Network2/Experiments/OpenWRT: Difference between revisions

From OLPC
Jump to navigation Jump to search
mNo edit summary
mNo edit summary
Line 32: Line 32:
iptables -t filter -A input_wan -p icmp -j ACCEPT
iptables -t filter -A input_wan -p icmp -j ACCEPT


Alternately, add:

config 'rule'
option 'target' 'ACCEPT'
option '_name' 'ping'
option 'src' 'wan'
option 'proto' 'icmp'

to <tt>/etc/config/firewall</tt> (or to <tt>/etc/firewall.user</tt>?)

== radvd ==

Note that the prefix here that we want to advertise is called the 'routed /64' by tunnelbroker.


cat > /etc/config/radvd <<EOF
cat > /etc/config/radvd <<EOF

Revision as of 18:46, 9 January 2010

Installed OpenWRT.

Found that I could no longer ping my IP address from crank.

Examined firewall:

iptables -t mangle -L

Good, no mangling.

iptables -t nat -L

Some NAT, but just a couple of MASQUERADE rules.

iptables -t filter -L

Lots of filtering. In more detail:

iptables -t filter -L INPUT

Some complicated chains:

  • syn_flood rate-limits TCP connection control packets.
  • input_rule is empty
  • input has subchains for zone_wan and zone_lan.
  • zone_lan accepts everything.
  • zone_wan rejects everything not accepted by input_wan.

Okay, let's add an accept rule to input_wan:

iptables -t filter -A input_wan -p icmp -j ACCEPT

Alternately, add:

config 'rule'
        option 'target' 'ACCEPT'
        option '_name' 'ping'
        option 'src' 'wan'
        option 'proto' 'icmp'

to /etc/config/firewall (or to /etc/firewall.user?)

radvd

Note that the prefix here that we want to advertise is called the 'routed /64' by tunnelbroker.

cat > /etc/config/radvd <<EOF
config interface
        option interface 'lan'
        option AdvSendAdvert 1
        option AdvManagedFlag 0
        option AdvOtherConfigFlag 0
        option AdvHomeAgentFlag 0
        option ignore 0

config prefix 
        option interface 'lan'
        option prefix '2001:470:1f07:6f7::/64'
        option AdvOnLink 1
        option AdvAutonomous 1
        option AdvRouterAddr 0
        option ignore 0
EOF
/etc/init.d/radvd start