I installed LMCE-1404-20151124002031655-i386 on Nov 27, 2015 using what used to be a standard install- dual nics, nvidia graphics. Sarah loaded, my SqueezeBox was found and installed correctly- that's all I tested that worked.
What didn't work is ssh or remote access of the web admin pages. I opened the web admin pages from the core and opened the "outside access" page from the left hand menu. Enabling remote access on ports 80, 8080 and ssh on 22 did not allow me to remotely access the core. I manually added rules using the advanced pages- both as a core input and as NAT preforwarding to both 192.168.80.1 and 127.0.0.1, but no success. I did the rules separately, so the different rule types separately, so there was no overlap of firewall commands. Only disabling the firewall (IPv4 only, btw, I did not test IPv6) allowed me access- even then, no ssh.
If it matters, I also tried sshing out of the core and was not able to do that either. Doing some generic searching led me to looking at the installed keys ("ssh-add -l") and these possible solutions: http://stackoverflow.com/questions/17846529/could-not-open-a-connection-to-your-authentication-agent
As for me, I'm dumping 14.04 and changing to 12.04.
Edit: Same applies to 12.04. I am able to access the web admin pages remotely only after disabling the firewall. I am not able to ssh into the box from either externally or internally (x.x.80.x address) without or without the firewall enabled.
I mean this with any implied criticism or sarcasm- there seem to be very few of us with firewall issues. Is that from most using older versions or am I doing something fairly unique with the firewall? That is, do most rely on another device (router, etc ) for the firewall, or do you not do any port forwarding/ssh at the core? I ask because if there is a better (read: more mainstream) approach, I'm more than happy to change.
iptables -nvL:
Chain INPUT (policy DROP 4 packets, 160 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x3F/0x29
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x3F/0x3F
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x3F/0x00
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x06/0x06
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x03/0x03
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x11/0x01
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x3F/0x37
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x1
1978 425K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 /* Allow_Loopback */
854 185K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED /* Allow_Established */
285 41433 ACCEPT udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 /* Allow_DHCP */
1078 225K ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 /* Allow_DHCP */
13 780 ACCEPT all -- eth1 * 192.168.80.0/24 0.0.0.0/0 /* Allow_Local_Network */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 127.0.0.1 tcp dpt:80 /* Remote_Access */
0 0 ACCEPT udp -- * * 0.0.0.0/0 127.0.0.1 udp dpt:80 /* Remote_Access */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 127.0.0.1 tcp dpt:22 /* SSH */
0 0 ACCEPT udp -- * * 0.0.0.0/0 127.0.0.1 udp dpt:22 /* SSH */
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo lo 0.0.0.0/0 0.0.0.0/0 /* Allow_Loopback */
3757 1411K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED /* Allow_Established */
100 6032 ACCEPT all -- eth1 * 192.168.80.0/24 0.0.0.0/0 /* Allow_Local_Network */
Chain OUTPUT (policy ACCEPT 4825 packets, 708K bytes)
pkts bytes target prot opt in out source destination
Thank you for the detailed post and information! Hopefully Alblasco can make something of this in his work on 1204.
I share some of your issues with the firewall. I am able to disable the firewall and ssh works perfectly internally and externally for me. For myself, I do a lot of testing and installing. I use a separate router/firewall for my internet connection that I place my core(s) behind. That being said, we would definitely like to see our firewall fully functional again.
J.
I was fighting a lack of ssh access on my internal network too on a recent install.
I suspected the firewall too but disabling it or allowing port 22 didn't help.
In the end:
sudo dpkg-reconfigure openssh-server
re-generated the host keys and now I have ssh access, with firewall enabled, maybe the keys aren't getting generated correctly on install.
I haven't tried external access yet.
-Coley.
I have verified the ssh issue on a fresh dvd install of 1204. Thanks for the info Coley! I'll find out where this should be happening and check/reintroduce it. Likely fell out in my re-jig of the installation methods.
J.
The ssh keys will be regenerated properly on installs again once the pkgs and dvds are rebuilt. Thanks guys.
J.
Great news- I'll test it as soon as possible.
What about port forwarding? Have you been able to test that? For an example, I'd like to forward port 8008 to my Ago box downstream of LMCE. I should be able to use the prerouting port forwarding to forward the incoming 8008 to 192.168.80.x:8008, but the request times out.
Unfortunately iptables is outside my realm of expertise, it is on my list to explore but I have to leave that to Alblasco at the moment. :P
J.
Working: Finally got access to it and did a full apt-get update/upgrade (still 12.04 system)- the remote access (port 80) works going to "Outside Access" and enabling it. Access on port 22 did not work until applying Coley's solution (sudo dpkg-reconfigure openssh-server). I'll try from an external network tomorrow.
Not Working: Adding nat port_forwarding does not work. After clicking "add" after plugging in the fields, the page refreshes, but the rule does not show on either the basic or advanced configuration page.
iptables -nvL:
Chain INPUT (policy DROP 9 packets, 360 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x3F/0x29
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x3F/0x3F
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x3F/0x00
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x06/0x06
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x03/0x03
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x11/0x01
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x3F/0x37
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x1
1807 185K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 /* Allow_Loopback */
2191 306K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED /* Allow_Established */
2894 546K ACCEPT udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 /* Allow_DHCP */
81 18310 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 /* Allow_DHCP */
69 3980 ACCEPT all -- eth1 * 192.168.80.0/24 0.0.0.0/0 /* Allow_Local_Network */
0 0 ACCEPT all -- eth1 * 192.168.81.0/24 0.0.0.0/0 /* Allow_Local_Network */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 127.0.0.1 tcp dpt:80 /* Remote_Access */
0 0 ACCEPT udp -- * * 0.0.0.0/0 127.0.0.1 udp dpt:80 /* Remote_Access */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 127.0.0.1 tcp dpt:22 /* SSH */
0 0 ACCEPT udp -- * * 0.0.0.0/0 127.0.0.1 udp dpt:22 /* SSH */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 /* webadmin */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 /* ssh_access */
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo lo 0.0.0.0/0 0.0.0.0/0 /* Allow_Loopback */
9071 4051K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED /* Allow_Established */
651 60782 ACCEPT all -- eth1 * 192.168.80.0/24 0.0.0.0/0 /* Allow_Local_Network */
0 0 ACCEPT all -- eth1 * 192.168.81.0/24 0.0.0.0/0 /* Allow_Local_Network */
0 0 ACCEPT all -- eth1 * 192.168.81.0/24 0.0.0.0/0 /* Allow_Local_Network */
Chain OUTPUT (policy ACCEPT 6794 packets, 901K bytes)
pkts bytes target prot opt in out source destination