Network2/Experiments/OpenWRT

From OLPC
< Network2‎ | Experiments
Revision as of 17:46, 9 January 2010 by Mstone (talk | contribs)
Jump to navigation Jump to search

Installed OpenWRT.

Found that I could no longer ping my IP address from crank.

Examined firewall:

iptables -t mangle -L

Good, no mangling.

iptables -t nat -L

Some NAT, but just a couple of MASQUERADE rules.

iptables -t filter -L

Lots of filtering. In more detail:

iptables -t filter -L INPUT

Some complicated chains:

  • syn_flood rate-limits TCP connection control packets.
  • input_rule is empty
  • input has subchains for zone_wan and zone_lan.
  • zone_lan accepts everything.
  • zone_wan rejects everything not accepted by input_wan.

Okay, let's add an accept rule to input_wan:

iptables -t filter -A input_wan -p icmp -j ACCEPT