[lug] DSL FRII/Qwest Actiontec modem
Lee Woodworth
blug-mail at duboulder.com
Sun Nov 13 16:08:51 MST 2005
Elyse M. Grasso wrote:
.....
> I thiink the modem is actually defective. Ignoring the "feature" of eating
> port 80, both the basic and low firewall levels should be passing port 22
> through to the DMZ box, and they don't.
> These are the settings for basic:
....
> # iptables -t nat -n -L
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
> DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
> to:192.168.0.2
> DNAT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:22
I think PREROUTING comes before the INPUT filters, so these rules
are the likely ones blocking ssh.
> to:192.168.0.2
> DNAT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:80
> to:192.168.0.2
> DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
> to:192.168.0.2
> DNAT all -- 0.0.0.0/0 0.0.0.0/0 to:192.168.0.2
>
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
> MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Interestingly, those first 2 DROP settings in the filters must be hardcoded
> somehow: they aren't specified in any of the files in /etc.
>
> I think I'll be ordering the zoom modem the next time I get back into town.
>
More information about the LUG
mailing list