan-to-freifunk/35/2?u=niccokunzmann</a></p>
<p>> <small>Any traffic<br>
> From IP <var>172.16.0.42</var> in <var>freifunk</var><br>
> To <var>any host</var> in <var>any zone</var></small></p>
<div class="moz-cite-prefix">Und</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">> <small>Any traffic<br>
> From <var>any host</var> in <var>any zone</var><br>
> To IP <var>172.16.0.42</var>, port <var>1234</var> in <var>freifunk</var></small></div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">Es geht immernoch nicht....</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">$ wget -O- <a class="moz-txt-link-freetext" href="http://192.168.1.78:1234/">http://192.168.1.78:1234/</a><br>
--2022-09-11 20:09:00-- <a class="moz-txt-link-freetext" href="http://192.168.1.78:1234/">http://192.168.1.78:1234/</a><br>
Connecting to 192.168.1.78:1234... <br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">Langsam habe ich keine Optionen mehr
und sowieso keine Ahnung.</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">Ich kann noch VLANs probieren und einen
NGINX für HTTP/HTTPS... Vielleicht mache ich das mal...</div>
<div class="moz-cite-prefix">Wenn noch jemand Ideen hat, her damit!
Danke :)<br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">Viele Grüße,</div>
<div class="moz-cite-prefix">Nicco<br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">On 11.09.22 19:23, Nicco Kunzmann
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:37a8ee01-6ef0-0cd2-0d4f-aa3ebd1a9f9f@gmx.de">Danke! Das
habe ich da:
<br>
<br>
# ip rule list
<br>
0: from all lookup local
<br>
1000: from all lookup olsr
<br>
2000: from all lookup localnets
<br>
10000: from 172.31.224.110 lookup ffuplink
<br>
19989: from all to 172.31.224.0/20 iif tunl0 prohibit
<br>
19989: from all to 172.31.224.0/20 iif wlan0-adhoc-2 prohibit
<br>
19989: from all to 172.31.224.0/20 iif br-dhcp prohibit
<br>
19990: from all iif tunl0 lookup ffuplink
<br>
19990: from all iif wlan0-adhoc-2 lookup ffuplink
<br>
19990: from all iif br-dhcp lookup ffuplink
<br>
19999: from all iif tunl0 lookup olsr-tunnel
<br>
19999: from all iif br-dhcp lookup olsr-tunnel
<br>
19999: from all iif wlan0-adhoc-2 lookup olsr-tunnel
<br>
20000: from all iif tunl0 lookup olsr-default
<br>
20000: from all iif br-dhcp lookup olsr-default
<br>
20000: from all iif wlan0-adhoc-2 lookup olsr-default
<br>
20000: from all iif wlan0-adhoc-2 lookup olsr-default
<br>
20000: from all to 172.31.224.110/20 lookup ffuplink
<br>
20001: from all iif tunl0 unreachable
<br>
20001: from all iif br-dhcp unreachable
<br>
20001: from all iif wlan0-adhoc-2 unreachable
<br>
32766: from all lookup main
<br>
32767: from all lookup default
<br>
90013: from all iif lo lookup ffuplink
<br>
100000: from all lookup olsr-tunnel
<br>
100010: from all lookup olsr-default
<br>
<br>
Noch weiß ich nix damit anzufangen.
<br>
<br>
Da steht nichts von wan...
<br>
Was bedeutet das ... mal nachsehen.
<br>
<br>
On 11.09.22 19:10, Nick wrote:
<br>
<blockquote type="cite">Guck mal in "ip rule list". Es werden bei
den Images automatisch
<br>
unreachable rules gesetzt. Kann sein, dass dort was blockt.
<br>
<br>
On 9/11/22 19:34, Nicco Kunzmann wrote:
<br>
<blockquote type="cite">Hallo,
<br>
<br>
ich dachte, dass ich mal einen Port-Forward aus der WAN-Zone
in meine
<br>
Freifunk-Zone mache.
<br>
<br>
Das habe ich versucht.
<br>
<br>
Was nun passiert: Es wird eine Verbindung hergestellt aber nix
drüber
<br>
geschickt von WAN:
<br>
<br>
$ wget -O- <a class="moz-txt-link-freetext" href="http://192.168.1.78:1234">http://192.168.1.78:1234</a>
<br>
--2022-09-11 18:13:05-- <a class="moz-txt-link-freetext" href="http://192.168.1.78:1234/">http://192.168.1.78:1234/</a>
<br>
Connecting to 192.168.1.78:1234...
<br>
<br>
Von dem Freifunk netz aus kommt garnix durch:
<br>
<br>
$ wget -O- <a class="moz-txt-link-freetext" href="http://frei.funk:1234">http://frei.funk:1234</a>
<br>
--2022-09-11 18:25:23-- <a class="moz-txt-link-freetext" href="http://frei.funk:1234/">http://frei.funk:1234/</a>
<br>
Resolving frei.funk (frei.funk)... fd00:24ca:599c::1,
172.16.0.1
<br>
Connecting to frei.funk (frei.funk)|fd00:24ca:599c::1|:1234...
failed:
<br>
Connection refused.
<br>
Connecting to frei.funk (frei.funk)|172.16.0.1|:1234...
failed:
<br>
Connection refused.
<br>
<br>
Komischer Weise geht es aber von freifunk nach der externen
IP:
<br>
<br>
$ wget -O- <a class="moz-txt-link-freetext" href="http://192.168.1.78:1234/">http://192.168.1.78:1234/</a>
<br>
--2022-09-11 18:28:06-- <a class="moz-txt-link-freetext" href="http://192.168.1.78:1234/">http://192.168.1.78:1234/</a>
<br>
Connecting to 192.168.1.78:1234... connected.
<br>
HTTP request sent, awaiting response... 200 OK
<br>
Length: unspecified [text/html]
<br>
Saving to: ‘STDOUT’
<br>
<br>
- [<=> ] 0
<br>
--.-KB/s <html>
<br>
<head><title>Index of /</title></head>
<br>
<body bgcolor="white">
<br>
<h1>Index of /</h1><hr><pre><a
href="../">../</a>
<br>
</pre><hr></body>
<br>
</html>
<br>
- [ <=> ] 151
--.-KB/s in 0s
<br>
<br>
2022-09-11 18:28:06 (3,18 MB/s) - written to stdout [151]
<br>
<br>
Das verstehe ich nich!
<br>
<br>
Wie kann ich einen Port Forward einrichten?
<br>
<br>
Ich habe mal die GUI und die firewall config hier.
<br>
<br>
Liebe Grüße,
<br>
<br>
Nicco
<br>
<br>
Bilder:
<br>
<a class="moz-txt-link-freetext" href="https://ammanvalley.foss.wales/t/port-forwarding-from-wan-to-freifunk/35">https://ammanvalley.foss.wales/t/port-forwarding-from-wan-to-freifunk/35</a>
<br>
<br>
root@TL-WR1043ND:~# cat /etc/config/firewall
<br>
<br>
config redirect
<br>
option enabled '0'
<br>
<br>
config redirect
<br>
option target 'DNAT'
<br>
option src 'wan'
<br>
option dest 'freifunk'
<br>
option proto 'tcp udp'
<br>
option src_dport '444'
<br>
option dest_port '443'
<br>
option dest_ip '172.16.0.118'
<br>
option name 'https screen'
<br>
option enabled '0'
<br>
<br>
config redirect
<br>
option target 'DNAT'
<br>
option dest 'freifunk'
<br>
option proto 'tcp udp'
<br>
option dest_ip '172.16.0.42'
<br>
option dest_port '80'
<br>
option name 'http on pi.makerspace'
<br>
option src_dport '81'
<br>
option src_dip '192.168.1.78'
<br>
option src 'wan'
<br>
option enabled '0'
<br>
<br>
config defaults
<br>
option syn_flood '1'
<br>
option input 'ACCEPT'
<br>
option output 'ACCEPT'
<br>
option forward 'REJECT'
<br>
<br>
config zone
<br>
option name 'wan'
<br>
option masq '1'
<br>
option output 'ACCEPT'
<br>
option local_restrict '1'
<br>
option input 'ACCEPT'
<br>
option network 'wan wwan ms'
<br>
option forward 'REJECT'
<br>
<br>
config rule
<br>
option name 'Allow-DHCP-Renew'
<br>
option src 'wan'
<br>
option proto 'udp'
<br>
option dest_port '68'
<br>
option target 'ACCEPT'
<br>
option family 'ipv4'
<br>
<br>
config rule
<br>
option name 'Allow-Ping'
<br>
option src 'wan'
<br>
option proto 'icmp'
<br>
option icmp_type 'echo-request'
<br>
option family 'ipv4'
<br>
option target 'ACCEPT'
<br>
<br>
config rule
<br>
option name 'Allow-DHCPv6'
<br>
option src 'wan'
<br>
option proto 'udp'
<br>
option src_ip 'fe80::/10'
<br>
option src_port '547'
<br>
option dest_ip 'fe80::/10'
<br>
option dest_port '546'
<br>
option family 'ipv6'
<br>
option target 'ACCEPT'
<br>
<br>
config rule
<br>
option name 'Allow-ICMPv6-Input'
<br>
option src 'wan'
<br>
option proto 'icmp'
<br>
option icmp_type 'echo-request echo-reply
destination-unreachable
<br>
packet-too-big time-exceeded bad-header unknown-header-type
<br>
router-solicitation neighbour-solicitation
router-advertisement
<br>
neighbour-advertisement'
<br>
option limit '1000/sec'
<br>
option family 'ipv6'
<br>
option target 'ACCEPT'
<br>
<br>
config rule
<br>
option name 'Allow-ICMPv6-Forward'
<br>
option src 'wan'
<br>
option dest '*'
<br>
option proto 'icmp'
<br>
option icmp_type 'echo-request echo-reply
destination-unreachable
<br>
packet-too-big time-exceeded bad-header unknown-header-type'
<br>
option limit '1000/sec'
<br>
option family 'ipv6'
<br>
option target 'ACCEPT'
<br>
<br>
config include
<br>
option path '/etc/firewall.user'
<br>
<br>
config zone 'zone_freifunk'
<br>
option input 'ACCEPT'
<br>
option forward 'REJECT'
<br>
option name 'freifunk'
<br>
option output 'ACCEPT'
<br>
option device 'tnl_+'
<br>
option network 'tunl0 wireless0 dhcp'
<br>
<br>
config zone 'zone_ffuplink'
<br>
option name 'ffuplink'
<br>
option input 'REJECT'
<br>
option forward 'ACCEPT'
<br>
option output 'ACCEPT'
<br>
option network 'ffuplink'
<br>
option masq '1'
<br>
<br>
config forwarding
<br>
option dest 'freifunk'
<br>
option src 'freifunk'
<br>
<br>
config rule
<br>
option proto 'icmp'
<br>
option target 'ACCEPT'
<br>
option src 'freifunk'
<br>
<br>
config rule
<br>
option dest_port '80'
<br>
option proto 'tcp'
<br>
option target 'ACCEPT'
<br>
option src 'freifunk'
<br>
<br>
config rule
<br>
option dest_port '443'
<br>
option proto 'tcp'
<br>
option target 'ACCEPT'
<br>
option src 'freifunk'
<br>
<br>
config rule
<br>
option dest_port '22'
<br>
option proto 'tcp'
<br>
option target 'ACCEPT'
<br>
option src 'freifunk'
<br>
<br>
config advanced
<br>
option tcp_westwood '1'
<br>
option tcp_ecn '0'
<br>
option ip_conntrack_max '8192'
<br>
<br>
config forwarding
<br>
option dest 'freifunk'
<br>
option src 'wan'
<br>
<br>
config forwarding 'fwd_ff_ffuplink'
<br>
option src 'freifunk'
<br>
option dest 'ffuplink'
<br>
<br>
config forwarding
<br>
option dest 'freifunk'
<br>
option src 'lan'
<br>
<br>
config forwarding
<br>
option dest 'freifunk'
<br>
option src 'freifunk'
<br>
<br>
config rule
<br>
option proto 'icmp'
<br>
option target 'ACCEPT'
<br>
option src 'freifunk'
<br>
<br>
config rule
<br>
option dest_port '80'
<br>
option proto 'tcp'
<br>
option target 'ACCEPT'
<br>
option src 'freifunk'
<br>
<br>
config rule
<br>
option dest_port '443'
<br>
option proto 'tcp'
<br>
option target 'ACCEPT'
<br>
option src 'freifunk'
<br>
<br>
config rule
<br>
option dest_port '22'
<br>
option proto 'tcp'
<br>
option target 'ACCEPT'
<br>
option src 'freifunk'
<br>
<br>
config rule
<br>
option dest_port '698'
<br>
option proto 'udp'
<br>
option target 'ACCEPT'
<br>
option src 'freifunk'
<br>
<br>
config rule
<br>
option dest_port '17990'
<br>
option proto 'tcp'
<br>
option target 'ACCEPT'
<br>
option src 'freifunk'
<br>
<br>
config rule
<br>
option src 'freifunk'
<br>
option target 'ACCEPT'
<br>
option dest_port '53'
<br>
option proto 'icmp'
<br>
<br>
config rule
<br>
option src_port '68'
<br>
option leasetime '30m'
<br>
option target 'ACCEPT'
<br>
option src 'freifunk'
<br>
option dest_port '80'
<br>
option proto 'tcp'
<br>
<br>
config rule
<br>
option proto 'tcp'
<br>
option src 'freifunk'
<br>
option target 'ACCEPT'
<br>
option dest_port '443'
<br>
<br>
config forwarding
<br>
option dest 'freifunk'
<br>
option src 'lan'
<br>
<br>
config forwarding
<br>
option dest 'freifunk'
<br>
option src 'freifunk'
<br>
<br>
config rule
<br>
option dest_port '22'
<br>
option proto 'tcp'
<br>
option target 'ACCEPT'
<br>
option src 'freifunk'
<br>
<br>
config rule
<br>
option dest_port '698'
<br>
option proto 'udp'
<br>
option target 'ACCEPT'
<br>
option src 'freifunk'
<br>
<br>
config rule
<br>
option dest_port '17990'
<br>
option proto 'tcp'
<br>
option target 'ACCEPT'
<br>
option src 'freifunk'
<br>
<br>
config rule
<br>
option proto 'udp'
<br>
option src 'freifunk'
<br>
option target 'ACCEPT'
<br>
option dest_port '53'
<br>
<br>
config rule
<br>
option src_port '68'
<br>
option leasetime '30m'
<br>
option proto 'udp'
<br>
option target 'ACCEPT'
<br>
option dest_port '67'
<br>
option src 'freifunk'
<br>
<br>
config rule
<br>
option proto 'tcp'
<br>
option src 'freifunk'
<br>
option target 'ACCEPT'
<br>
option dest_port '8082'
<br>
<br>
config rule
<br>
option enabled '1'
<br>
option target 'ACCEPT'
<br>
<br>
config redirect
<br>
option target 'DNAT'
<br>
option proto 'tcpudp'
<br>
option src_dport '1234'
<br>
option dest_ip '172.16.0.42'
<br>
option dest_port '1234'
<br>
option name 'public share'
<br>
option src 'wan'
<br>
option dest 'freifunk'
<br>
<br>
<br>
<br>
_______________________________________________
<br>
Berlin mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:Berlin@berlin.freifunk.net">Berlin@berlin.freifunk.net</a>
<br>
<a class="moz-txt-link-freetext" href="http://lists.berlin.freifunk.net/cgi-bin/mailman/listinfo/berlin">http://lists.berlin.freifunk.net/cgi-bin/mailman/listinfo/berlin</a>
<br>
Diese Mailingliste besitzt ein ffentlich einsehbares Archiv
<br>
</blockquote>
<br>
_______________________________________________
<br>
Berlin mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:Berlin@berlin.freifunk.net">Berlin@berlin.freifunk.net</a>
<br>
<a class="moz-txt-link-freetext" href="http://lists.berlin.freifunk.net/cgi-bin/mailman/listinfo/berlin">http://lists.berlin.freifunk.net/cgi-bin/mailman/listinfo/berlin</a>
<br>
Diese Mailingliste besitzt ein ffentlich einsehbares Archiv
<br>
</blockquote>
<br>
_______________________________________________
<br>
Berlin mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:Berlin@berlin.freifunk.net">Berlin@berlin.freifunk.net</a>
<br>
<a class="moz-txt-link-freetext" href="http://lists.berlin.freifunk.net/cgi-bin/mailman/listinfo/berlin">http://lists.berlin.freifunk.net/cgi-bin/mailman/listinfo/berlin</a>
<br>
Diese Mailingliste besitzt ein ffentlich einsehbares Archiv<br>
</blockquote>
</body>
</html>