Hi,
im Prinzip könnte der andere openwrt router, der der die PPP Verbindung aufmacht und das WLAN bereitstellt da was vermurksen:
Code:
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
21 2903 DROP all -- any any anywhere anywhere state INVALID
246K 16M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
22 1452 ACCEPT all -- lo any anywhere anywhere
5969 335K syn_flood tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
3451 201K ACCEPT tcp -- any any anywhere anywhere tcp dpt:22
115K 13M input_rule all -- any any anywhere anywhere
115K 13M input all -- any any anywhere anywhere
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any any anywhere anywhere state INVALID
14M 13G ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
47575 3317K forwarding_rule all -- any any anywhere anywhere
47575 3317K forward all -- any any anywhere anywhere
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any any anywhere anywhere state INVALID
497K 495M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
22 1452 ACCEPT all -- any lo anywhere anywhere
8450 1182K output_rule all -- any any anywhere anywhere
8449 1182K output all -- any any anywhere anywhere
Chain forward (1 references)
pkts bytes target prot opt in out source destination
47566 3317K zone_lan_forward all -- br-lan any anywhere anywhere
9 540 zone_wan_forward all -- ppp0 any anywhere anywhere
Chain forwarding_lan (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_rule (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_wan (1 references)
pkts bytes target prot opt in out source destination
Chain input (1 references)
pkts bytes target prot opt in out source destination
113K 13M zone_lan all -- br-lan any anywhere anywhere
2311 139K zone_wan all -- ppp0 any anywhere anywhere
Chain input_lan (1 references)
pkts bytes target prot opt in out source destination
Chain input_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_wan (1 references)
pkts bytes target prot opt in out source destination
Chain output (1 references)
pkts bytes target prot opt in out source destination
8449 1182K zone_lan_ACCEPT all -- any any anywhere anywhere
5900 411K zone_wan_ACCEPT all -- any any anywhere anywhere
Chain output_rule (1 references)
pkts bytes target prot opt in out source destination
Chain reject (4 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- any any anywhere anywhere reject-with tcp-reset
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-port-unreachable
Chain syn_flood (1 references)
pkts bytes target prot opt in out source destination
5345 298K RETURN tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
624 37440 DROP all -- any any anywhere anywhere
Chain zone_lan (1 references)
pkts bytes target prot opt in out source destination
113K 13M input_lan all -- any any anywhere anywhere
113K 13M zone_lan_ACCEPT all -- any any anywhere anywhere
Chain zone_lan_ACCEPT (3 references)
pkts bytes target prot opt in out source destination
113K 13M ACCEPT all -- br-lan any anywhere anywhere
2549 771K ACCEPT all -- any br-lan anywhere anywhere
Chain zone_lan_DROP (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- br-lan any anywhere anywhere
0 0 DROP all -- any br-lan anywhere anywhere
Chain zone_lan_MSSFIX (0 references)
pkts bytes target prot opt in out source destination
0 0 TCPMSS tcp -- any br-lan anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
Chain zone_lan_REJECT (0 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- br-lan any anywhere anywhere
0 0 reject all -- any br-lan anywhere anywhere
Chain zone_lan_forward (1 references)
pkts bytes target prot opt in out source destination
47566 3317K zone_wan_ACCEPT all -- any any anywhere anywhere
0 0 forwarding_lan all -- any any anywhere anywhere
0 0 zone_lan_ACCEPT all -- any any anywhere anywhere
Chain zone_wan (1 references)
pkts bytes target prot opt in out source destination
2311 139K input_wan all -- any any anywhere anywhere
2311 139K zone_wan_DROP all -- any any anywhere anywhere
Chain zone_wan_ACCEPT (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- ppp0 any anywhere anywhere
53466 3727K ACCEPT all -- any ppp0 anywhere anywhere
Chain zone_wan_DROP (2 references)
pkts bytes target prot opt in out source destination
2311 139K DROP all -- ppp0 any anywhere anywhere
0 0 DROP all -- any ppp0 anywhere anywhere
Chain zone_wan_MSSFIX (0 references)
pkts bytes target prot opt in out source destination
0 0 TCPMSS tcp -- any ppp0 anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
Chain zone_wan_REJECT (0 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- ppp0 any anywhere anywhere
0 0 reject all -- any ppp0 anywhere anywhere
Chain zone_wan_forward (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- any any anywhere 10.0.0.240 udp dpts:27000:27050
0 0 ACCEPT tcp -- any any anywhere 10.0.0.240 tcp dpts:27000:27050
0 0 ACCEPT udp -- any any anywhere 10.0.0.240 udp dpt:1200
0 0 ACCEPT tcp -- any any anywhere vcenter.mathias-ewald.invalid. tcp dpt:3389
0 0 ACCEPT tcp -- any any anywhere storage.mathias-ewald.invalid. tcp dpt:22
5 300 ACCEPT tcp -- any any anywhere www.mathias-ewald.invalid. tcp dpt:8080
4 240 ACCEPT tcp -- any any anywhere www.mathias-ewald.invalid. tcp dpt:80
0 0 forwarding_wan all -- any any anywhere anywhere
0 0 zone_wan_DROP all -- any any anywhere anywhere Und die Bridge kann ja eigentlich auf was filtern wenn sie lustig ist:
Code:
Chain INPUT (policy ACCEPT 4 packets, 330 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any any anywhere anywhere state INVALID
2755 194K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
1 69 ACCEPT all -- lo any anywhere anywhere
21 1260 syn_flood tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
27967 2405K input_rule all -- any any anywhere anywhere
27967 2405K input all -- any any anywhere anywhere
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any any anywhere anywhere state INVALID
0 0 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 forwarding_rule all -- any any anywhere anywhere
0 0 forward all -- any any anywhere anywhere
0 0 reject all -- any any anywhere anywhere
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any any anywhere anywhere state INVALID
4707 691K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
1 69 ACCEPT all -- any lo anywhere anywhere
2 136 output_rule all -- any any anywhere anywhere
2 136 output all -- any any anywhere anywhere
Chain forward (1 references)
pkts bytes target prot opt in out source destination
0 0 zone_lan_forward all -- br-lan any anywhere anywhere
0 0 zone_wan_forward all -- eth0.1 any anywhere anywhere
Chain forwarding_lan (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_rule (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_wan (1 references)
pkts bytes target prot opt in out source destination
Chain input (1 references)
pkts bytes target prot opt in out source destination
27963 2404K zone_lan all -- br-lan any anywhere anywhere
0 0 zone_wan all -- eth0.1 any anywhere anywhere
Chain input_lan (1 references)
pkts bytes target prot opt in out source destination
Chain input_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_wan (1 references)
pkts bytes target prot opt in out source destination
Chain output (1 references)
pkts bytes target prot opt in out source destination
2 136 zone_lan_ACCEPT all -- any any anywhere anywhere
0 0 zone_wan_ACCEPT all -- any any anywhere anywhere
Chain output_rule (1 references)
pkts bytes target prot opt in out source destination
Chain reject (5 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- any any anywhere anywhere reject-with tcp-reset
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-port-unreachable
Chain syn_flood (1 references)
pkts bytes target prot opt in out source destination
21 1260 RETURN tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
0 0 DROP all -- any any anywhere anywhere
Chain zone_lan (1 references)
pkts bytes target prot opt in out source destination
27963 2404K input_lan all -- any any anywhere anywhere
27963 2404K zone_lan_ACCEPT all -- any any anywhere anywhere
Chain zone_lan_ACCEPT (2 references)
pkts bytes target prot opt in out source destination
27963 2404K ACCEPT all -- br-lan any anywhere anywhere
2 136 ACCEPT all -- any br-lan anywhere anywhere
Chain zone_lan_DROP (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- br-lan any anywhere anywhere
0 0 DROP all -- any br-lan anywhere anywhere
Chain zone_lan_MSSFIX (0 references)
pkts bytes target prot opt in out source destination
0 0 TCPMSS tcp -- any br-lan anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
Chain zone_lan_REJECT (1 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- br-lan any anywhere anywhere
0 0 reject all -- any br-lan anywhere anywhere
Chain zone_lan_forward (1 references)
pkts bytes target prot opt in out source destination
0 0 zone_wan_ACCEPT all -- any any anywhere anywhere
0 0 forwarding_lan all -- any any anywhere anywhere
0 0 zone_lan_REJECT all -- any any anywhere anywhere
Chain zone_wan (1 references)
pkts bytes target prot opt in out source destination
0 0 input_wan all -- any any anywhere anywhere
0 0 zone_wan_REJECT all -- any any anywhere anywhere
Chain zone_wan_ACCEPT (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- eth0.1 any anywhere anywhere
0 0 ACCEPT all -- any eth0.1 anywhere anywhere
Chain zone_wan_DROP (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- eth0.1 any anywhere anywhere
0 0 DROP all -- any eth0.1 anywhere anywhere
Chain zone_wan_MSSFIX (0 references)
pkts bytes target prot opt in out source destination
0 0 TCPMSS tcp -- any eth0.1 anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
Chain zone_wan_REJECT (2 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- eth0.1 any anywhere anywhere
0 0 reject all -- any eth0.1 anywhere anywhere
Chain zone_wan_forward (1 references)
pkts bytes target prot opt in out source destination
0 0 forwarding_wan all -- any any anywhere anywhere
0 0 zone_wan_REJECT all -- any any anywhere anywhere Für meine ungeübten Augen sieht das aber nicht so aus ...
cu
serow