Port Forwarding with PPTP vpn connection on tomato router
Randy Jonasz
rjonasz-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Mon Apr 8 15:45:06 UTC 2013
Hey Tim,
Tomato doesn't have iptables-save. But when I get home I'll post my
iptables config file.
Cheers,
Randy
Oscar Developer
McMaster University
175 Longwood Road South, Suite 201A
Hamilton ON L8P 0A1
905 525 9140 x27735
*There are too many gentlemen in England by five hundred*
*--Robert Burnam 1549*
On Mon, Apr 8, 2013 at 11:29 AM, Tim Tisdall <tisdall-DXT9u3ndKiSh7up9GtFB90EOCMrvLtNR at public.gmane.org>wrote:
> Okay, my knowledge of iptables is fairly limited... I was just looking at
> the rules on one of my servers and noticed that when I did "iptables
> --list" it said under INPUT "ACCEPT all -- anywhere
> anywhere" but the actual rule was "-A INPUT -i lo -j ACCEPT" which says to
> accept all loopback traffic. So, your duplicate rules may not be
> duplicates, it's just not displaying enough information (maybe). Are you
> able to run "iptables-save"? That outputs the options you'd pass at the
> command line to recreate your current rules.
>
>
> On Mon, Apr 8, 2013 at 11:00 AM, Randy Jonasz <rjonasz-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
>
>> Hey Tim,
>>
>> The problem is that when I try to ssh to my computer from outside, the
>> connection times out. I've tried connecting to my vpn ip and the ip my isp
>> assigns me but both time out.
>>
>> Thanks!
>>
>> Randy
>>
>>
>>
>> Oscar Developer
>> McMaster University
>> 175 Longwood Road South, Suite 201A
>> Hamilton ON L8P 0A1
>> 905 525 9140 x27735
>>
>> *There are too many gentlemen in England by five hundred*
>> *--Robert Burnam 1549*
>>
>>
>> On Mon, Apr 8, 2013 at 9:15 AM, Tim Tisdall <tisdall-DXT9u3ndKiSh7up9GtFB90EOCMrvLtNR at public.gmane.org>wrote:
>>
>>> Hey Randy.. What specifically is not working? We know what you've done
>>> and what you're trying to do, but not what the problem is.
>>>
>>> At first glance, though, you should probably eliminate all those
>>> duplicate entries to at least make it easier to wade through.
>>>
>>> -Tim
>>>
>>>
>>> On Sun, Apr 7, 2013 at 11:59 AM, Randy Jonasz <rjonasz-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
>>>
>>>> Hi Everyone,
>>>>
>>>> I was wondering if anyone could help solve a problem I'm having with
>>>> port forwarding on a tomato router set up to connect to a nas via rsync and
>>>> another computer via ssh. Any help would be greatly appreciated. Here's
>>>> where I am at now:
>>>>
>>>> Tomato v1.28.0000 MIPSR2-106 K26 USB Mega-VPN
>>>> root at Rorty:/tmp/home/root# ip route show
>>>> 10.3.12.1 dev ppp0 proto kernel scope link src 173.234.144.211
>>>> 207.210.24.1 dev vlan2 scope link
>>>> 173.234.144.194 via 207.210.24.1 dev vlan2
>>>> 192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.1
>>>> 207.210.24.0/22 dev vlan2 proto kernel scope link src
>>>> 207.210.24.187
>>>> 127.0.0.0/8 dev lo scope link
>>>> default dev ppp0 scope link
>>>> default via 207.210.24.1 dev vlan2
>>>> root at Rorty:/tmp/home/root# iptables -L
>>>> Chain INPUT (policy DROP)
>>>> target prot opt source destination
>>>> ACCEPT all -- anywhere anywhere
>>>> ACCEPT all -- anywhere anywhere
>>>> ACCEPT all -- anywhere anywhere
>>>> ACCEPT all -- 0.0.0.0/24 anywhere
>>>> DROP all -- anywhere wan-ip.rjonasz.org
>>>> DROP all -- anywhere anywhere state
>>>> INVALID
>>>> ACCEPT all -- anywhere anywhere state
>>>> RELATED,ESTABLISHED
>>>> shlimit tcp -- anywhere anywhere tcp
>>>> dpt:ssh state NEW
>>>> ACCEPT all -- anywhere anywhere
>>>> ACCEPT all -- anywhere anywhere
>>>> ACCEPT udp -- anywhere anywhere udp
>>>> spt:bootps dpt:bootpc
>>>> ACCEPT tcp -- anywhere anywhere tcp
>>>> dpt:ssh
>>>>
>>>> Chain FORWARD (policy DROP)
>>>> target prot opt source destination
>>>> TCPMSS tcp -- anywhere anywhere tcp
>>>> flags:SYN,RST/SYN TCPMSS clamp to PMTU
>>>> ACCEPT all -- anywhere anywhere
>>>> ACCEPT all -- anywhere anywhere
>>>> TCPMSS tcp -- anywhere anywhere tcp
>>>> flags:SYN,RST/SYN TCPMSS clamp to PMTU
>>>> ACCEPT all -- anywhere anywhere
>>>> ACCEPT all -- anywhere anywhere
>>>> TCPMSS tcp -- anywhere anywhere tcp
>>>> flags:SYN,RST/SYN TCPMSS clamp to PMTU
>>>> ACCEPT all -- anywhere anywhere
>>>> ACCEPT all -- anywhere anywhere
>>>> TCPMSS tcp -- anywhere anywhere tcp
>>>> flags:SYN,RST/SYN TCPMSS clamp to PMTU
>>>> ACCEPT all -- 0.0.0.0/24 anywhere
>>>> ACCEPT all -- anywhere 0.0.0.0/24
>>>> all -- anywhere anywhere account:
>>>> network/netmask: 192.168.1.0/255.255.255.0 name: lan
>>>> ACCEPT all -- anywhere anywhere
>>>> DROP all -- anywhere anywhere state
>>>> INVALID
>>>> TCPMSS tcp -- anywhere anywhere tcp
>>>> flags:SYN,RST/SYN TCPMSS clamp to PMTU
>>>> ACCEPT all -- anywhere anywhere state
>>>> RELATED,ESTABLISHED
>>>> wanin all -- anywhere anywhere
>>>> wanout all -- anywhere anywhere
>>>> ACCEPT all -- anywhere anywhere
>>>>
>>>> Chain OUTPUT (policy ACCEPT)
>>>> target prot opt source destination
>>>> ACCEPT all -- anywhere anywhere
>>>> ACCEPT all -- anywhere anywhere
>>>> ACCEPT all -- anywhere anywhere
>>>> ACCEPT all -- anywhere 0.0.0.0/24
>>>>
>>>> Chain shlimit (1 references)
>>>> target prot opt source destination
>>>> all -- anywhere anywhere recent:
>>>> SET name: shlimit side: source
>>>> DROP all -- anywhere anywhere recent:
>>>> UPDATE seconds: 60 hit_count: 4 name: shlimit side: source
>>>>
>>>> Chain wanin (1 references)
>>>> target prot opt source destination
>>>> ACCEPT tcp -- anywhere 192.168.1.11 tcp
>>>> dpt:ssh
>>>> ACCEPT udp -- anywhere 192.168.1.11 udp
>>>> dpt:ssh
>>>> ACCEPT tcp -- anywhere ix2-200-TI85JF.rjonasz.orgtcp dpt:rsync
>>>> ACCEPT udp -- anywhere ix2-200-TI85JF.rjonasz.orgudp dpt:rsync
>>>>
>>>> Chain wanout (1 references)
>>>> target prot opt source destination
>>>> root at Rorty:/tmp/home/root# iptables -t nat -L
>>>> Chain PREROUTING (policy ACCEPT)
>>>> target prot opt source destination
>>>> WANPREROUTING all -- anywhere wan-ip.rjonasz.org
>>>> DROP all -- anywhere 192.168.1.0/24
>>>>
>>>> Chain POSTROUTING (policy ACCEPT)
>>>> target prot opt source destination
>>>> SNAT tcp -- 192.168.1.0/24 192.168.1.11 tcp
>>>> dpt:ssh to:207.210.24.187
>>>> SNAT udp -- 192.168.1.0/24 192.168.1.11 udp
>>>> dpt:ssh to:207.210.24.187
>>>> SNAT tcp -- 192.168.1.0/24 ix2-200-TI85JF.rjonasz.orgtcp dpt:rsync to:207.210.24.187
>>>> SNAT udp -- 192.168.1.0/24 ix2-200-TI85JF.rjonasz.orgudp dpt:rsync to:207.210.24.187
>>>> MASQUERADE all -- anywhere anywhere
>>>> MASQUERADE all -- anywhere anywhere
>>>> MASQUERADE all -- anywhere anywhere
>>>> MASQUERADE all -- anywhere anywhere
>>>>
>>>> Chain OUTPUT (policy ACCEPT)
>>>> target prot opt source destination
>>>>
>>>> Chain WANPREROUTING (1 references)
>>>> target prot opt source destination
>>>> DNAT icmp -- anywhere anywhere
>>>> to:192.168.1.1
>>>> DNAT tcp -- anywhere anywhere tcp
>>>> dpt:2222 to:192.168.1.11:22
>>>> DNAT udp -- anywhere anywhere udp
>>>> dpt:2222 to:192.168.1.11:22
>>>> DNAT tcp -- anywhere anywhere tcp
>>>> dpt:rsync to:192.168.1.8:873
>>>> DNAT udp -- anywhere anywhere udp
>>>> dpt:rsync to:192.168.1.8:873
>>>>
>>>> Thanks,
>>>>
>>>> Randy
>>>>
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20130408/266a538a/attachment.html>
More information about the Legacy
mailing list