News:

Rule #1 - Be Patient - Rule #2 - Don't ask when, if you don't contribute - Rule #3 - You have coding skills - LinuxMCE's small brother is available: http://www.agocontrol.com

Main Menu

14.04 Firewall / Port forwarding

Started by brononius, June 04, 2015, 03:04:10 PM

Previous topic - Next topic

brononius

Is it possible that there's an issue with the port forwarding in the firewall part?
When I add a rule to forward port 10100 towards 192.168.111.100:80 , it's not being added.

It doesn't show up in my iptables either...


dcerouter_1044981:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  192.168.111.0/24    !192.168.111.0/24 
Version: linuxMCE 1404, running virtual on ESXi

Orbiters: ASUS eeePAD, Nexus 5, Huwai, web
Automation: EIB technology, KNX IP ROUTER 750
Phones: Cisco 7912-7940-7960
Camera's: Foscam POE

phenigma

Anything is possible, none of the firewall aspects have been tested in 1404 by anyone that I know of.  Alblasco is the man to speak with about any firewall issues.

J.
My setup: [url="http://wiki.linuxmce.org/index.php/User:Phenigma"]http://wiki.linuxmce.org/index.php/User:Phenigma[/url]

danr677

I think it could be a general problem, I can't add input rules (e.g. ssh ) in the firewall with the latest 2 iso images for 12.04.

phenigma

Shitty.  Can you make a ticket for Alblasco and reference this thread so he has some background to work with?

J.

ps.  Thanks for testing and reporting!
My setup: [url="http://wiki.linuxmce.org/index.php/User:Phenigma"]http://wiki.linuxmce.org/index.php/User:Phenigma[/url]

brononius

Version: linuxMCE 1404, running virtual on ESXi

Orbiters: ASUS eeePAD, Nexus 5, Huwai, web
Automation: EIB technology, KNX IP ROUTER 750
Phones: Cisco 7912-7940-7960
Camera's: Foscam POE

Alblasco1702

Bronius,

i prepared a fix can you test it on 14.04 please?

Cheers -FR-

darkwizard864

still the same thing in 12.04
iptables -vnL
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination
1824K 7695M BLOCKLIST  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x3F/0x29
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x3F/0x3F
    1  1500 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x3F/0x00
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x06/0x06
    1    40 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x03/0x03
    1    40 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x11/0x01
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcpflags: 0x3F/0x37
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x1
  14M   20G ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0            /* Allow_Loopback */
1939M  805G ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED /* Allow_Established */
412K   51M ACCEPT     udp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            /* Allow_DHCP */
107K   27M ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0
322K   43M ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0
104K 5314K ACCEPT     all  --  eth1   *       192.168.80.0/24      0.0.0.0/0            /* Allow_Local_Network */
    0     0 REJECT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
    0     0 REJECT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 REJECT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0              reject-with icmp-port-unreachable
    0     0 REJECT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0              reject-with icmp-port-unreachable

Chain FORWARD (policy DROP 0 packets, 0 bytes)

brononius

Quote from: Alblasco1702 on July 24, 2015, 12:58:12 PM
i prepared a fix can you test it on 14.04 please?

Sorry for the late response, I was on holiday...

How can I test it for you?
Version: linuxMCE 1404, running virtual on ESXi

Orbiters: ASUS eeePAD, Nexus 5, Huwai, web
Automation: EIB technology, KNX IP ROUTER 750
Phones: Cisco 7912-7940-7960
Camera's: Foscam POE

huh

I think Alblasco1702 got this fixed a little earlier today- advanced firewall shows correctly now on my 12.04 install and there's a pending fix available on the next update that should do the rest.  Maybe wait a few days, grab the update and watch the magic?!?

Alblasco1702

bronius you can test it now when you update and upgrade.
the fixes should be in by now.

Cheers

-FR-