[ previous ] [ next ] [ threads ]
 
 From:  Peter Allgeyer <allgeyer at web dot de>
 To:  Daniel Heise <daniel dot heise at dhml dot de>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Can't access my briding adsl modem
 Date:  Wed, 17 Aug 2005 13:13:11 +0200
Hi Daniel!

Am Mittwoch, den 17.08.2005, 12:35 +0200 schrieb Daniel Heise:
> Could you find something in the status output?
There are some interesting things. You can test every step by using
exec.php and looking at the result with exec.php or status.php. FInally
insert the appropriate lines as <shellcmd>.

rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=40<POLLING>
	inet 150.150.150.1 netmask 0xffff0000 broadcast 255.255.255.0

(1) Wrong mask/broadcast. Don't ask me why. Could be a problem,
but the real one lies here:

ipnat -lv 
List of active MAP/Redirect filters:
map ng0 192.168.0.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map ng0 192.168.0.0/24 -> 0.0.0.0/32 portmap tcp/udp auto
map ng0 192.168.0.0/24 -> 0.0.0.0/32

(2) This line is missing:
map rl0 192.168.0.0/24 -> 0.0.0.0/32

Next thing:
ipfstat -nio 
@1 pass out quick on lo0 from any to any
@2 pass out quick on rl1 proto udp from 192.168.0.1/32 port = 67 to any port = 68
@3 pass out quick on ng0 proto udp from any port = 68 to any port = 67
@4 pass out quick on rl1 from any to any keep state
@5 pass out quick on ng0 from any to any keep state
@6 block out log quick from any to any

(3) Here you'll have to insert a rule:
@6 pass out quick on rl0 from any to any keep state

The current rule with number six will then become number seven.

(4) Commands in config.xml should be:
<shellcmd>/sbin/ifconfig rl0 inet 150.150.150.1/24</shellcmd>
<shellcmd>/bin/echo "@6 pass out quick on rl0 from any to any keep state" | /sbin/ipf -f
-</shellcmd>
<shellcmd>/bin/echo "map rl0 192.168.0.0/24 -> 0.0.0.0/32" | /sbin/ipnat -f -</shellcmd>        

You don't need an IP-Alias, because there isn't any address configured
for rl0. Replace "@7" with "@6", so the rule will be inserted before the
"block out" rule. Make these changes to the config.xml.

(5) Reboot firewall afterwards and tell me the result.

Ciao ...
	... PIT ...


---------------------------------------------------------------------------
 copyleft(c) by |   _-_     Less is more or less more  -- Y_Plentyn
 Peter Allgeyer | 0(o_o)0   on #LinuxGER
---------------oOO--(_)--OOo-----------------------------------------------