Easy Support funktioniert nicht

      Easy Support funktioniert nicht

      Hallo,
      ich nutze den Speedport Hybrid mit Firmware 050124.04.00.007 und einer angepassten Komplettlösung.
      Obgleich der Telekom-FON-Hotspot funktioniert und ich Easy Support im Menü des Routers aktiviert habe, erscheint der Route nicht im unter "Easy Support" im Kundencenter der Telekom.

      Welcher Prozess ist denn für Easy Support zuständig?
      Ist es cwmpd oder ist es acd oder noch etwas...?

      Gibt es eine Firewallregel, die für Easy Support gegeben sein muss oder aber enthält die Komplettlösung eine deny-Zeile?


      Hier die Liste meiner aktiven Prozess (ggü. der Komplettlösung sind siproxyd und voiper aktiv):

      Quellcode

      1. bash-4.3# ps
      2. PID Uid Gid VSZ Stat Command
      3. 1 root root 860 S init
      4. 2 root root SW [kthreadd]
      5. 3 root root SW [ksoftirqd/0]
      6. 5 root root SW [kworker/u:0]
      7. 6 root root SW [migration/0]
      8. 7 root root SW [migration/1]
      9. 9 root root SW [ksoftirqd/1]
      10. 11 root root SW< [khelper]
      11. 12 root root SW< [board]
      12. 14 root root SW [kworker/u:1]
      13. 99 root root SW [sync_supers]
      14. 101 root root SW [bdi-default]
      15. 103 root root SW< [kblockd]
      16. 111 root root SW [khubd]
      17. 131 root root SW [skbFreeTask]
      18. 132 root root SW< [bpm]
      19. 150 root root SWN [kswapd0]
      20. 151 root root SW [fsnotify_mark]
      21. 153 root root SW< [crypto]
      22. 213 root root SW [mtdblock0]
      23. 218 root root SW [mtdblock1]
      24. 223 root root SW [mtdblock2]
      25. 228 root root SW [mtdblock3]
      26. 233 root root SW [mtdblock4]
      27. 238 root root SW [mtdblock5]
      28. 243 root root SW [mtdblock6]
      29. 248 root root SW [mtdblock7]
      30. 253 root root SW [mtdblock8]
      31. 258 root root SW [mtdblock9]
      32. 263 root root SW [mtdblock10]
      33. 268 root root SW [mtdblock11]
      34. 273 root root SW [mtdblock12]
      35. 278 root root SW [mtdblock13]
      36. 306 root root SW< [linkwatch]
      37. 325 root root SW< [deferwq]
      38. 331 root root 924 S -/bin/sh
      39. 343 root root SWN [jffs2_gcd_mtd2]
      40. 346 root root SWN [jffs2_gcd_mtd12]
      41. 350 root root SWN [jffs2_gcd_mtd13]
      42. 365 root root 804 S tftpd -s /etc/tftpd
      43. 366 root root Z [sh]
      44. 367 root root 2852 S mic
      45. 377 root root 1032 S /bin/log
      46. 379 root root 4940 S cms
      47. 389 root root SW [bcmFlwStatsTask]
      48. 394 root root SW [fapGsoLoopBk]
      49. 395 root root SW [kpAliveWatchdog]
      50. 411 root root SW [bcmsw_rx]
      51. 430 root root SW [bcmsw_timer]
      52. 431 root root SW [bcmsw]
      53. 436 root root SW [scsi_eh_0]
      54. 437 root root SW [usb-storage]
      55. 452 root root SW [dsl0]
      56. 543 dhcps dhcps 1640 S /bin/ipcheck
      57. 545 dhcps dhcps 1760 S /bin/dhcps
      58. 547 root root 1556 S /bin/dns
      59. 937 root root 1112 S hybrid
      60. 1026 root root 7760 S < voiper start
      61. [...]
      62. 1068 root root 7760 S < voiper start
      63. 1070 root root SW [wl0-kthrd]
      64. 1076 root root SW [wl1-kthrd]
      65. 1134 root root 544 S /bin/radvd
      66. 1410 root root SW [kworker/0:3]
      67. 1513 root root 652 S ltemsg
      68. 1999 root root 444 S /opt/sbin/dropbear -R -p 192.168.2.1:22
      69. 2468 root root 568 S siproxd_ipv6 --config /var/alg/siproxd.conf
      70. 2469 root root 568 S siproxd_ipv6 --config /var/alg/siproxd.conf
      71. 2470 root root 568 S siproxd_ipv6 --config /var/alg/siproxd.conf
      72. 2564 root root 432 S sntp
      73. 2667 root root 676 S dhcpc -i gre2 -I gre2
      74. 2670 root root 876 S dhcp6c hybrid
      75. 2887 root root 556 S siproxd --config /var/alg/siproxd.conf
      76. 2890 root root 556 S siproxd --config /var/alg/siproxd.conf
      77. 2891 root root 556 S siproxd --config /var/alg/siproxd.conf
      78. 3137 root root 268 S /opt/bin/crond -c /opt/etc/cron.d
      79. 3247 root root 504 S oam -i nas_p1_1
      80. 3280 root root 676 S pppc -I ppp256
      81. 3309 root root 652 S dhcpc -i nas_p1_4.8 -I nas_p1_4.8 -H Speedpo
      82. 3329 root root SW [kworker/1:0]
      83. 3395 root root 1052 S ipdr -I ppp256
      84. 3450 root root 464 R mld -c /var/mld/wan.conf
      85. 3625 root root 512 S igmp -I /var/igmp/wan.conf
      86. 5881 root root SW [kworker/1:3]
      87. 6153 root root SW [kworker/1:1]
      88. 9582 root root 320 S /bin/eapd
      89. 9587 root root 940 S /bin/nas
      90. 10687 root root 1076 S /bin/acsd
      91. 10944 root root 728 S /bin/wps_monitor
      92. 11661 root root 2096 S ddnsc /var/ddnsc.cfg /var/ddnsc.cache
      93. 11926 root root 924 S /bin/sh /etc/init.d/chilli start
      94. 12031 root root 1860 S /usr/sbin/chilli --dns1=172.17.2.1 --dns2=17
      95. 12435 web web 4320 S /bin/web -s 15 -t 0 -s 16 -t 2 -s 17 -t 4 -s
      96. 14150 root root SW [flush-mtd-unmap]
      97. 17758 root root 640 R /opt/sbin/dropbear -R -p 192.168.2.1:22
      98. 18292 root root 1256 S bash
      99. 18933 root root 876 R ps
      100. 18948 root root []
      101. 20709 root root SW [kworker/1:2]
      102. 25069 root root 380 S /usr/sbin/chilloutd -r /usr/sbin/rule.sh -n
      103. 25211 root root 476 S /usr/sbin/xl2tpd -c /etc/xl2tpd.conf -D
      104. 25350 root root 912 S /bin/sh /etc/init.d/fonsmcd start
      105. 25389 root root 636 S /usr/sbin/fonsmcd --nodaemon --mac=EC-CB-30-
      106. 26673 root root SW [kworker/0:2]
      107. 27073 root root SW [kworker/0:0]
      108. 31916 root root SW [kworker/0:1]



      [IPTABLES folgt in separatem Post]

      Vielleicht ist bei mir alles richtig und der Easy Support ist zentral gestört? Wie schaut es bei Euch aus?

      Ich freue mich auf Eure Rückmeldung.
      Hier die Firewallconfig:

      Quellcode

      1. bash-4.3# iptables -L
      2. Chain INPUT (policy ACCEPT)
      3. target prot opt source destination
      4. DROP udp -- anywhere anywhere udp dpt:tftp
      5. ACCEPT udp -- anywhere 172.10.10.10 udp dpt:tftp
      6. ACCEPT tcp -- anywhere anywhere tcp dpt:55555
      7. DROP 47 -- anywhere 255.255.255.255
      8. ACCEPT 47 -- anywhere !255.255.255.255
      9. DROP all -- anywhere 172.17.2.0/24
      10. ACCEPT all -- anywhere anywhere
      11. ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
      12. INPUT_LAN_SUBNET all -- anywhere anywhere
      13. INPUT_FON all -- anywhere anywhere
      14. INPUT_SERVICE all -- anywhere anywhere
      15. INPUT_FIREWALL all -- anywhere anywhere
      16. Chain FORWARD (policy ACCEPT)
      17. target prot opt source destination
      18. DROP all -- anywhere anywhere
      19. ACCEPT all -- 192.168.2.0/24 172.10.10.1
      20. DROP all -- anywhere anywhere
      21. DROP all -- anywhere anywhere
      22. DROP all -- anywhere anywhere
      23. TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
      24. ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
      25. FWD_LAN_SUBNET all -- anywhere anywhere
      26. FWD_SERVICE all -- anywhere anywhere
      27. FWD_REDIR all -- anywhere anywhere
      28. FWD_FIREWALL all -- anywhere anywhere
      29. FWD_LAN all -- anywhere anywhere
      30. FWD_ABUSE tcp -- anywhere anywhere multiport dports smtp,465,587
      31. FWD_ABUSE udp -- anywhere anywhere multiport dports 25,465,587
      32. FWD_ABUSE tcp -- anywhere anywhere multiport dports smtp,465,587
      33. FWD_ABUSE udp -- anywhere anywhere multiport dports 25,465,587
      34. FWD_ABUSE tcp -- anywhere anywhere multiport dports smtp,465,587
      35. FWD_ABUSE udp -- anywhere anywhere multiport dports 25,465,587
      36. FWD_FON all -- anywhere anywhere
      37. FWD_FON all -- anywhere anywhere
      38. Chain OUTPUT (policy ACCEPT)
      39. target prot opt source destination
      40. DROP all -- anywhere 127.0.0.1
      41. DROP all -- anywhere 192.168.0.0/16
      42. DROP all -- anywhere 172.16.0.0/12
      43. DROP all -- anywhere 10.0.0.0/8
      44. Chain FWD_ABUSE (6 references)
      45. target prot opt source destination
      46. FWD_ABUSE_DFT all -- anywhere anywhere
      47. FWD_ABUSE_USR all -- anywhere anywhere
      48. Chain FWD_ABUSE_DFT (1 references)
      49. target prot opt source destination
      50. Chain FWD_ABUSE_USR (1 references)
      51. target prot opt source destination
      52. Chain FWD_BLACK_LIST (0 references)
      53. target prot opt source destination
      54. RETURN all -- anywhere anywhere mark match 0x80000000/0x80000000
      55. DROP all -- anywhere anywhere
      56. Chain FWD_FIREWALL (1 references)
      57. target prot opt source destination
      58. Chain FWD_FON (2 references)
      59. target prot opt source destination
      60. Chain FWD_LAN (1 references)
      61. target prot opt source destination
      62. Chain FWD_LAN_SUBNET (1 references)
      63. target prot opt source destination
      64. DROP all -- 192.168.2.0/24 anywhere
      65. DROP all -- !192.168.2.0/24 anywhere
      66. DROP all -- anywhere anywhere
      67. DROP all -- anywhere 192.168.0.0/16
      68. DROP all -- anywhere 172.16.0.0/12
      69. DROP all -- anywhere 10.0.0.0/8
      70. DROP all -- anywhere 192.168.0.0/16
      71. DROP all -- anywhere 172.16.0.0/12
      72. DROP all -- anywhere 10.0.0.0/8
      73. Chain FWD_REDIR (1 references)
      74. target prot opt source destination
      75. Chain FWD_SERVICE (1 references)
      76. target prot opt source destination
      77. DROP all -- anywhere anywhere
      78. DROP all -- anywhere anywhere
      79. DROP all -- anywhere 169.254.0.0/16
      80. DROP all -- 169.254.0.0/16 anywhere
      81. DROP all -- 127.0.0.0/8 anywhere
      82. DROP icmp -- anywhere anywhere icmp echo-request
      83. DROP icmp -- anywhere anywhere icmp echo-request
      84. ACCEPT tcp -- anywhere anywhere tcp dpt:7547
      85. ACCEPT udp -- anywhere anywhere udp dpt:tproxy
      86. ACCEPT all -- anywhere 224.0.0.0/4
      87. Chain INPUT_FIREWALL (1 references)
      88. target prot opt source destination
      89. DROP tcp -- anywhere !192.168.2.1 tcp dpt:www
      90. DROP icmp -- anywhere !192.168.2.1
      91. DROP udp -- anywhere !192.168.2.1 udp dpt:domain
      92. DROP tcp -- anywhere !192.168.2.1
      93. ACCEPT tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 10/sec burst 50
      94. DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
      95. DROP all -- anywhere anywhere
      96. Chain INPUT_FON (1 references)
      97. target prot opt source destination
      98. ACCEPT tcp -- anywhere anywhere tcp dpt:3990 flags:FIN,SYN,RST,ACK/SYN
      99. ACCEPT tcp -- anywhere anywhere tcp dpt:domain
      100. ACCEPT udp -- anywhere anywhere udp dpt:domain
      101. DROP all -- anywhere anywhere
      102. Chain INPUT_LAN_SUBNET (1 references)
      103. target prot opt source destination
      104. DROP all -- 192.168.2.0/24 anywhere
      105. DROP tcp -- anywhere anywhere multiport dports netbios-ssn,445
      106. DROP udp -- anywhere anywhere multiport dports netbios-ns,netbios-dgm
      107. DROP tcp -- anywhere anywhere multiport dports ftp
      108. Chain INPUT_SERVICE (1 references)
      109. target prot opt source destination
      110. DROP tcp -- anywhere anywhere tcp dpt:7547
      111. DROP all -- 169.254.0.0/16 anywhere
      112. DROP all -- 127.0.0.0/8 anywhere
      113. ACCEPT tcp -- anywhere anywhere tcp dpt:7547
      114. ACCEPT udp -- anywhere anywhere udp dpt:tproxy
      115. ACCEPT udp -- anywhere anywhere udp dpt:5060
      116. ACCEPT udp -- anywhere anywhere udp dpt:5061
      117. ACCEPT udp -- anywhere anywhere udp dpts:7070:7089
      118. ACCEPT udp -- anywhere anywhere udp dpts:7070:7089
      119. ACCEPT igmp -- anywhere anywhere
      120. ACCEPT udp -- anywhere anywhere udp dpt:5060
      121. ACCEPT udp -- anywhere anywhere udp dpts:50000:50019
      122. ACCEPT udp -- anywhere anywhere udp dpt:5060
      123. ACCEPT udp -- anywhere anywhere udp dpt:5061
      124. ACCEPT udp -- anywhere anywhere udp dpts:50000:50019
      125. ACCEPT udp -- anywhere anywhere udp dpt:5060
      126. ACCEPT udp -- anywhere anywhere udp dpt:5061
      127. ACCEPT udp -- anywhere anywhere udp dpts:50000:50019
      Hallo @danXde,

      IPv6 im LAN ist aktiv, allerdings nur an normale Clients, obgleich mein System für IPv6 Prefix Delegation gerüstet wäre.
      Die Option "Lokale IPv6-Adresse (ULA) verwenden" habe ich nicht aktiviert, der Router ist also über fe80 erreichbar und Webseiten erreiche ich problemlos per IPv6.

      Hier der Output:

      Quellcode

      1. bash-4.3# iptables --list-rules
      2. -P INPUT ACCEPT
      3. -P FORWARD ACCEPT
      4. -P OUTPUT ACCEPT
      5. -N FWD_ABUSE
      6. -N FWD_ABUSE_DFT
      7. -N FWD_ABUSE_USR
      8. -N FWD_BLACK_LIST
      9. -N FWD_FIREWALL
      10. -N FWD_FON
      11. -N FWD_LAN
      12. -N FWD_LAN_SUBNET
      13. -N FWD_REDIR
      14. -N FWD_SERVICE
      15. -N INPUT_FIREWALL
      16. -N INPUT_FON
      17. -N INPUT_LAN_SUBNET
      18. -N INPUT_SERVICE
      19. -A INPUT ! -i in_0 -p udp -m udp --dport 69 -j DROP
      20. -A INPUT -d 172.10.10.10/32 -p udp -m udp --dport 69 -j ACCEPT
      21. -A INPUT -p tcp -m tcp --dport 55555 -j ACCEPT
      22. -A INPUT -d 255.255.255.255/32 -p 47 -j DROP
      23. -A INPUT ! -d 255.255.255.255/32 ! -i br0 -p 47 -j ACCEPT
      24. -A INPUT -d 172.17.2.0/24 -i br0 -j DROP
      25. -A INPUT -i lo -j ACCEPT
      26. -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
      27. -A INPUT -j INPUT_LAN_SUBNET
      28. -A INPUT -i tun0 -j INPUT_FON
      29. -A INPUT -j INPUT_SERVICE
      30. -A INPUT -j INPUT_FIREWALL
      31. -A FORWARD -i br0 -o nas_p1_4.8 -j DROP
      32. -A FORWARD -s 192.168.2.0/24 -d 172.10.10.1/32 -j ACCEPT
      33. -A FORWARD -i tun0 -o br0 -j DROP
      34. -A FORWARD -i br0 -o tun0 -j DROP
      35. -A FORWARD -o br1 -j DROP
      36. -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
      37. -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
      38. -A FORWARD -j FWD_LAN_SUBNET
      39. -A FORWARD -j FWD_SERVICE
      40. -A FORWARD -j FWD_REDIR
      41. -A FORWARD -j FWD_FIREWALL
      42. -A FORWARD -i br0 -j FWD_LAN
      43. -A FORWARD -i br0 -o ppp+ -p tcp -m multiport --dports 25,465,587 -j FWD_ABUSE
      44. -A FORWARD -i br0 -o ppp+ -p udp -m multiport --dports 25,465,587 -j FWD_ABUSE
      45. -A FORWARD -i br0 -o gre+ -p tcp -m multiport --dports 25,465,587 -j FWD_ABUSE
      46. -A FORWARD -i br0 -o gre+ -p udp -m multiport --dports 25,465,587 -j FWD_ABUSE
      47. -A FORWARD -i br0 -o nas_+ -p tcp -m multiport --dports 25,465,587 -j FWD_ABUSE
      48. -A FORWARD -i br0 -o nas_+ -p udp -m multiport --dports 25,465,587 -j FWD_ABUSE
      49. -A FORWARD -i tun0 -j FWD_FON
      50. -A FORWARD -o tun0 -j FWD_FON
      51. -A OUTPUT -d 127.0.0.1/32 -o ppp256 -j DROP
      52. -A OUTPUT -d 192.168.0.0/16 -o ppp256 -j DROP
      53. -A OUTPUT -d 172.16.0.0/12 -o ppp256 -j DROP
      54. -A OUTPUT -d 10.0.0.0/8 -o ppp256 -j DROP
      55. -A FWD_ABUSE -j FWD_ABUSE_DFT
      56. -A FWD_ABUSE -j FWD_ABUSE_USR
      57. -A FWD_BLACK_LIST -m mark --mark 0x80000000/0x80000000 -j RETURN
      58. -A FWD_BLACK_LIST -j DROP
      59. -A FWD_LAN_SUBNET -s 192.168.2.0/24 ! -i br0 -j DROP
      60. -A FWD_LAN_SUBNET ! -s 192.168.2.0/24 -i br0 -j DROP
      61. -A FWD_LAN_SUBNET -i br0 -o rmnet0 -j DROP
      62. -A FWD_LAN_SUBNET -d 192.168.0.0/16 -i br0 -o ppp256 -j DROP
      63. -A FWD_LAN_SUBNET -d 172.16.0.0/12 -i br0 -o ppp256 -j DROP
      64. -A FWD_LAN_SUBNET -d 10.0.0.0/8 -i br0 -o ppp256 -j DROP
      65. -A FWD_LAN_SUBNET -d 192.168.0.0/16 -i br0 -o gre+ -j DROP
      66. -A FWD_LAN_SUBNET -d 172.16.0.0/12 -i br0 -o gre+ -j DROP
      67. -A FWD_LAN_SUBNET -d 10.0.0.0/8 -i br0 -o gre+ -j DROP
      68. -A FWD_SERVICE -i nas+ -o ppp+ -j DROP
      69. -A FWD_SERVICE -i ppp+ -o nas+ -j DROP
      70. -A FWD_SERVICE -d 169.254.0.0/16 -i br0 -j DROP
      71. -A FWD_SERVICE -s 169.254.0.0/16 ! -i br0 -j DROP
      72. -A FWD_SERVICE -s 127.0.0.0/8 ! -i br0 -j DROP
      73. -A FWD_SERVICE -i ppp+ -p icmp -m icmp --icmp-type 8 -j DROP
      74. -A FWD_SERVICE -i nas+ -p icmp -m icmp --icmp-type 8 -j DROP
      75. -A FWD_SERVICE -i ppp256 -p tcp -m tcp --dport 7547 -j ACCEPT
      76. -A FWD_SERVICE -i ppp256 -p udp -m udp --dport 8081 -j ACCEPT
      77. -A FWD_SERVICE -d 224.0.0.0/4 -i ppp256 -j ACCEPT
      78. -A INPUT_FIREWALL ! -d 192.168.2.1/32 -i br0 -p tcp -m tcp --dport 80 -j DROP
      79. -A INPUT_FIREWALL ! -d 192.168.2.1/32 -i br0 -p icmp -j DROP
      80. -A INPUT_FIREWALL ! -d 192.168.2.1/32 -i br0 -p udp -m udp --dport 53 -j DROP
      81. -A INPUT_FIREWALL ! -d 192.168.2.1/32 -i br0 -p tcp -j DROP
      82. -A INPUT_FIREWALL -i br0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 10/sec --limit-burst 50 -j ACCEPT
      83. -A INPUT_FIREWALL -i br0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
      84. -A INPUT_FIREWALL ! -i br0 -j DROP
      85. -A INPUT_FON -p tcp -m tcp --dport 3990 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEP T
      86. -A INPUT_FON -p tcp -m tcp --dport 53 -j ACCEPT
      87. -A INPUT_FON -p udp -m udp --dport 53 -j ACCEPT
      88. -A INPUT_FON -j DROP
      89. -A INPUT_LAN_SUBNET -s 192.168.2.0/24 ! -i br0 -j DROP
      90. -A INPUT_LAN_SUBNET -i br0 -p tcp -m multiport --dports 139,445 -j DROP
      91. -A INPUT_LAN_SUBNET -i br0 -p udp -m multiport --dports 137,138 -j DROP
      92. -A INPUT_LAN_SUBNET -i br0 -p tcp -m multiport --dports 21 -j DROP
      93. -A INPUT_SERVICE -i nas+ -p tcp -m tcp --dport 7547 -j DROP
      94. -A INPUT_SERVICE -s 169.254.0.0/16 ! -i br0 -j DROP
      95. -A INPUT_SERVICE -s 127.0.0.0/8 ! -i br0 -j DROP
      96. -A INPUT_SERVICE -i ppp256 -p tcp -m tcp --dport 7547 -j ACCEPT
      97. -A INPUT_SERVICE -i ppp256 -p udp -m udp --dport 8081 -j ACCEPT
      98. -A INPUT_SERVICE -i ppp256 -p udp -m udp --dport 5060 -j ACCEPT
      99. -A INPUT_SERVICE -i ppp256 -p udp -m udp --dport 5061 -j ACCEPT
      100. -A INPUT_SERVICE -i ppp256 -p udp -m udp --dport 7070:7089 -j ACCEPT
      101. -A INPUT_SERVICE -i gre+ -p udp -m udp --dport 7070:7089 -j ACCEPT
      102. -A INPUT_SERVICE -i ppp256 -p igmp -j ACCEPT
      103. -A INPUT_SERVICE -i gre1 -p udp -m udp --dport 5060 -j ACCEPT
      104. -A INPUT_SERVICE -i gre1 -p udp -m udp --dport 50000:50019 -j ACCEPT
      105. -A INPUT_SERVICE -i gre2 -p udp -m udp --dport 5060 -j ACCEPT
      106. -A INPUT_SERVICE -i gre2 -p udp -m udp --dport 5061 -j ACCEPT
      107. -A INPUT_SERVICE -i gre2 -p udp -m udp --dport 50000:50019 -j ACCEPT
      108. -A INPUT_SERVICE -i gre -p udp -m udp --dport 5060 -j ACCEPT
      109. -A INPUT_SERVICE -i gre -p udp -m udp --dport 5061 -j ACCEPT
      110. -A INPUT_SERVICE -i gre -p udp -m udp --dport 50000:50019 -j ACCEPT

      Quellcode

      1. bash-4.3# iptables -t nat --list-rules
      2. -P PREROUTING ACCEPT
      3. -P INPUT ACCEPT
      4. -P OUTPUT ACCEPT
      5. -P POSTROUTING ACCEPT
      6. -N PRE_DONAT
      7. -N PRE_LAN_SUBNET
      8. -N PRE_REDIR
      9. -N PRE_SERVICE
      10. -N PRE_UPNP
      11. -A PREROUTING -i gre -p udp -m udp --dport 50000:50019 -j ACCEPT
      12. -A PREROUTING -i gre -p udp -m udp --dport 5061 -j ACCEPT
      13. -A PREROUTING -i gre -p udp -m udp --dport 5060 -j ACCEPT
      14. -A PREROUTING -i gre2 -p udp -m udp --dport 50000:50019 -j ACCEPT
      15. -A PREROUTING -i gre2 -p udp -m udp --dport 5061 -j ACCEPT
      16. -A PREROUTING -i gre1 -p udp -m udp --dport 50000:50019 -j ACCEPT
      17. -A PREROUTING -i gre1 -p udp -m udp --dport 5061 -j ACCEPT
      18. -A PREROUTING -i gre1 -p udp -m udp --dport 5060 -j ACCEPT
      19. -A PREROUTING -i ppp256 -p udp -m udp --dport 5061 -j ACCEPT
      20. -A PREROUTING -i ppp256 -p udp -m udp --dport 5060 -j ACCEPT
      21. -A PREROUTING -j PRE_DONAT
      22. -A PREROUTING -j PRE_LAN_SUBNET
      23. -A PREROUTING -j PRE_REDIR
      24. -A PREROUTING -j PRE_UPNP
      25. -A PREROUTING -j PRE_SERVICE
      26. -A POSTROUTING -s 192.168.2.0/24 -o gre2 -j MASQUERADE--mode fullcone
      27. -A POSTROUTING -s 192.168.2.0/24 -o gre1 -j MASQUERADE--mode fullcone
      28. -A POSTROUTING -s 172.17.2.0/24 -o ppp256 -j MASQUERADE--mode fullcone
      29. -A POSTROUTING -s 192.168.2.0/24 -o ppp256 -j MASQUERADE--mode fullcone
      30. -A POSTROUTING -s 192.168.2.0/24 -j MASQUERADE--mode fullcone
      31. -A POSTROUTING -m mark --mark 0x80000000/0x80000000 -j MASQUERADE
      32. -A POSTROUTING -o ppp256 -m mark --mark 0x40000000/0xf0000000 -j MASQUERADE
      33. -A POSTROUTING -o ppp256 -m mark --mark 0x20000000/0xf0000000 -j MASQUERADE
      34. -A POSTROUTING -o ppp256 -m mark --mark 0x10000000/0xf0000000 -j MASQUERADE
      35. -A POSTROUTING -s 192.168.2.0/24 -d 192.168.2.0/24 -o br0 -j MASQUERADE
      36. -A POSTROUTING -o br1 -j MASQUERADE
      37. -A
      38. PRE_DONAT -i br0 -p udp -m multiport --dports 5060,56005 -j REDIRECT
      39. --to-por
      40. ts 56005
      41. -A PRE_DONAT -i ppp256 -p igmp -j ACCEPT
      42. -A PRE_SERVICE -i ppp256 -p udp -m udp --dport 7070:7089 -j ACCEPT
      43. -A PRE_SERVICE -i gre+ -p udp -m udp --dport 7070:7089 -j ACCEPT
      44. -A PRE_SERVICE -i ppp256 -p udp -m udp --dport 500 -j ACCEPT
      45. -A PRE_SERVICE -i ppp256 -p esp -j ACCEPT
      46. -A PRE_SERVICE -d 224.0.0.0/4 -i ppp256 -j ACCEPT
      47. bash-4.3# iptables -t mangle --list-rules
      48. -P PREROUTING ACCEPT
      49. -P INPUT ACCEPT
      50. -P FORWARD ACCEPT
      51. -P OUTPUT ACCEPT
      52. -P POSTROUTING ACCEPT
      53. -N BLACK_LIST
      54. -N FORWARD_WAN_RULES
      55. -N FWD_FILTER_LIST
      56. -N PRE_FILTER_LIST
      57. -N ROUTE_CTL_LIST
      58. -N ROUTE_OPTION121_LIST
      59. -N ROUTE_STATIC_LIST
      60. -A PREROUTING -i br1 -j DROP
      61. -A PREROUTING -i ppp256 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m tcpmss --mss 1412:65535 -j TCPMSS --set-mss 1412
      62. -A PREROUTING -i ppp256 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN,ACK -m tcpmss --mss 1412:65535 -j TCPMSS --set-mss 1412
      63. -A PREROUTING -i br0 -j ROUTE_CTL_LIST
      64. -A PREROUTING -i br0 -j PRE_FILTER_LIST
      65. -A PREROUTING -i gre1 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m tcpmss --mss 1400:65535 -j TCPMSS --set-mss 1400
      66. -A PREROUTING -i gre1 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN,ACK -m tcpmss --mss 1400:65535 -j TCPMSS --set-mss 1400
      67. -A PREROUTING -i gre2 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m tcpmss --mss 1400:65535 -j TCPMSS --set-mss 1400
      68. -A PREROUTING -i gre2 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN,ACK -m tcpmss --mss 1400:65535 -j TCPMSS --set-mss 1400
      69. -A FORWARD -i br0 -j FORWARD_WAN_RULES
      70. -A OUTPUT -m mark --mark 0xe/0xf -j MARK --set-xmark 0x0/0xf
      71. -A OUTPUT -m mark --mark 0x9/0xf -j MARK --set-xmark 0x0/0xf
      72. -A OUTPUT -p udp -m udp --dport 53 -j MARK --set-xmark 0x8/0xf
      73. -A OUTPUT -m mark --mark 0x1000/0x1000 -j ROUTE_CTL_LIST
      74. -A OUTPUT -p udp -m udp --dport 1701 -j MARK --set-xmark 0x1/0xffffffff
      75. -A POSTROUTING -o ppp256 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m tcpmss --mss 1412:65535 -j TCPMSS --set-mss 1412
      76. -A POSTROUTING -o ppp256 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN,ACK -m tcpmss --mss 1412:65535 -j TCPMSS --set-mss 1412
      77. -A POSTROUTING -p 47 -m mark --mark 0x200000/0xf00000 -j MARK --set-xmark 0x0/0xf
      78. -A POSTROUTING -o gre1 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m tcpmss --mss 1400:65535 -j TCPMSS --set-mss 1400
      79. -A POSTROUTING -o gre1 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN,ACK -m tcpmss --mss 1400:65535 -j TCPMSS --set-mss 1400
      80. -A POSTROUTING -o gre2 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m tcpmss --mss 1400:65535 -j TCPMSS --set-mss 1400
      81. -A POSTROUTING -o gre2 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN,ACK -m tcpmss --mss 1400:65535 -j TCPMSS --set-mss 1400
      82. -A BLACK_LIST -d 217.237.150.51/32 -j MARK --set-xmark 0x80000000/0x80000000
      83. -A BLACK_LIST -d 217.237.148.22/32 -j MARK --set-xmark 0x80000000/0x80000000
      84. -A BLACK_LIST -d 80.156.86.10/32 -j MARK --set-xmark 0x80000000/0x80000000
      85. -A FORWARD_WAN_RULES -p udp -m udp --dport 123 -m dscp --dscp 0x18 -j MARK --set-xmark 0x3/0xf
      86. -A FORWARD_WAN_RULES -p udp -m udp --dport 123 -m dscp --dscp 0x18 -j DSCP --set-dscp 0x20
      87. -A FORWARD_WAN_RULES -p udp -m udp --dport 123 -m dscp --dscp 0x20 -m mark --mark 0x3/0xf -j ACCEPT
      88. -A FORWARD_WAN_RULES -p tcp -m tcp --dport 80 -m dscp --dscp 0x18 -j MARK --set-xmark 0x3/0xf
      89. -A FORWARD_WAN_RULES -p tcp -m tcp --dport 80 -m dscp --dscp 0x18 -j DSCP --set-dscp 0x20
      90. -A FORWARD_WAN_RULES -p tcp -m tcp --dport 80 -m dscp --dscp 0x20 -m mark --mark 0x3/0xf -j ACCEPT
      91. -A FORWARD_WAN_RULES -m dscp --dscp 0x18 -j MARK --set-xmark 0x2/0xf
      92. -A FORWARD_WAN_RULES -m dscp --dscp 0x18 -j ACCEPT
      93. -A FORWARD_WAN_RULES -j DSCP --set-dscp 0x00
      94. -A FWD_FILTER_LIST -m dscp --dscp 0x30 -j MARK --set-xmark 0x40000000/0xf0000000
      95. -A FWD_FILTER_LIST -m dscp --dscp 0x2e -j MARK --set-xmark 0x40000000/0xf0000000
      96. -A FWD_FILTER_LIST -d 46.29.100.40/32 -p udp -m udp --dport 44300 -j MARK --set-xmark 0x10000000/0xf0000000
      97. -A FWD_FILTER_LIST -d 46.29.100.40/32 -p tcp -m tcp --dport 44300 -j MARK --set-xmark 0x10000000/0xf0000000
      98. -A FWD_FILTER_LIST -d 46.29.100.43/32 -j MARK --set-xmark 0x10000000/0xf0000000
      99. -A FWD_FILTER_LIST -d 87.140.192.0/21 -j MARK --set-xmark 0x10000000/0xf0000000
      100. -A FWD_FILTER_LIST -s 172.17.2.0/24 -j MARK --set-xmark 0x10000000/0xf0000000
      101. -A FWD_FILTER_LIST -d 62.155.248.0/23 -j MARK --set-xmark 0x10000000/0xf0000000
      102. -A FWD_FILTER_LIST -d 87.141.220.0/24 -j MARK --set-xmark 0x10000000/0xf0000000
      103. -A FWD_FILTER_LIST -d 87.141.216.0/23 -j MARK --set-xmark 0x10000000/0xf0000000
      104. -A FWD_FILTER_LIST -d 62.155.250.0/23 -j MARK --set-xmark 0x10000000/0xf0000000
      105. -A FWD_FILTER_LIST -d 80.157.240.0/21 -j MARK --set-xmark 0x10000000/0xf0000000
      106. -A FWD_FILTER_LIST -d 87.141.218.0/23 -j MARK --set-xmark 0x10000000/0xf0000000
      107. -A FWD_FILTER_LIST -d 217.0.0.207/32 -j MARK --set-xmark 0x10000000/0xf0000000
      108. -A FWD_FILTER_LIST -d 217.0.0.143/32 -j MARK --set-xmark 0x10000000/0xf0000000
      109. -A FWD_FILTER_LIST -d 217.0.0.129/32 -j MARK --set-xmark 0x10000000/0xf0000000
      110. -A FWD_FILTER_LIST -d 217.0.0.193/32 -j MARK --set-xmark 0x10000000/0xf0000000
      111. -A ROUTE_CTL_LIST -d 62.155.246.15/32 -j RETURN
      112. -A ROUTE_CTL_LIST -d 172.10.10.0/24 -j RETURN
      113. -A ROUTE_CTL_LIST -d 192.168.2.0/24 -j RETURN
      114. -A ROUTE_CTL_LIST -j BLACK_LIST
      115. -A ROUTE_CTL_LIST -m mark --mark 0x80000000/0x80000000 -j ACCEPT
      116. -A ROUTE_CTL_LIST -j ROUTE_STATIC_LIST
      117. -A ROUTE_CTL_LIST -j ROUTE_OPTION121_LIST
      118. -A ROUTE_CTL_LIST -j FWD_FILTER_LIST
      119. bash-4.3#