Network2/Experiments/OpenWRT

From OLPC
< Network2‎ | Experiments
Revision as of 17:25, 9 January 2010 by Mstone (talk | contribs) (New page: Installed OpenWRT. Found that I could no longer ping my IP address from crank. Examined firewall: iptables -t mangle -L Good, no mangling. iptables -t nat -L Some NAT, but just a c...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Installed OpenWRT.

Found that I could no longer ping my IP address from crank.

Examined firewall:

iptables -t mangle -L

Good, no mangling.

iptables -t nat -L

Some NAT, but just a couple of MASQUERADE rules.

iptables -t filter -L

Lots of filtering. In more detail:

iptables -t filter -L INPUT

Some complicated chains:

  • syn_flood rate-limits TCP connection control packets.
  • input_rule is empty
  • input has subchains for zone_wan and zone_lan.
  • zone_lan accepts everything.
  • zone_wan rejects everything not accepted by input_wan.

Okay, let's add an accept rule to input_wan:

iptables -t filter -A input_wan -p icmp -j ACCEPT