Network2/Experiments/OpenWRT
< Network2 | Experiments
Jump to navigation
Jump to search
Installed OpenWRT.
Found that I could no longer ping my IP address from crank.
Examined firewall:
iptables -t mangle -L
Good, no mangling.
iptables -t nat -L
Some NAT, but just a couple of MASQUERADE rules.
iptables -t filter -L
Lots of filtering. In more detail:
iptables -t filter -L INPUT
Some complicated chains:
- syn_flood rate-limits TCP connection control packets.
- input_rule is empty
- input has subchains for zone_wan and zone_lan.
- zone_lan accepts everything.
- zone_wan rejects everything not accepted by input_wan.
Okay, let's add an accept rule to input_wan:
iptables -t filter -A input_wan -p icmp -j ACCEPT
Alternately, add:
config 'rule' option 'target' 'ACCEPT' option '_name' 'ping' option 'src' 'wan' option 'proto' 'icmp'
to /etc/config/firewall (or to /etc/firewall.user?)
radvd
Note that the prefix here that we want to advertise is called the 'routed /64' by tunnelbroker.
cat > /etc/config/radvd <<EOF config interface option interface 'lan' option AdvSendAdvert 1 option AdvManagedFlag 0 option AdvOtherConfigFlag 0 option AdvHomeAgentFlag 0 option ignore 0 config prefix option interface 'lan' option prefix '2001:470:1f07:6f7::/64' option AdvOnLink 1 option AdvAutonomous 1 option AdvRouterAddr 0 option ignore 0 EOF /etc/init.d/radvd start