cdere
22-04-2007, 14:40
Salve,
ho un router Wi-Fi La Fonera (quel simpatico ap by Fon) che tra l'altro funziona veramente da dio se non fosse per un problema di configurazione interna, vi pasto l'ifconfig di una sessione SSH sul router stesso:
root@OpenWrt:~# ifconfig
ath0 Link encap:Ethernet HWaddr 00:18:84:1E:89:15
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
ath1 Link encap:Ethernet HWaddr 00:18:84:1E:89:16
inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:2290 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth0 Link encap:Ethernet HWaddr 00:18:84:1E:89:14
inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:6056 errors:0 dropped:0 overruns:0 frame:0
TX packets:2060 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:655533 (640.1 KiB) TX bytes:229819 (224.4 KiB)
Interrupt:4 Base address:0x1000
eth0:1 Link encap:Ethernet HWaddr 00:18:84:1E:89:14
inet addr:169.254.255.1 Bcast:169.254.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
Interrupt:4 Base address:0x1000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:5 errors:0 dropped:0 overruns:0 frame:0
TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2180 (2.1 KiB) TX bytes:2180 (2.1 KiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.182.1 P-t-P:192.168.182.1 Mask:255.255.255.0
UP POINTOPOINT RUNNING MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
wifi0 Link encap:Ethernet HWaddr 00:18:84:1E:89:15
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:249 errors:0 dropped:0 overruns:0 frame:402
TX packets:46 errors:2 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:199
RX bytes:15982 (15.6 KiB) TX bytes:2802 (2.7 KiB)
Interrupt:3 Memory:b0000000-b00ffffc
In pratica va up sulla rete cablata con 192.168.0.100 e uppa una rete wifi 192.168.10.x, il punto č che ad esempio dal portatile connesso in wifi 192.168.10.2 riesco a pingare tutta la rete (cablata e non) ed accedo anche ai servizi dei vari pc connessi ma non riesco a fare il contrario cioč, non riesco ad esempio da 192.168.0.2 a pingare -> 192.168.10.2 (il laptop) ma pingo 192.168.10.1 (la fonera) e naturalmente non accedo neanche ai servizi che risiedono sul laptop.
Aiuto raghi :help: :help:
Vi pasto anche la tabella di routing
root@OpenWrt:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.182.0 * 255.255.255.0 U 0 0 0 tun0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
192.168.10.0 * 255.255.255.0 U 0 0 0 ath1
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
default 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
e qui lo script che sembra partire all'avvio per impostare iptables:
root@OpenWrt:/etc# cat firewall.user
#!/bin/sh
# Copyright (C) 2006 OpenWrt.org
. /tmp/network-config
WAN="$wan_ifname"
LAN="$lan_ifname"
iptables -F input_rule
iptables -F output_rule
iptables -F forwarding_rule
iptables -t nat -F prerouting_rule
iptables -t nat -F postrouting_rule
### BIG FAT DISCLAIMER
## The "-i $WAN" is used to match packets that come in via the $WAN interface.
## it WILL NOT MATCH packets sent from the $WAN ip address -- you won't be able
## to see the effects from within the LAN.
### Open port to WAN
## -- This allows port 22 to be answered by (dropbear on) the router
iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j ACCEPT
iptables -A input_rule -i $WAN -p tcp --dport 22 -j ACCEPT
io non ci capisco veramente niente ma grazie mille a chi potesse almeno indirizzarmi sulla retta via :P
ho un router Wi-Fi La Fonera (quel simpatico ap by Fon) che tra l'altro funziona veramente da dio se non fosse per un problema di configurazione interna, vi pasto l'ifconfig di una sessione SSH sul router stesso:
root@OpenWrt:~# ifconfig
ath0 Link encap:Ethernet HWaddr 00:18:84:1E:89:15
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
ath1 Link encap:Ethernet HWaddr 00:18:84:1E:89:16
inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:2290 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth0 Link encap:Ethernet HWaddr 00:18:84:1E:89:14
inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:6056 errors:0 dropped:0 overruns:0 frame:0
TX packets:2060 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:655533 (640.1 KiB) TX bytes:229819 (224.4 KiB)
Interrupt:4 Base address:0x1000
eth0:1 Link encap:Ethernet HWaddr 00:18:84:1E:89:14
inet addr:169.254.255.1 Bcast:169.254.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
Interrupt:4 Base address:0x1000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:5 errors:0 dropped:0 overruns:0 frame:0
TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2180 (2.1 KiB) TX bytes:2180 (2.1 KiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.182.1 P-t-P:192.168.182.1 Mask:255.255.255.0
UP POINTOPOINT RUNNING MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
wifi0 Link encap:Ethernet HWaddr 00:18:84:1E:89:15
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:249 errors:0 dropped:0 overruns:0 frame:402
TX packets:46 errors:2 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:199
RX bytes:15982 (15.6 KiB) TX bytes:2802 (2.7 KiB)
Interrupt:3 Memory:b0000000-b00ffffc
In pratica va up sulla rete cablata con 192.168.0.100 e uppa una rete wifi 192.168.10.x, il punto č che ad esempio dal portatile connesso in wifi 192.168.10.2 riesco a pingare tutta la rete (cablata e non) ed accedo anche ai servizi dei vari pc connessi ma non riesco a fare il contrario cioč, non riesco ad esempio da 192.168.0.2 a pingare -> 192.168.10.2 (il laptop) ma pingo 192.168.10.1 (la fonera) e naturalmente non accedo neanche ai servizi che risiedono sul laptop.
Aiuto raghi :help: :help:
Vi pasto anche la tabella di routing
root@OpenWrt:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.182.0 * 255.255.255.0 U 0 0 0 tun0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
192.168.10.0 * 255.255.255.0 U 0 0 0 ath1
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
default 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
e qui lo script che sembra partire all'avvio per impostare iptables:
root@OpenWrt:/etc# cat firewall.user
#!/bin/sh
# Copyright (C) 2006 OpenWrt.org
. /tmp/network-config
WAN="$wan_ifname"
LAN="$lan_ifname"
iptables -F input_rule
iptables -F output_rule
iptables -F forwarding_rule
iptables -t nat -F prerouting_rule
iptables -t nat -F postrouting_rule
### BIG FAT DISCLAIMER
## The "-i $WAN" is used to match packets that come in via the $WAN interface.
## it WILL NOT MATCH packets sent from the $WAN ip address -- you won't be able
## to see the effects from within the LAN.
### Open port to WAN
## -- This allows port 22 to be answered by (dropbear on) the router
iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j ACCEPT
iptables -A input_rule -i $WAN -p tcp --dport 22 -j ACCEPT
io non ci capisco veramente niente ma grazie mille a chi potesse almeno indirizzarmi sulla retta via :P