<div dir="ltr"><div><div><div>Hey Tim,<br><br></div>Tomato doesn't have iptables-save. But when I get home I'll post my iptables config file.<br><br></div>Cheers,<br><br></div>Randy<br><div><div><br><br></div></div>
</div><div class="gmail_extra"><br clear="all"><div><div dir="ltr"><div><br><br>Oscar Developer<br>McMaster University<br>175 Longwood Road South, Suite 201A<br>Hamilton ON L8P 0A1<br>905 525 9140 x27735</div><div><br></div>
<div><font style="font-family:comic sans ms,sans-serif"><strong>There are too many gentlemen in England by five hundred</strong></font></div><div><font style="font-family:comic sans ms,sans-serif"><strong>--Robert Burnam 1549</strong></font></div>
</div></div>
<br><br><div class="gmail_quote">On Mon, Apr 8, 2013 at 11:29 AM, Tim Tisdall <span dir="ltr"><<a href="mailto:tisdall-DXT9u3ndKiSh7up9GtFB90EOCMrvLtNR@public.gmane.org" target="_blank">tisdall-DXT9u3ndKiSh7up9GtFB90EOCMrvLtNR@public.gmane.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Okay, my knowledge of iptables is fairly limited... I was just looking at the rules on one of my servers and noticed that when I did "iptables --list" it said under INPUT "ACCEPT all -- anywhere anywhere" but the actual rule was "-A INPUT -i lo -j ACCEPT" which says to accept all loopback traffic. So, your duplicate rules may not be duplicates, it's just not displaying enough information (maybe). Are you able to run "iptables-save"? That outputs the options you'd pass at the command line to recreate your current rules.</div>
<div class="HOEnZb"><div class="h5">
<div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Apr 8, 2013 at 11:00 AM, Randy Jonasz <span dir="ltr"><<a href="mailto:rjonasz-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org" target="_blank">rjonasz-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div><div><div>Hey Tim,<br><br></div>The problem is that when I try to ssh to my computer from outside, the connection times out. I've tried connecting to my vpn ip and the ip my isp assigns me but both time out.<br>
<br></div>Thanks!<br><br></div>Randy<br></div><div class="gmail_extra"><br clear="all"><div><div dir="ltr"><div><br><br>Oscar Developer<br>McMaster University<br>175 Longwood Road South, Suite 201A<br>Hamilton ON L8P 0A1<br>
<a href="tel:905%20525%209140%20x27735" value="+19055259140" target="_blank">905 525 9140 x27735</a></div><div><br></div><div><font style="font-family:comic sans ms,sans-serif"><strong>There are too many gentlemen in England by five hundred</strong></font></div>
<div><font style="font-family:comic sans ms,sans-serif"><strong>--Robert Burnam 1549</strong></font></div>
</div></div><div><div>
<br><br><div class="gmail_quote">On Mon, Apr 8, 2013 at 9:15 AM, Tim Tisdall <span dir="ltr"><<a href="mailto:tisdall-DXT9u3ndKiSh7up9GtFB90EOCMrvLtNR@public.gmane.org" target="_blank">tisdall-DXT9u3ndKiSh7up9GtFB90EOCMrvLtNR@public.gmane.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hey Randy.. What specifically is not working? We know what you've done and what you're trying to do, but not what the problem is.<div><br></div><div>At first glance, though, you should probably eliminate all those duplicate entries to at least make it easier to wade through.</div>
<span><font color="#888888">
<div><br></div><div>-Tim</div></font></span></div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">On Sun, Apr 7, 2013 at 11:59 AM, Randy Jonasz <span dir="ltr"><<a href="mailto:rjonasz-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org" target="_blank">rjonasz-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Everyone,<div><br></div><div>I was wondering if anyone could help solve a problem I'm having with port forwarding on a tomato router set up to connect to a nas via rsync and another computer via ssh. Any help would be greatly appreciated. Here's where I am at now:</div>
<div><br></div><div>Tomato v1.28.0000 MIPSR2-106 K26 USB Mega-VPN</div><div><div>root@Rorty:/tmp/home/root# ip route show</div><div>10.3.12.1 dev ppp0 proto kernel scope link src 173.234.144.211 </div><div>207.210.24.1 dev vlan2 scope link </div>
<div>173.234.144.194 via 207.210.24.1 dev vlan2 </div><div><a href="http://192.168.1.0/24" target="_blank">192.168.1.0/24</a> dev br0 proto kernel scope link src 192.168.1.1 </div><div><a href="http://207.210.24.0/22" target="_blank">207.210.24.0/22</a> dev vlan2 proto kernel scope link src 207.210.24.187 </div>
<div><a href="http://127.0.0.0/8" target="_blank">127.0.0.0/8</a> dev lo scope link </div><div>default dev ppp0 scope link </div><div>default via 207.210.24.1 dev vlan2 </div><div>root@Rorty:/tmp/home/root# iptables -L</div>
<div>Chain INPUT (policy DROP)</div>
<div>target prot opt source destination </div><div>ACCEPT all -- anywhere anywhere </div><div>ACCEPT all -- anywhere anywhere </div><div>
ACCEPT all -- anywhere anywhere </div><div>ACCEPT all -- <a href="http://0.0.0.0/24" target="_blank">0.0.0.0/24</a> anywhere </div><div>DROP all -- anywhere <a href="http://wan-ip.rjonasz.org" target="_blank">wan-ip.rjonasz.org</a> </div>
<div>DROP all -- anywhere anywhere state INVALID </div><div>ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED </div><div>shlimit tcp -- anywhere anywhere tcp dpt:ssh state NEW </div>
<div>ACCEPT all -- anywhere anywhere </div><div>ACCEPT all -- anywhere anywhere </div><div>ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc </div>
<div>ACCEPT tcp -- anywhere anywhere tcp dpt:ssh </div><div><br></div><div>Chain FORWARD (policy DROP)</div><div>target prot opt source destination </div><div>TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU </div>
<div>ACCEPT all -- anywhere anywhere </div><div>ACCEPT all -- anywhere anywhere </div><div>TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU </div>
<div>ACCEPT all -- anywhere anywhere </div><div>ACCEPT all -- anywhere anywhere </div><div>TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU </div>
<div>ACCEPT all -- anywhere anywhere </div><div>ACCEPT all -- anywhere anywhere </div><div>TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU </div>
<div>ACCEPT all -- <a href="http://0.0.0.0/24" target="_blank">0.0.0.0/24</a> anywhere </div><div>ACCEPT all -- anywhere <a href="http://0.0.0.0/24" target="_blank">0.0.0.0/24</a> </div>
<div> all -- anywhere anywhere account: network/netmask: <a href="http://192.168.1.0/255.255.255.0" target="_blank">192.168.1.0/255.255.255.0</a> name: lan </div>
<div>ACCEPT all -- anywhere anywhere </div><div>DROP all -- anywhere anywhere state INVALID </div><div>TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU </div>
<div>ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED </div><div>wanin all -- anywhere anywhere </div><div>wanout all -- anywhere anywhere </div>
<div>ACCEPT all -- anywhere anywhere </div><div><br></div><div>Chain OUTPUT (policy ACCEPT)</div><div>target prot opt source destination </div><div>ACCEPT all -- anywhere anywhere </div>
<div>ACCEPT all -- anywhere anywhere </div><div>ACCEPT all -- anywhere anywhere </div><div>ACCEPT all -- anywhere <a href="http://0.0.0.0/24" target="_blank">0.0.0.0/24</a> </div>
<div><br></div><div>Chain shlimit (1 references)</div><div>target prot opt source destination </div><div> all -- anywhere anywhere recent: SET name: shlimit side: source </div>
<div>DROP all -- anywhere anywhere recent: UPDATE seconds: 60 hit_count: 4 name: shlimit side: source </div><div><br></div><div>Chain wanin (1 references)</div><div>target prot opt source destination </div>
<div>ACCEPT tcp -- anywhere 192.168.1.11 tcp dpt:ssh </div><div>ACCEPT udp -- anywhere 192.168.1.11 udp dpt:ssh </div><div>ACCEPT tcp -- anywhere <a href="http://ix2-200-TI85JF.rjonasz.org" target="_blank">ix2-200-TI85JF.rjonasz.org</a> tcp dpt:rsync </div>
<div>ACCEPT udp -- anywhere <a href="http://ix2-200-TI85JF.rjonasz.org" target="_blank">ix2-200-TI85JF.rjonasz.org</a> udp dpt:rsync </div><div><br></div><div>Chain wanout (1 references)</div><div>target prot opt source destination </div>
<div>root@Rorty:/tmp/home/root# iptables -t nat -L </div><div>Chain PREROUTING (policy ACCEPT)</div><div>target prot opt source destination </div><div>WANPREROUTING all -- anywhere <a href="http://wan-ip.rjonasz.org" target="_blank">wan-ip.rjonasz.org</a> </div>
<div>DROP all -- anywhere <a href="http://192.168.1.0/24" target="_blank">192.168.1.0/24</a> </div><div><br></div><div>Chain POSTROUTING (policy ACCEPT)</div><div>target prot opt source destination </div>
<div>SNAT tcp -- <a href="http://192.168.1.0/24" target="_blank">192.168.1.0/24</a> 192.168.1.11 tcp dpt:ssh to:207.210.24.187 </div><div>SNAT udp -- <a href="http://192.168.1.0/24" target="_blank">192.168.1.0/24</a> 192.168.1.11 udp dpt:ssh to:207.210.24.187 </div>
<div>SNAT tcp -- <a href="http://192.168.1.0/24" target="_blank">192.168.1.0/24</a> <a href="http://ix2-200-TI85JF.rjonasz.org" target="_blank">ix2-200-TI85JF.rjonasz.org</a> tcp dpt:rsync to:207.210.24.187 </div>
<div>SNAT udp -- <a href="http://192.168.1.0/24" target="_blank">192.168.1.0/24</a> <a href="http://ix2-200-TI85JF.rjonasz.org" target="_blank">ix2-200-TI85JF.rjonasz.org</a> udp dpt:rsync to:207.210.24.187 </div>
<div>MASQUERADE all -- anywhere anywhere </div><div>MASQUERADE all -- anywhere anywhere </div><div>MASQUERADE all -- anywhere anywhere </div><div>
MASQUERADE all -- anywhere anywhere </div><div><br></div><div>Chain OUTPUT (policy ACCEPT)</div><div>target prot opt source destination </div><div><br></div><div>Chain WANPREROUTING (1 references)</div>
<div>target prot opt source destination </div><div>DNAT icmp -- anywhere anywhere to:192.168.1.1 </div><div>DNAT tcp -- anywhere anywhere tcp dpt:2222 to:<a href="http://192.168.1.11:22" target="_blank">192.168.1.11:22</a> </div>
<div>DNAT udp -- anywhere anywhere udp dpt:2222 to:<a href="http://192.168.1.11:22" target="_blank">192.168.1.11:22</a> </div><div>DNAT tcp -- anywhere anywhere tcp dpt:rsync to:<a href="http://192.168.1.8:873" target="_blank">192.168.1.8:873</a> </div>
<div>DNAT udp -- anywhere anywhere udp dpt:rsync to:<a href="http://192.168.1.8:873" target="_blank">192.168.1.8:873</a> </div><div><br></div><div>Thanks,</div><div><br></div><div>Randy</div>
</div></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div></div></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>