Ticket #873 (closed enhancement: worksforme)

Opened 3 years ago

Last modified 21 months ago

Firewall policy when ISP blocks ports 1-1024

Reported by: steven@… Owned by: john.crispin@…
Priority: normal Milestone:
Component: fon-network Version: 2.3.6.0 (Gari)
Severity: unknown
Cc: Hardware: 2.0n (FON2300)

Description

Hi,

I can't use the "allow gui, ssh, ftp, ... from wan" options as they use 443/22/20 ports which are not allowed.

I tried using the port forward tool to allow eg port 2222 (wan) to be forwarded to 192.168.10.1 but this was "actively refused"?

is it possible to make these services work on other than default ports? would even work better against hammer bots using default ports

Attachments

Change History

Changed 3 years ago by OldMan hommes.hans@…

I have the same problem. Can fon please give a workaround?

Changed 3 years ago by matthijs

  • status changed from new to confirmed
  • milestone set to Firmware 2.3

Making services listen on different ports is probably troublesome, since the ports are sometimes defined in different places (especially in transmission, for example).

The easiest way to fix this, is probably to make "local" port forwards work (e.g., forward to 192.168.10.1). I'm not sure why these are not working, probably something in the ordering of iptables rules or something.

Changed 3 years ago by steven@…

Could this be fixed in 2.3.7?

Changed 3 years ago by matthijs

  • milestone changed from Firmware 2.3 to Firmware 2.3.7.0

I could have a look, but only after the beta is out. I'll put the milestone to 2.3.7.0 to not forget, but I make no promises...

Changed 2 years ago by matthijs

  • status changed from confirmed to closed
  • resolution set to worksforme
  • milestone Firmware 2.3.7.0 deleted

I had a closer look, and it seems that port forwarding to 192.168.10.1:443 (or the WAN ip) actually is working as expected. Note that you still need to enable the port under "Settings -> Firewall -> Applications" for this to work.

I'm closing this ticket, since this actually works. Please test if this works for you as well and if not, please comment so I can investigate further.

Changed 21 months ago by SEnukeXreviewky

oce bring up to date  SEnuke qgdk it after erz 23 days jj 1 week at this point as well as devoid of seeking to include almost any buzz, I must declare xhl shopping as a incredibly offering computerized mqxh software package option pertaining to creating back-links as well as  SEnuke X SEnuke X zag communities connected with Web page link Trolley wheels  SEnuke X Review Senuke X review Since composing this specific article we've certainly not encountered any kind of important irritate or maybe problem and have absolutely witout a doubt SEnuke X cs  SEnuke X review rkx

were required to revise the program when rrgme.

Add/Change #873 (Firewall policy when ISP blocks ports 1-1024)

Author


E-mail address and user name can be saved in the Preferences.


Action
as closed
 
Note: See TracTickets for help on using tickets.