Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - huh

Pages: [1] 2 3 ... 17
1
Users / Re: 12.04 and 14.04 Firewall Issues
« on: January 07, 2016, 03:57:55 am »
Working:  Finally got access to it and did a full apt-get update/upgrade (still 12.04 system)- the remote access (port 80) works going to "Outside Access" and enabling it.  Access on port 22 did not work until applying Coley's solution (sudo dpkg-reconfigure openssh-server).  I'll try from an external network tomorrow.

Not Working:  Adding nat port_forwarding does not work.  After clicking "add" after plugging in the fields, the page refreshes, but the rule does not show on either the basic or advanced configuration page.

iptables -nvL:
Code: [Select]
Chain INPUT (policy DROP 9 packets, 360 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x3F/0x29
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x3F/0x3F
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x3F/0x00
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x06/0x06
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x03/0x03
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x11/0x01
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x3F/0x37
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x1
 1807  185K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0            /* Allow_Loopback */
 2191  306K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED /* Allow_Established */
 2894  546K ACCEPT     udp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            /* Allow_DHCP */
   81 18310 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            /* Allow_DHCP */
   69  3980 ACCEPT     all  --  eth1   *       192.168.80.0/24      0.0.0.0/0            /* Allow_Local_Network */
    0     0 ACCEPT     all  --  eth1   *       192.168.81.0/24      0.0.0.0/0            /* Allow_Local_Network */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            127.0.0.1            tcp dpt:80 /* Remote_Access */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            127.0.0.1            udp dpt:80 /* Remote_Access */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            127.0.0.1            tcp dpt:22 /* SSH */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            127.0.0.1            udp dpt:22 /* SSH */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 /* webadmin */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 /* ssh_access */

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  lo     lo      0.0.0.0/0            0.0.0.0/0            /* Allow_Loopback */
 9071 4051K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED /* Allow_Established */
  651 60782 ACCEPT     all  --  eth1   *       192.168.80.0/24      0.0.0.0/0            /* Allow_Local_Network */
    0     0 ACCEPT     all  --  eth1   *       192.168.81.0/24      0.0.0.0/0            /* Allow_Local_Network */
    0     0 ACCEPT     all  --  eth1   *       192.168.81.0/24      0.0.0.0/0            /* Allow_Local_Network */

Chain OUTPUT (policy ACCEPT 6794 packets, 901K bytes)
 pkts bytes target     prot opt in     out     source               destination 

2
Users / Re: 12.04 and 14.04 Firewall Issues
« on: December 02, 2015, 09:53:09 pm »
Great news- I'll test it as soon as possible.

What about port forwarding?  Have you been able to test that?  For an example, I'd like to forward port 8008 to my Ago box downstream of LMCE.  I should be able to use the prerouting port forwarding to forward the incoming 8008 to 192.168.80.x:8008, but the request times out.

3
Users / 12.04 and 14.04 Firewall Issues
« on: November 29, 2015, 06:05:46 am »
I installed LMCE-1404-20151124002031655-i386 on Nov 27, 2015 using what used to be a standard install- dual nics, nvidia graphics.  Sarah loaded, my SqueezeBox was found and installed correctly- that's all I tested that worked.

What didn't work is ssh or remote access of the web admin pages.  I opened the web admin pages from the core and opened the "outside access" page from the left hand menu.  Enabling remote access on ports 80, 8080 and ssh on 22 did not allow me to remotely access the core.  I manually added rules using the advanced pages- both as a core input and as NAT preforwarding to both 192.168.80.1 and 127.0.0.1, but no success.  I did the rules separately, so the different rule types separately, so there was no overlap of firewall commands.  Only disabling the firewall (IPv4 only, btw, I did not test IPv6) allowed me access- even then, no ssh.

If it matters, I also tried sshing out of the core and was not able to do that either.  Doing some generic searching led me to looking at the installed keys ("ssh-add -l") and these possible solutions:  http://stackoverflow.com/questions/17846529/could-not-open-a-connection-to-your-authentication-agent

As for me, I'm dumping 14.04 and changing to 12.04. 

Edit: Same applies to 12.04.  I am able to access the web admin pages remotely only after disabling the firewall.  I am not able to ssh into the box from either externally or internally (x.x.80.x address) without or without the firewall enabled. 

I mean this with any implied criticism or sarcasm- there seem to be very few of us with firewall issues.  Is that from most using older versions or am I doing something fairly unique with the firewall?  That is, do most rely on another device (router, etc ) for the firewall, or do you not do any port forwarding/ssh at the core?  I ask because if there is a better (read: more mainstream) approach, I'm more than happy to change.

iptables -nvL:
Code: [Select]
Chain INPUT (policy DROP 4 packets, 160 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x3F/0x29
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x3F/0x3F
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x3F/0x00
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x06/0x06
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x03/0x03
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x11/0x01
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x3F/0x37
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x1
 1978  425K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0            /* Allow_Loopback */
  854  185K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED /* Allow_Established */
  285 41433 ACCEPT     udp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            /* Allow_DHCP */
 1078  225K ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            /* Allow_DHCP */
   13   780 ACCEPT     all  --  eth1   *       192.168.80.0/24      0.0.0.0/0            /* Allow_Local_Network */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            127.0.0.1            tcp dpt:80 /* Remote_Access */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            127.0.0.1            udp dpt:80 /* Remote_Access */
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            127.0.0.1            tcp dpt:22 /* SSH */
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            127.0.0.1            udp dpt:22 /* SSH */

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  lo     lo      0.0.0.0/0            0.0.0.0/0            /* Allow_Loopback */
 3757 1411K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED /* Allow_Established */
  100  6032 ACCEPT     all  --  eth1   *       192.168.80.0/24      0.0.0.0/0            /* Allow_Local_Network */

Chain OUTPUT (policy ACCEPT 4825 packets, 708K bytes)
 pkts bytes target     prot opt in     out     source               destination

4
Installation issues / Re: Firewall issues (was: Volume levels drop on MD)
« on: November 29, 2015, 03:47:40 am »
I'm running the latest 14.04 based on a installation yesterday using LMCE-1404-20151124002031655-i386.  I cannot access the firewall from an outside location.  I've tried enabling it by clicking on the option under "outside access" in the web admin.  I've also tried manually adding access to the firewall and eventually when disabled, I cannot ssh into the box or even access the web admin pages. 

5
In observation of rules #1 and #2....

I installed the 14.04 20150630062­730843 snapshot tonight (on standard dual network setup) and everything seemed to work great, until it rebooted for the 2nd/3rd time and attempted to get nvidia drivers.

I'm transcribing from a recording on my phone, so bear with me with typos...

Code: [Select]
* Staring CheckAVWizard check_avwizard
/etc/X11/xorg.conf is missing.  Using video driver 'nvidia' for ....
*Installing nvidia driver this may take a few minutes . /usr/pluto/bin/nvidia-install.sh
* Starting AVWizard AVWizard_Run.sh

Then it attempts to pull the package, but fails on
Code: [Select]
Err http://archive.ubuntu.com/ubuntu/ trusty-updates/main dkms all 2.2.0.3-1.1ubuntu5.14.04
404 Not round [IP: 91.189.91.13 80]
Faied to fetch...

It thinks it pulled the nvidia driver and says
Code: [Select]
Nvidia driver installation requires a reboot
Please stand by while your system is rebooted

I let it do this 3 times just to make sure it wasn't a fluke.

Is there an easy way to get it to bypass the nvidia install?  I really could do with a headless install, but am perfectly fine with the generic (non-nvidia) driver for what I'm using this for.

6
Installation issues / Re: 14.04 Firewall / Port forwarding
« on: August 10, 2015, 04:54:09 pm »
I think Alblasco1702 got this fixed a little earlier today- advanced firewall shows correctly now on my 12.04 install and there's a pending fix available on the next update that should do the rest.  Maybe wait a few days, grab the update and watch the magic?!?

7
Installation issues / NIC Issue (Working Solution)
« on: August 04, 2015, 03:26:30 am »
Quick background- running 12.04 on a Revo 1600 with a USB NIC.  Only package I've installed (beyond the apt-get update && apt-get upgrade) was to try out Langstron's QOrbiter.  I started with 30/6/2015's 14.04 install, but could not get the NIC's to work.  Tried a couple other dates and settled on 14/6/2015's 12.04 install.  I am pretty sure my NIC's didn't work out of the box with this one either- but somehow I was able to get connected enough to install QOrbiter.  Shut it down for the night and moved the box to the basement.

Skipping steps to the Problem & Solution-
On boot (or manual /etc/init.d/networking restart) I got an error about an incomplete line.  Lines 24-26 of the following are incorrect and get reverted back to this on reboot:
Code: [Select]
#####
# Loopback interface
#####
iface lo inet loopback

#####
# IPv4 network interfaces
#####

# --- External NIC ---
iface eth0 inet dhcp
        pre-up sysctl -q -e -w  net.ipv6.conf.eth0.disable_ipv6=1

# --- Internal NIC ---
iface eth1 inet static
        address 192.168.80.1
        netmask 255.255.255.0
        pre-up sysctl -q -e -w  net.ipv6.conf.eth1.disable_ipv6=1
        # DNS Settings for Internal Net
        dns-nameservers 192.168.80.1
        dns-search LinuxMCE

# ---   ---
iface  inet static
        address
        netmask

#####
# Activating interfaces
#####
auto eth0 eth1 lo


Simply adding # before lines 24 through 26, saving and running "/etc/init.d/networking restart" gets my NIC's running.  (For ease of reference, here are lines 23 through 26:
Code: [Select]
# ---   ---
iface  inet static
        address
        netmask

8
I can report the same- 12.04 install and on the "simple" firewall page, you cannot enter certain fields- e.g. forward incoming port 8005 to 192.168.80.5 port 8005. 

I think you can get it done on the "advanced" firewall pages.


Quick edit to this- if you are on the "simple" firewall page and create a rule, if you click "edit" on the right hand side, you get to fill in more details (including the to: port).  Still, the columns seem to be shifted over- for example, under "source port" you get a drop down box of the available protocols, not an option to enter the source port. 

All I was trying to do was enable access on port 80 and 22.  Clicking through "Outside Access" -> enable remote on 22 and 80 did not work.  I can't be 100%, but I think clicking those boxes added rules to my firewall that don't make sense.  For example, I now have 4 nearly identical rules that take source port "udp" and forward it to destination 67 (or 68 for two of the rules).  "Allow DHCP" is written in the unnamed column to the right of "description".

9
Users / Re: Dianemo Installation
« on: March 19, 2015, 12:58:57 am »
Quick update/reply to may post.  After update && upgrade on the standard Ubuntu packages (pre-Dianemo) my nics were not supported by default.  Don't fully understand why, but not a Dianemo issue.

That said, Andrew and his Dianemo team were extremely responsive and helpful getting the system up and running- beyond the scope of what I thought my license did/should have included.

In-laws are happy again to have their squeezeboxes running.

10
Users / Dianemo Installation
« on: March 08, 2015, 01:44:30 am »
Completely changing my post as I've done a complete reinstall of 12.04.

I've tried the dianemo-installer 1.20 and 1.21 (on different installation attempts) and both return the same result.  Ubuntu says, "The system network services are not compatible with this version." 

ifconfig only lists my lo at 127.00.1.  lshw -class network, however lists my wireless adapters in addition to both of my wired connections.  After the 12.04 install, both NICs worked just fine- it was only (guessing) 3/4 of the way through the Dianemo install that it died.

Install log just reflects "Installation FAILED: Nerve Centre".

Any thoughts on getting this back up? 

Here's my lspci -nnk | grep -i -A2 net:

Quote
02:00.0 Network controller [0280]: Realtek Semiconductor Co., Ltd. RTL8188EE Wireless Network Adapter [10ec:8179] (rev 01)
   Subsystem: Hewlett-Packard Company Device [103c:197d]
   Kernel driver in use: rtl8188ee
--
05:00.0 Ethernet controller [0200]: Realtek Semiconductor Co., Ltd. RTL8101E/RTL8102E PCI Express Fast Ethernet controller [10ec:8136] (rev 07)
   Subsystem: Hewlett-Packard Company Device [103c:1982]
   Kernel driver in use: r8169

Next edit- was able to edit /etc/network/interfaces, set eth0 to dhcp, ifup eth0 to not have an ip.  Running dianemo-software-update.sh just tells me that "package dianemo-orbiter is not configured yet".

11
OK- recent revisions to the firewall go a long way to getting this accomplished, but I've seen a few bugs:

1) If you use the simple (as compared with "Advanced Firewall Settings") configuration and edit a rule, the "save" text is not clickable, so there is no way to save the changes.
2) If you add a forward rule that applies to TCP and UDF, whatever you put in the "Description" box is saved into the "Limit to IP" box.
3) There isn't an option to type in the source port- in its place is a dropdown for the protocol.  What you type in for the destination port gets entered as the source port when saved.


Anyone else experience this?

12.04, updated tonight (July 19).

12
Users / Re: zwave network lockups/delays
« on: June 13, 2014, 05:14:40 am »
I've had this when one of my nodes (plug-in dimmer) was unplugged.  I made up the scenario that the system was trying to "talk" to the missing node for a while, would give up and then catch-up with the string of commands.

I have no documentation to support this hypothesis.

13
Cool, I think that was a yes to my question regarding the input/forward.  Look forward to testing once you get it patched.

14
Albasco1702- going to try to catch you here rather then IRC as I think we're in vastly different timezones and I'm not sure if my client timed out before you finished your instructions.

What I saw you wrote was to use nat prerouting destination port.  So to forward incoming port 8090 to 80 on 192.168.80.2, I would do:
Quote
destinationport 8090:80 destination 192.168.80.2 ACCEPT

And then
Quote
forward destinationport 80 destinationip 192.168.80.2 ACCEPT

I'm guessing this all has to be done using the Advanced Firewall Settings option from the web admin.  Is the 1st part using eth1 (external nic) and the 2nd part using eth0 (external nic)?

Do you have plans of adding the ability to do this to the "simple" firewall version?

15
The new firewall page is cool- takes care of the things I asked for above. 

That said, how do you use it?  I have a fully updated 1204 system and went to add a new rule.  Selected IPv4 from the dropdown and entered the port I wanted forwarded- all good.  But, the boxes for entering the destination port and ip are not options to type into on Firefox 28.0 (kubuntu box) or rekong (0.9.1)- I haven't tried other browsers.  Even adding the rule and clicking edit doesn't let you modify the forward to port or the destination IP.

Pages: [1] 2 3 ... 17