An area specifically for port forwarding, firewalls and other (on-line) security related issues.
-
peraro
- Novice
- Posts: 13
- Joined: Sat Jun 09, 2012 11:26 am
Post
by peraro » Fri Sep 14, 2012 10:39 pm
Hello,
I need to ssh my router from wan, i found an iptables rule to do this:
Code: Select all
iptables -I INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT
and it's work fine until the the router has been rebooted, then after doing:
All rules that i have wrote are gone? and back to default. By using GUI from Advance->Access Control
Enable Access Control ticked
WAN: telnet/ssh ticked.
LAN group 1: telnet/web/ftp/ssh ticked
It doesn't work!!!
Where does RouterTech firmware save iptables rules? and how can i save it to add my own rules?
-
thechief
- RouterTech Team
- Posts: 12067
- Joined: Wed Feb 01, 2006 10:22 pm
- Location: England, the Centre of Africa
-
Contact:
Post
by thechief » Sat Sep 15, 2012 6:31 pm
Post the system diagnostics.
The Chief:
Be sure to
read the
Firmware FAQ and do a
Forum Search before posting!
No support via PM. Ask all questions on the open forum.
-
peraro
- Novice
- Posts: 13
- Joined: Sat Jun 09, 2012 11:26 am
Post
by peraro » Sat Sep 15, 2012 7:10 pm
Note: i did this command, but it doesn't work.
Code: Select all
setenv ip4.sh ";/sbin/iptables -I INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT"
Code: Select all
ROUTERTECH SYSTEM DIAGNOSTICS
Client browser information
Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.19 (KHTML, like Gecko) Ubuntu/12.04 Chromium/18.0.1025.168 Chrome/18.0.1025.168 Safari/535.19
You might have problems with Chrome. Use Firefox instead.
Router operating system version
Linux version 2.4.17_mvl21-malta-mips_fp_le (developers at RouterTech dot Org) #1 Mon May 2 00:45:04 BST 2011
Firmware version information
BUILD=RouterTech_3.6.0D_20110502_2.96
VERSION=3.6.0D-RouterTech-1P-Adam2
BOARD=AR7RD
TARGET=Adam2-4mb-flash
FSSTAMP=20110502004836
ROHS=0
PSP version information
Linux OS DSL-PSPOhioL version 4.5.0.5 Best and Final on BasePSP Version 5.7.6.12 May 2 2011 00:46:02
Avalanche SOC Version: 0x20005 operating in cached, write back, write allocate mode
Cpu Frequency:150 MHZ
System Bus frequency: 125 MHZ
Driver version information
Core Logic version: 3.6.0D
Texas Instruments CPMAC driver version: 1.5
Texas Instruments CPMAC HAL version: CPMAC 01.07.08 May 2 2011 00:45:14
ATM Driver version:[7.05.01.00]
DSL HAL version: [7.05.01.00]
DSP Datapump version: [7.05.01.00] Annex A
SAR HAL version: [01.07.2c]
PDSP Firmware version:[0.54]
Chipset ID: [7300/7300A]
Modem Modulation Information
NO_MODE 0x0
ADSL_G.dmt 0x3
ADSL_G.lite 0x4
ADSL_G.dmt.bis 0x8
ADSL_G.dmt.bis_DELT 0x9
ADSL_2plus 0x10
ADSL_2plus_DELT 0x11
ADSL_re-adsl 0x20
ADSL_re-adsl_DELT 0x21
ADSL_ANSI_T1.413 0x2
MULTI_MODE 0x1
ADSL_G.dmt.bis_AnxI 0x0
ADSL_G.dmt.bis_AnxJ 0x0
ADSL_G.dmt.bis_AnxM 0x400
ADSL_2plus_AnxI 0x0
ADSL_2plus_AnxJ 0x0
ADSL_2plus_AnxM 0x2000
G.shdsl 0x0
IDSL 0x0
HDSL 0x0
SDSL 0x0
VDSL 0x0
System environment (/proc/sys/dev/adam2/environment)
memsize 0x01000000
flashsize 0x00400000
modetty0 38400,n,8,1,hw
modetty1 38400,n,8,1,hw
bootserport tty0
cpufrequency 150000000
sysfrequency 125000000
bootloaderVersion 0.22.02
ProductID AR7DB
HWRevision Unknown
SerialNumber none
my_ipaddress 192.168.1.199
maca 00:0F:3D:85:E1:84
prompt Adam2_AR7DB
firstfreeaddress 0x9401d328
req_fullrate_freq 125000000
mtd0 0x9008d000,0x903f0000
mtd1 0x90010090,0x9008d000
mtd2 0x90000000,0x90010000
mtd3 0x903f0000,0x90400000
autoload 1
usb_vid 0x0
usb_pid 0x0
usb_man N/A
usb_prod N/A
autoload_timeout 5
mtd4 0x90010000,0x903f0000
StaticBuffer 120
vcc_encaps0 0.0
vcc_encaps1 0.0
vcc_encaps2 0.0
vcc_encaps3 0.0
vcc_encaps4 0.0
vcc_encaps5 0.0
vcc_encaps6 0.0
vcc_encaps7 0.0
modulation 0x1
connection1 0xa695
led_conf led.500t
darkstat_enable 1
darkstat_parms -i ppp0 --hosts-max 256 --ports-max 80
CPU information
processor : 0
cpu model : MIPS 4KEc V4.8
BogoMIPS : 149.91
wait instruction : no
microsecond timers : yes
extra interrupt vector : yes
hardware watchpoint : yes
VCED exceptions : not available
VCEI exceptions : not available
Memory (RAM) information
total: used: free: shared: buffers: cached:
Mem: 14553088 13979648 573440 0 151552 5103616
Swap: 0 0 0
MemTotal: 14212 kB
MemFree: 560 kB
MemShared: 0 kB
Buffers: 148 kB
Cached: 4984 kB
SwapCached: 0 kB
Active: 6108 kB
Inactive: 1964 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 14212 kB
LowFree: 560 kB
SwapTotal: 0 kB
SwapFree: 0 kB
Flash memory (chip) information
Flash_type=AMD; Manufacturer=ATMEL.
Manufacturer_ID=0x001F; Chip_ID=0x00C8; Chip_Size=0x400000; Erase_Regions=0x0002
Mount points
/dev/mtdblock/0 / squashfs ro 0 0
none /dev devfs rw 0 0
proc /proc proc rw 0 0
ramfs /var ramfs rw 0 0
Filesystems
nodev rootfs
nodev bdev
nodev proc
nodev sockfs
nodev tmpfs
nodev shm
nodev pipefs
nodev ramfs
minix
nodev devfs
squashfs
MTD
dev: size erasesize name
mtd0: 00363000 00010000 "mtd0"
mtd1: 0007cf70 00010000 "mtd1"
mtd2: 00010000 00002000 "mtd2"
mtd3: 00010000 00010000 "mtd3"
mtd4: 003e0000 00010000 "mtd4"
Kernel modules
tiatm 138672 1
Interrupts
7: 7242423 R4000 timer/counter [MIPS interrupt]
8: 0 unified secondary [hw0 (Avalanche Primary)]
15: 400 serial [hw0 (Avalanche Primary)]
23: 70622 + SAR [hw0 (Avalanche Primary)]
27: 323444 + Cpmac Driver [hw0 (Avalanche Primary)]
47: 78 + DSL [hw0 (Avalanche Primary)]
Devices
Character devices:
1 mem
2 pty/m%d
3 pty/s%d
4 tts/%d
5 cua/%d
10 misc
108 ppp
128 ptm
136 pts/%d
162 raw
Block devices:
7 loop
31 mtdblock
Serial port information
serinfo:1.0 driver:5.05c revision:2001-07-08
0: uart:16550A port:A8610E00 irq:15 baud:2258 tx:6012 rx:0 RTS|DTR
1: uart:16550A port:A8610F00 irq:16 tx:0 rx:0 RTS|DTR
Processes
PID USER VSZ STAT COMMAND
1 root 1056 S init
2 root 0 SW [keventd]
3 root 0 SWN [ksoftirqd_CPU0]
4 root 0 SW [kswapd]
5 root 0 SW [bdflush]
6 root 0 SW [kupdated]
7 root 0 SW [mtdblockd]
478 root 2300 S /usr/sbin/mini_httpd -d /usr/www -u root -p 80 -c /c
479 root 2568 S /usr/bin/cm_pc
481 root 4180 S /usr/bin/cm_logic -m /dev/ticfg -c /etc/config.xml
500 root 744 S /sbin/dproxy -c /etc/resolv.conf -d
572 root 1056 S init
863 root 2396 S /usr/sbin/pppd plugin pppoe nas0 user [blanked]
904 root 920 S /sbin/msntp -r 2 -t 5 -p 30 -s wwv.nist.gov ntp2b.mc
910 root 696 S /usr/sbin/upnpd ppp0 br0
912 root 684 S /usr/sbin/udhcpd /var/tmp/udhcpd.conf
1109 root 4216 S /usr/local/bin/darkstat -i ppp0 --hosts-max 256 --po
1110 root 1720 S /usr/local/bin/darkstat -i ppp0 --hosts-max 256 --po
6907 root 1068 S N /bin/sh diagnostics.cgi
6908 root 2344 S /usr/sbin/mini_httpd -d /usr/www -u root -p 80 -c /c
6913 root 1188 S N /usr/local/bin/diagnostics
6914 root 1060 S N sh -c /usr/local/bin/diagnostics.sh
6915 root 1124 S N /bin/bash /usr/local/bin/diagnostics.sh
6953 root 1056 R N /bin/ps
ADSL Modem information
AR7 DSL Modem Statistics:
--------------------------------
[DSL Modem Stats]
US Connection Rate: 128 DS Connection Rate: 512
DS Line Attenuation: 16 DS Margin: 31
US Line Attenuation: 12 US Margin: 31
US Payload : 5350944 DS Payload: 23777808
US Superframe Cnt : 4257195 DS Superframe Cnt: 4257195
US Transmit Power : 2 DS Transmit Power: -3
LOS errors: 0 SEF errors: 0
Errored Seconds: 0 Severely Err Secs: 0
Frame mode: 3 Max Frame mode: 0
Trained Path: 1 US Peak Cell Rate: 301
Trained Mode: 3 Selected Mode: 1
ATUC Vendor Code: 4946544E ATUC Revision: 1
Hybrid Selected: 1 Trellis: 1
Showtime Count: 1 DS Max Attainable Bit Rate: 10496 kbps
BitSwap: 1 US Max Attainable Bit Rate: n/a
Annex: AnxA psd_mask_qualifier: 0x0000
ATUC ghsVid: b5 00 49 46 54 4e 82 77
T1413Vid: 00 00 T1413Rev: 00 VendorRev: 00
ATUR ghsVid: b5 00 54 53 54 43 00 00
T1413Vid: 00 00 T1413Rev: 00 VendorRev: 00
[Upstream (TX) Interleave path]
CRC: 0 FEC: 0 NCD: 0
LCD: 0 HEC: 0
[Downstream (RX) Interleave path]
CRC: 0 FEC: 0 NCD: 0
LCD: 0 HEC: 0
[Upstream (TX) Fast path]
CRC: 0 FEC: 0 NCD: 1
LCD: 0 HEC: 0
[Downstream (RX) Fast path]
CRC: 0 FEC: 0 NCD: 0
LCD: 0 HEC: 0
[ATM Stats]
[Upstream/TX]
Good Cell Cnt: 111478
Idle Cell Cnt: 21736768
[Downstream/RX)]
Good Cell Cnt: 495371
Idle Cell Cnt: 86897584
Bad Hec Cell Cnt: 0
Overflow Dropped Cell Cnt: 0
[SAR AAL5 Stats]
Tx PDU's: 34743
Rx PDU's: 35874
Tx Total Bytes: 4386445
Rx Total Bytes: 23092539
Tx Total Error Counts: 0
Rx Total Error Counts: 0
[OAM Stats]
Near End F5 Loop Back Count: 0
Near End F4 Loop Back Count: 0
Far End F5 Loop Back Count: 0
Far End F4 Loop Back Count: 0
SAR OAM Ping Response Drop Count=15
Modem DSL link information
SHOWTIME
1
failTrains=2
Trained modulation:
ADSL_G.dmt
Path mode:
Interleaved
Network statistics
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:2048 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:www 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:domain 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ftp 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:telnet 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:667 0.0.0.0:* LISTEN
tcp 0 0 mygateway1.AR7RD:www 192.168.1.2:35609 TIME_WAIT
tcp 0 0 mygateway1.AR7RD:www 192.168.1.2:35611 TIME_WAIT
tcp 0 0 mygateway1.AR7RD:www 192.168.1.2:35613 TIME_WAIT
tcp 0 0 mygateway1.AR7RD:www 192.168.1.2:35607 TIME_WAIT
tcp 1553 0 mygateway1.AR7RD:ssh 192.168.1.2:48946 CLOSE_WAIT
tcp 0 0 mygateway1.AR7RD:www 192.168.1.2:35608 TIME_WAIT
tcp 0 0 mygateway1.AR7RD:www 192.168.1.2:35610 TIME_WAIT
tcp 0 0 mygateway1.AR7RD:www 192.168.1.2:35612 TIME_WAIT
tcp 0 0 mygateway1.AR7RD:www 192.168.1.2:35614 ESTABLISHED
tcp 0 0 mygateway1.AR7RD:www 192.168.1.2:35606 TIME_WAIT
udp 0 0 mygateway1.AR7RD:2049 0.0.0.0:*
udp 0 0 0.0.0.0:domain 0.0.0.0:*
udp 0 0 0.0.0.0:bootps 0.0.0.0:*
udp 0 0 0.0.0.0:tftp 0.0.0.0:*
udp 0 0 0.0.0.0:1900 0.0.0.0:*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 1317 /var/run/miniupnpd.ctl
unix 2 [ ] DGRAM 559 /var/tmp/cm_miniHttpd.ctl
unix 2 [ ] DGRAM 569 /var/tmp/cm_pc.ctl
unix 2 [ ] DGRAM 583 /var/tmp/cm_logic.ctl
unix 5 [ ] DGRAM 596 /dev/log
unix 2 [ ] DGRAM 598 /dev/klog
unix 3 [ ] STREAM CONNECTED 1655
unix 3 [ ] STREAM CONNECTED 1654
unix 2 [ ] DGRAM 1232
unix 2 [ ] DGRAM 1178
unix 2 [ ] DGRAM 985
unix 2 [ ] STREAM 555
unix 2 [ ] DGRAM 554
unix 2 [ ] DGRAM 25
Iptables chains
Chain PREROUTING (policy ACCEPT 4181 packets, 298K bytes)
pkts bytes target prot opt in out source destination
4 228 DNAT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 to:192.168.1.2:22
0 0 DNAT udp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 udp dpts:6881:6889 to:192.168.1.2:6881-6889
0 0 DNAT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:6881:6889 to:192.168.1.2:6881-6889
667 51333 UPNP all -- ppp0 * 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 2432 packets, 723K bytes)
pkts bytes target prot opt in out source destination
2281 150K MASQUERADE all -- * ppp0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 2567 packets, 732K bytes)
pkts bytes target prot opt in out source destination
Chain UPNP (1 references)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 128K packets, 5646K bytes)
pkts bytes target prot opt in out source destination
2354 99977 CFG tcp -- any any 192.168.1.2 anywhere tcp dpt:www Records Packet's Source Interface
238 22278 ACCEPT all -- ppp0 any anywhere anywhere state RELATED,ESTABLISHED
9 756 ACCEPT icmp -- ppp0 any anywhere anywhere icmp echo-request state NEW
5 368 ACCEPT all -- ppp0 any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- any any anywhere anywhere icmp fragmentation-needed
1 60 ACCEPT tcp -- ppp0 any anywhere anywhere tcp dpt:ssh
0 0 DROP icmp -f any any anywhere anywhere
342 32171 DROP all -- ppp0 any anywhere anywhere
0 0 DROP all -- ppp0 any anywhere anywhere
Chain FORWARD (policy ACCEPT 25118 packets, 3096K bytes)
pkts bytes target prot opt in out source destination
34612 17M ipaccount all -- any any anywhere anywhere
17482 14M ACCEPT all -- ppp0 any anywhere anywhere state RELATED,ESTABLISHED
4 228 ACCEPT tcp -- ppp0 any anywhere 192.168.1.2 tcp dpt:ssh
0 0 ACCEPT udp -- ppp0 any anywhere 192.168.1.2 udp dpts:6881:6889
0 0 ACCEPT tcp -- ppp0 any anywhere 192.168.1.2 tcp dpts:6881:6889
1331 79848 TCPMSS tcp -- any ppp0 anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
0 0 ACCEPT icmp -- any any anywhere anywhere icmp fragmentation-needed
2 173 UPNP all -- ppp0 !ppp0 anywhere anywhere
2 173 DROP all -- ppp0 any anywhere anywhere
Chain OUTPUT (policy ACCEPT 148K packets, 24M bytes)
pkts bytes target prot opt in out source destination
36 20736 ACCEPT icmp -- any any anywhere anywhere icmp fragmentation-needed
0 0 DROP icmp -- any ppp0 anywhere anywhere icmp destination-unreachable
0 0 DROP icmp -- any ppp0 anywhere anywhere state INVALID
Chain UPNP (1 references)
pkts bytes target prot opt in out source destination
Chain ipaccount (1 references)
pkts bytes target prot opt in out source destination
50767 25M all -- any any anywhere anywhere account: network/netmask: 192.168.1.0/255.255.255.0 name: mynetwork short-listing
Network interface details
br0 Link encap:Ethernet HWaddr 00:0F:3D:85:E1:84
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:153556 errors:0 dropped:0 overruns:0 frame:0
TX packets:172584 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:9577879 (9.1 MiB) TX bytes:47606229 (45.4 MiB)
br1 Link encap:Ethernet HWaddr 00:00:00:00:00:00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
br2 Link encap:Ethernet HWaddr 00:00:00:00:00:00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth0 Link encap:Ethernet HWaddr 00:0F:3D:85:E1:84
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:153559 errors:0 dropped:0 overruns:0 frame:0
TX packets:172584 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:11727969 (11.1 MiB) TX bytes:47606229 (45.4 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:18 errors:0 dropped:0 overruns:0 frame:0
TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1656 (1.6 KiB) TX bytes:1656 (1.6 KiB)
nas0 Link encap:Ethernet HWaddr 00:00:02:03:04:05
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:35993 errors:0 dropped:0 overruns:0 frame:0
TX packets:34867 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:22245581 (21.2 MiB) TX bytes:4399301 (4.1 MiB)
ppp0 Link encap:Point-to-Point Protocol
inet addr: P-t-P:163.121.171.38 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:27556 errors:0 dropped:0 overruns:0 frame:0
TX packets:26430 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:21636930 (20.6 MiB) TX bytes:3187092 (3.0 MiB)
System Log
May 2 00:48:14 | Valid Configuration Tree
May 2 00:48:14 | NTP Polling Timer for DHCP Started succesfully.
May 2 00:48:14 | DSL Polling Timer Started succesfully.
May 2 00:48:14 | PSP Boot environment Modem Modulation Change: 0x1
May 2 00:48:14 | Firewall NAT service started
May 2 00:48:14 | Bridge Created: br0
May 2 00:48:16 | Bridge VLAN0 add eth0
May 2 00:48:16 | Bridge VLAN AUTO OFF.
May 2 00:48:16 | Bridge Created: br1
May 2 00:48:18 | Bridge Created: br2
May 2 00:48:19 | Bridge Interface Added: eth0
May 2 00:48:21 | USB is disabled
May 2 00:48:24 | DSL Carrier is down
May 2 00:48:30 | password auth succeeded for 'root' from 192.168.1.2:48946
May 2 00:48:44 | DSL Carrier is up
May 2 00:48:44 | sar read trained mode (1)(ADSL_G.dmt)
May 2 00:48:45 | ---}}} Start of connection delayed for 6 sec
May 2 00:48:51 | PPPoE Launch after conn delay timeout ...
May 2 00:48:52 | pppd 2.4.4 started by root, uid 0
May 2 00:48:52 | Got connection: a695
May 2 00:48:52 | New PPP_ID: 0xa695
May 2 00:48:52 | Saved Session ID: 0
May 2 00:48:52 | AC MAC address: 00-27-0c-56-94-1a
May 2 00:48:52 | Connect: ppp0 {--} nas0
May 2 00:48:53 | PAP authentication succeeded
May 2 00:48:53 | local IP address
May 2 00:48:53 | remote IP address [blanked]
May 2 00:48:53 | PPPoE Connect with IP Address
May 2 00:48:53 | PPPoE Connection Successfully Established
May 2 00:48:53 | Renew PPPoE Session ID: 0xa695
May 2 00:48:53 | PPPoE Connect with Gateway IP Address: [blanked]
May 2 03:48:55 | DDNS noip: Update error : : Bad hostname.
May 2 03:48:56 | miniupnpcmd.sh: upnpd initialized
May 2 03:48:56 | HTTP listening on port 5000
Sep 15 00:48:47 | onconnectWAN: Starting darkstat ("-i ppp0 --hosts-max 256 --ports-max 80").
Sep 15 00:48:56 | onconnectWAN: cron has been disabled in the bootloader environment.
Sep 15 00:51:04 | password auth succeeded for 'root' from 192.168.1.2:49007
Sep 15 00:55:15 | DDNS: Set Force Update for service noip
Sep 15 00:55:16 | DDNS noip: Update Successful ip from ppp0
Sep 15 00:55:18 | DDNS: Set Force Update for service noip
Sep 15 00:55:18 | DDNS noip: No Change ip from ppp0
Sep 15 00:55:20 | DDNS: Set Force Update for service noip
Sep 15 00:55:21 | DDNS noip: No Change ip from ppp0
Sep 15 00:57:06 | password auth succeeded for 'root' from 192.168.1.2:49222
Sep 15 01:04:02 | password auth succeeded for 'root' from 192.168.1.2:49289
Sep 15 02:03:09 | Firewall rule SSH (ALLOW) for IP 192.168.1.2 added
Sep 15 13:52:53 | modulation(0x1)
Sep 15 14:48:26 | password auth succeeded for 'root' from 192.168.1.2:45959
Sep 15 15:04:53 | Got group error |ACL locked, processing request|
Sep 15 15:08:07 | password auth succeeded for 'root' from 192.168.1.2:46173
Sep 15 15:23:21 | password auth succeeded for 'root' from 192.168.1.2:46295
Miscellaneous information
RouterTech firmware release: 2.96
Connecting from: 192.168.1.1 [192.168.1.2]
Router's internal name: mygateway1.AR7RD
Linux version 2.4.17_mvl21-malta-mips_fp_le (developers at RouterTech dot Org) #1 Mon May 2 00:45:04 BST 2011
BUILD=RouterTech_3.6.0D_20110502_2.96
VERSION=3.6.0D-RouterTech-1P-Adam2
BOARD=AR7RD
TARGET=Adam2-4mb-flash
FSSTAMP=20110502004836
ROHS=0
Core logic version: 3.6.0D
Boot Loader: Adam2 v0.22.02
ATM Driver version:[7.05.01.00]
DSL HAL version: [7.05.01.00]
DSP Datapump version: [7.05.01.00] Annex A
SAR HAL version: [01.07.2c]
PDSP Firmware version:[0.54]
Chipset ID: [7300/7300A]
Ethernet ports: 1
Upstream rate (kbps): 128
Downstream rate (kbps): 512
Trained Modulation: ADSL_G.dmt
Path Mode: Interleaved
System uptime: 20hr 7min - 0 day(s), 20 hour(s), 7 minute(s), and 35 second(s) (system 99% idle)
Bandwidth usage:
Downloads : 22.0391 MB
Uploads : 4.1946 MB
Line attenuation:
DS Line Attenuation: 16 DS Margin: 31
US Line Attenuation: 12 US Margin: 31
Memory usage:
In active use : 77% of 14212 kb
Available : 23% (3380 kb) of 14212 kb (of which 2588 kb is marked as "Inactive" and 792 kb is free)
Environment fragmentation:
Fragmentation level is "12" (out of 53 records). The threshold is "30".
Connection information:
WAN Uptime: 20hr 6min 37sec
WAN IP Address:
Connection Check #1 : 1 connection(s)
Connection Check #2 : 1 connection(s)
connection1
Edit: sensitive data blanked out by thechief
-
thechief
- RouterTech Team
- Posts: 12067
- Joined: Wed Feb 01, 2006 10:22 pm
- Location: England, the Centre of Africa
-
Contact:
Post
by thechief » Sat Sep 15, 2012 8:06 pm
1. Defragment your environment
2. I do not know what you mean by "it doesn't work" with respect to the command that you ran.
The Chief:
Be sure to
read the
Firmware FAQ and do a
Forum Search before posting!
No support via PM. Ask all questions on the open forum.
-
peraro
- Novice
- Posts: 13
- Joined: Sat Jun 09, 2012 11:26 am
Post
by peraro » Sun Sep 16, 2012 6:03 am
Hello,
Thank you so much for helping me, but i need to understand what do you mean by "Defragment your environment"!
The second thing i mean by saying "it doesn't work" that i do this command and it appear in the environment file:
Code: Select all
setenv ip4.sh ";/sbin/iptables -I INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT"
Code: Select all
System environment (/proc/sys/dev/adam2/environment)
memsize 0x01000000
flashsize 0x00400000
modetty0 38400,n,8,1,hw
modetty1 38400,n,8,1,hw
bootserport tty0
cpufrequency 150000000
sysfrequency 125000000
bootloaderVersion 0.22.02
ProductID AR7DB
HWRevision Unknown
SerialNumber none
my_ipaddress 192.168.1.199
maca 00:0F:3D:85:E1:84
prompt Adam2_AR7DB
firstfreeaddress 0x9401d328
req_fullrate_freq 125000000
mtd0 0x9008d000,0x903f0000
mtd1 0x90010090,0x9008d000
mtd2 0x90000000,0x90010000
mtd3 0x903f0000,0x90400000
autoload 1
usb_vid 0x0
usb_pid 0x0
usb_man N/A
usb_prod N/A
autoload_timeout 5
mtd4 0x90010000,0x903f0000
StaticBuffer 120
vcc_encaps0 0.0
vcc_encaps1 0.0
vcc_encaps2 0.0
vcc_encaps3 0.0
vcc_encaps4 0.0
vcc_encaps5 0.0
vcc_encaps6 0.0
vcc_encaps7 0.0
modulation 0x1
connection1 0x8562
led_conf led.500t
darkstat_enable 1
darkstat_parms -i ppp0 --hosts-max 256 --ports-max 80
;/sbin/iptables -I INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT
but after restarting my router, all rules that i have wrote are gone? and back to default. So i can't ssh because the next rule is not working (not found):
Code: Select all
iptables -I INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT
Code: Select all
0 0 ACCEPT tcp -- ppp0 any anywhere anywhere tcp dpt:ssh
My question is: How can i save iptables rules to be in my router configuration even after restart?
Thank you so much.
-
thechief
- RouterTech Team
- Posts: 12067
- Joined: Wed Feb 01, 2006 10:22 pm
- Location: England, the Centre of Africa
-
Contact:
Post
by thechief » Sun Sep 16, 2012 1:55 pm
The Chief:
Be sure to
read the
Firmware FAQ and do a
Forum Search before posting!
No support via PM. Ask all questions on the open forum.
-
peraro
- Novice
- Posts: 13
- Joined: Sat Jun 09, 2012 11:26 am
Post
by peraro » Sun Sep 16, 2012 2:32 pm
Thank you so much, that was very helpful. I am gonna try then tell you the result.
Thank you again
-
peraro
- Novice
- Posts: 13
- Joined: Sat Jun 09, 2012 11:26 am
Post
by peraro » Wed Sep 19, 2012 11:05 pm
Hi all,
I added a wrong 2 lines to (/proc/sys/dev/adam2/environment), how can i delete theme? Please help i am afraid it's can't be deleted and my router was damaged!
ip4.sh;/sbin/iptables -I INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT
ip4.sh/sbin/iptables -I INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT
How can i do this,
Code: Select all
System environment (/proc/sys/dev/adam2/environment)
memsize 0x01000000
flashsize 0x00400000
modetty0 38400,n,8,1,hw
modetty1 38400,n,8,1,hw
bootserport tty0
cpufrequency 150000000
sysfrequency 125000000
bootloaderVersion 0.22.02
ProductID AR7DB
HWRevision Unknown
SerialNumber none
my_ipaddress 192.168.1.199
maca 00:0F:3D:85:E1:84
prompt Adam2_AR7DB
firstfreeaddress 0x9401d328
req_fullrate_freq 125000000
mtd0 0x9008d000,0x903f0000
mtd1 0x90010090,0x9008d000
mtd2 0x90000000,0x90010000
mtd3 0x903f0000,0x90400000
autoload 1
usb_vid 0x0
usb_pid 0x0
usb_man N/A
usb_prod N/A
autoload_timeout 5
mtd4 0x90010000,0x903f0000
StaticBuffer 120
vcc_encaps0 0.0
vcc_encaps1 0.0
vcc_encaps2 0.0
vcc_encaps3 0.0
vcc_encaps4 0.0
vcc_encaps5 0.0
vcc_encaps6 0.0
vcc_encaps7 0.0
modulation 0x1
connection1 0x2c7d
led_conf led.500t
darkstat_enable 1
darkstat_parms -i ppp0 --hosts-max 256 --ports-max 80
ip4.sh;/sbin/iptables -I INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT
ip4.sh/sbin/iptables -I INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT
-
mstombs
- RouterTech Team
- Posts: 3753
- Joined: Wed Jan 10, 2007 11:54 pm
Post
by mstombs » Wed Sep 19, 2012 11:36 pm
Have you tried
Code: Select all
unsetenv 'ip4.sh;/sbin/iptables'
unsetenv 'ip4.sh/sbin/iptables'
from ssh/telnet command line?
-
peraro
- Novice
- Posts: 13
- Joined: Sat Jun 09, 2012 11:26 am
Post
by peraro » Fri Sep 21, 2012 6:52 pm
Thank you so much mstombs, its work like a charm. I need your help in something else, i tried to make ssh from wan by using GUI like this:
Press Apply.
Then this popup window came like this so i press OK.
- snapshot2.png (3.98 KiB) Viewed 19693 times
After that i save my settings like this:
Press Save All.
But it's still not working, i can't access my router from WAN. No iptables rule in my iptables chains to allow this, where is the problem and how can i do tis even from CLI?
Code: Select all
Iptables chains
Chain PREROUTING (policy ACCEPT 400 packets, 34003 bytes)
pkts bytes target prot opt in out source destination
48 2880 UPNP all -- ppp0 * 0.0.0.0/0 41.232.59.26
Chain POSTROUTING (policy ACCEPT 435 packets, 130K bytes)
pkts bytes target prot opt in out source destination
204 14008 MASQUERADE all -- * ppp0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 465 packets, 132K bytes)
pkts bytes target prot opt in out source destination
Chain UPNP (1 references)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 10211 packets, 451K bytes)
pkts bytes target prot opt in out source destination
81 10470 ACCEPT all -- ppp0 any anywhere anywhere state RELATED,ESTABLISHED
7980 337K CFG tcp -- any any 192.168.1.2 anywhere tcp dpt:www Records Packet's Source Interface
0 0 ACCEPT icmp -- ppp0 any anywhere anywhere icmp echo-request state NEW
0 0 ACCEPT icmp -- any any anywhere anywhere icmp fragmentation-needed
0 0 DROP icmp -f any any anywhere anywhere
0 0 DROP all -- ppp0 any anywhere anywhere
Chain FORWARD (policy ACCEPT 36910 packets, 2283K bytes)
pkts bytes target prot opt in out source destination
92076 77M ipaccount all -- any any anywhere anywhere
55166 74M ACCEPT all -- ppp0 any anywhere anywhere state RELATED,ESTABLISHED
61 3660 TCPMSS tcp -- any ppp0 anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
0 0 ACCEPT icmp -- any any anywhere anywhere icmp fragmentation-needed
0 0 UPNP all -- ppp0 !ppp0 anywhere anywhere
0 0 DROP all -- ppp0 any anywhere anywhere
Chain OUTPUT (policy ACCEPT 13720 packets, 2435K bytes)
pkts bytes target prot opt in out source destination
1 576 ACCEPT icmp -- any any anywhere anywhere icmp fragmentation-needed
0 0 DROP icmp -- any ppp0 anywhere anywhere icmp destination-unreachable
0 0 DROP icmp -- any ppp0 anywhere anywhere state INVALID
Chain UPNP (1 references)
pkts bytes target prot opt in out source destination
Chain ipaccount (1 references)
pkts bytes target prot opt in out source destination
92076 77M all -- any any anywhere anywhere
-
thechief
- RouterTech Team
- Posts: 12067
- Joined: Wed Feb 01, 2006 10:22 pm
- Location: England, the Centre of Africa
-
Contact:
Post
by thechief » Sat Sep 22, 2012 1:30 pm
If no IP addresses are specified within the IP Access List, the access control list acts as if it is disabled (until the first IP address is added). So, follow this process;
1. Check Enable Access Control to enable the access control feature. This enables the IP Access List field.
2. Enter the WAN IP address from which you will be connecting (e.g., 80.180.101.152) in the "New IP" field. Check the appropriate services for WAN (e.g., Web and TFTP), and check "Add".
3. Click "Apply" to activate temporarily the settings on the page. This WAN address is added to the IP Access List. This allows you to access your router at home from a WAN IP (80.180.101.152) via Web and TFTP. Note—the changes take effect when you click "Apply"; however, if the router configuration is not saved, these changes will be lost upon reboot.
4. To make the change permanent, save the changes.
The Chief:
Be sure to
read the
Firmware FAQ and do a
Forum Search before posting!
No support via PM. Ask all questions on the open forum.
-
mstombs
- RouterTech Team
- Posts: 3753
- Joined: Wed Jan 10, 2007 11:54 pm
Post
by mstombs » Sat Sep 22, 2012 3:16 pm
Does it allow 0.0.0.0 as the WAN IP which would allow any? Not very secure and I have only used a single known static IP. Not the way the 'core-logic' handles remote wan access is subtly different when non-wireless, wireless and 1350 firmwares.
-
thechief
- RouterTech Team
- Posts: 12067
- Joined: Wed Feb 01, 2006 10:22 pm
- Location: England, the Centre of Africa
-
Contact:
Post
by thechief » Sat Sep 22, 2012 5:14 pm
mstombs wrote:Does it allow 0.0.0.0 as the WAN IP which would allow any?
I am not sure - but I agree that it is not secure. Personally, I prefer to use OpenVPN for WAN access.
The Chief:
Be sure to
read the
Firmware FAQ and do a
Forum Search before posting!
No support via PM. Ask all questions on the open forum.
-
peraro
- Novice
- Posts: 13
- Joined: Sat Jun 09, 2012 11:26 am
Post
by peraro » Sat Sep 22, 2012 7:06 pm
Does it allow 0.0.0.0 as the WAN IP which would allow any?
That was exactly what i need to do! I need to enable SSH to my router from ANY IP address, O.K Can we do this by using the CLI to write a command and save changes on the router configuration to be work even after reboot?