LinuxMCE Forums

General => Installation issues => Topic started by: brononius on June 04, 2015, 03:04:10 pm

Title: 14.04 Firewall / Port forwarding
Post by: brononius on June 04, 2015, 03:04:10 pm

Is it possible that there's an issue with the port forwarding in the firewall part?
When I add a rule to forward port 10100 towards 192.168.111.100:80 , it's not being added.

It doesn't show up in my iptables either...

Code: [Select]

dcerouter_1044981:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  192.168.111.0/24    !192.168.111.0/24 

Title: Re: 14.04 Firewall / Port forwarding
Post by: phenigma on June 05, 2015, 12:11:28 am

Anything is possible, none of the firewall aspects have been tested in 1404 by anyone that I know of.  Alblasco is the man to speak with about any firewall issues.

J.

Title: Re: 14.04 Firewall / Port forwarding
Post by: danr677 on June 05, 2015, 03:24:49 am

I think it could be a general problem, I can't add input rules (e.g. ssh ) in the firewall with the latest 2 iso images for 12.04.

Title: Re: 14.04 Firewall / Port forwarding
Post by: phenigma on June 05, 2015, 09:30:09 am

Shitty.  Can you make a ticket for Alblasco and reference this thread so he has some background to work with?

J.

ps.  Thanks for testing and reporting!

Title: Re: 14.04 Firewall / Port forwarding
Post by: brononius on June 05, 2015, 09:55:32 am

Ticket created: http://svn.linuxmce.org/trac/ticket/2368

Title: Re: 14.04 Firewall / Port forwarding
Post by: Alblasco1702 on July 24, 2015, 12:58:12 pm

Bronius,

 i prepared a fix can you test it on 14.04 please?

Cheers -FR-

Title: Re: 14.04 Firewall / Port forwarding
Post by: darkwizard864 on July 24, 2015, 08:29:20 pm

still the same thing in 12.04
iptables -vnL
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
1824K 7695M BLOCKLIST  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x3F/0x29
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x3F/0x3F
    1  1500 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x3F/0x00
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x06/0x06
    1    40 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x03/0x03
    1    40 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x11/0x01
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x3F/0x37
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x1
  14M   20G ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0            /* Allow_Loopback */
1939M  805G ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED /* Allow_Established */
 412K   51M ACCEPT     udp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            /* Allow_DHCP */
 107K   27M ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0
 322K   43M ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0
 104K 5314K ACCEPT     all  --  eth1   *       192.168.80.0/24      0.0.0.0/0            /* Allow_Local_Network */
    0     0 REJECT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
    0     0 REJECT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 REJECT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0              reject-with icmp-port-unreachable
    0     0 REJECT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0              reject-with icmp-port-unreachable

Chain FORWARD (policy DROP 0 packets, 0 bytes)

Title: Re: 14.04 Firewall / Port forwarding
Post by: brononius on August 10, 2015, 09:17:11 am

Quote from: Alblasco1702 on July 24, 2015, 12:58:12 pm

i prepared a fix can you test it on 14.04 please?

Sorry for the late response, I was on holiday...

How can I test it for you?

Title: Re: 14.04 Firewall / Port forwarding
Post by: huh on August 10, 2015, 04:54:09 pm

I think Alblasco1702 got this fixed a little earlier today- advanced firewall shows correctly now on my 12.04 install and there's a pending fix available on the next update that should do the rest.  Maybe wait a few days, grab the update and watch the magic?!?

Title: Re: 14.04 Firewall / Port forwarding
Post by: Alblasco1702 on August 17, 2015, 04:12:27 pm

bronius you can test it now when you update and upgrade.
the fixes should be in by now.

Cheers

-FR-