KTorrent:
Timeout occurred
Authentication to 83.67.97.121 : failure
Connection closed
DHT: Sending ping response
Authentication to 142.59.43.45 : ok
Authentication to 89.120.136.146 : failure
Authentication to 89.120.136.146 : failure
Timeout occurred
Authentication to 89.136.88.23 : failure
Timeout occurred
Authentication to 88.158.3.30 : failure
Timeout occurred
Authentication to 88.218.13.161 : failure
Timeout occurred
Authentication to 128.194.39.224 : failure
Timeout occurred
Authentication to 72.76.251.124 : failure
Timeout occurred
Authentication to 81.104.151.142 : failure
Timeout occurred
Authentication to 195.113.189.218 : failure
Timeout occurred
Authentication to 71.192.190.8 : failure
Timeout occurred
Authentication to 71.192.190.8 : failure
Timeout occurred
Authentication to 213.10.85.190 : failure
Chunk 6967 downloaded
Props to #openwrt especially thepeople, bartman, and mdm for helping me get my 850G on OpenWRT. DD-WRT wouldn't cut it.
I will be writing a small guide once I am finished with my configuration.
Presently, it seems portforwarding is not quite working.
-bash-2.05b$ ssh -l root -v ****no.ip.info
OpenSSH_4.3, OpenSSL 0.9.7g 11 Apr 2005
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to *******[75.40.***.**] port 22.
debug1: connect to address 75.40.***.*** port 22: Connection refused
ssh: connect to host ********* port 22: Connection refused
-bash-2.05b$ telnet stlpcsolutions.no-ip.info 10001
Trying 75.40.62.85..
(refused)
-bash-2.05b$ telnet stlpcsolutions.no-ip.info 10003
Trying 75.40.62.85...
(refused)
Followed these instructions for my firewall setup:
http://wiki.openwrt.org/SimpleFirewall
This is the odd message I recieve:
root@OpenWrt:/etc# . /etc/init.d/S35firewall restart
/etc/fwlib.sh: 18: interface: not found
/etc/firewall.user: 6: -j: not found
/etc/firewall.user: 6: -j: not found
/etc/firewall.user: 7: -j: not found
/etc/firewall.user: 7: -j: not found
FORWARDING 113 TO doug (192.168.0.107)
/etc/firewall.user: 21: -j: not found
/etc/firewall.user: 21: -d: not found
FORWARDING 10001:10100 TO doug (192.168.0.107)
/etc/firewall.user: 25: -j: not found
/etc/firewall.user: 25: -d: not found
iptables v1.3.3: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
/etc/firewall.user: 33: ACCEPT: not found
iptables v1.3.3: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
/etc/firewall.user: 33: ACCEPT: not found
root@OpenWrt:/etc# cat firewall.user
#!/bin/sh
. /etc/fwlib.sh
flush_firewall
### Ports accessible on the router from the WAN
allow_tcp_port 22 # SSH
allow_tcp_port 465 # HTTPS
### Ports accessible from specific hosts to the router from the WAN
# allow_tcp_port_fromhost 80 remote_access # HTTP
# allow_tcp_port_fromhost 22 remote_access
### Ports accessible to client machines.
# forward_port 22 server
#forward_port 10001:10100 doug
### if we really need _all_ ports...
# register_dmz server
# forward workstation port for application development
forward_port 113 doug
# forward a few utility port-ranges to make it easier to deal with
# bittorrent configurations and the like
forward_port 10001:10100 doug
# forward_port 10100:10199 laptop1
# forward_port 10200:10299 laptop2
### Translate port for client machines.
# translate_port 8080 printer_01 80
### Trusted hosts, full access to router
trusted_host doug
/etc/hosts
127.0.0.1 localhost OpenWrt
192.168.0.107 doug
root@OpenWrt:/etc# cat fwlib.sh
#!/bin/sh
. /etc/functions.sh
WAN=$(nvram get wan_ifname)
LAN=$(nvram get lan_ifname)
flush_firewall () {
iptables -F input_rule
iptables -F output_rule
iptables -F forwarding_rule
iptables -t nat -F prerouting_rule
iptables -t nat -F postrouting_rule
}
### BIG FAT DISCLAIMER
### The "-i $WAN" literally means packets that came in over the $WAN
interface;
### this WILL NOT MATCH packets sent from the LAN to the WAN address.
allow_tcp_port () {
ALLOWPORT=$1
iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport $ALLOWPORT
-j ACCEPT
iptables -A input_rule -i $WAN -p tcp --dport $ALLOWPORT
-j ACCEPT
}
allow_tcp_port_fromhost () {
ALLOWPORT=$1
ALLOWHOSTNAME=$2
ALLOWHOST=`sucky_resolve $ALLOWHOSTNAME`
echo "Allowing tcp from $ALLOWHOSTNAME to port $ALLOWPORT"
iptables -t nat -A prerouting_rule -i $WAN -p tcp -s $ALLOWHOST
--dport $ALLOWPORT -j ACCEPT
iptables -A input_rule -i $WAN -p tcp -s $ALLOWHOST
--dport $ALLOWPORT -j ACCEPT
}
sucky_resolve () {
HOSTNAME=$1
###
grep $HOSTNAME /etc/hosts | awk '{ print $1 }'
}
forward_port() {
ALLOWPORT=$1
ALLOWHOSTNAME=$2
ALLOWHOST=`sucky_resolve $ALLOWHOSTNAME`
echo "FORWARDING $ALLOWPORT TO $ALLOWHOSTNAME ($ALLOWHOST)"
iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport $ALLOWPORT
-j DNAT --to $ALLOWHOST
iptables -A forwarding_rule -i $WAN -p tcp --dport $ALLOWPORT
-d $ALLOWHOST -j ACCEPT
}
translate_port() {
ALLOWPORT=$1
ALLOWHOSTNAME=$2
ALLOWHOSTPORT=$3
ALLOWHOST=`sucky_resolve $ALLOWHOSTNAME`
echo "TRANSLATING $ALLOWPORT TO $ALLOWHOSTNAME
($ALLOWHOST:$ALLOWHOSTPORT)"
iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport $ALLOWPORT
-j DNAT --to $ALLOWHOST:$ALLOWHOSTPORT
iptables -A forwarding_rule -i $WAN -p tcp --dport
$ALLOWHOSTPORT -d $ALLOWHOST -j ACCEPT
}
trusted_host (){
ALLOWHOSTNAME=$1
TRUSTEDHOST=`sucky_resolve $ALLOWHOSTNAME`
iptables -t nat -A prerouting_rule -i $WAN -p tcp -s $TRUSTEDHOST -j
ACCEPT
iptables -A input_rule -i $WAN -p tcp -s $TRUSTEDHOST -j
ACCEPT
}
Finally:
[b]root@OpenWrt:/etc# iptables -L[b/]
Chain INPUT (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP tcp -- anywhere anywhere tcp option=!2 flags:SYN/SYN
input_rule all -- anywhere anywhere
LAN_ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT gre -- anywhere anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
forwarding_rule all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain LAN_ACCEPT (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
output_rule all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain forward_ppp0 (1 references)
target prot opt source destination
Chain forwarding_rule (1 references)
target prot opt source destination
tcp -- anywhere anywhere tcp dpt:113
tcp -- anywhere anywhere tcp dpts:10001:10100
forward_ppp0 all -- anywhere anywhere
Chain input_ppp0 (1 references)
target prot opt source destination
Chain input_rule (1 references)
target prot opt source destination
tcp -- anywhere anywhere tcp dpt:22
tcp -- anywhere anywhere tcp dpt:465
input_ppp0 all -- anywhere anywhere
Chain output_rule (1 references)
target prot opt source destination
Starting nmap 3.55 ( http://www.insecure.org/nmap/ ) at 2006-11-29 21:30 CST
Interesting ports on *** (75.40.***.***):
(The 1650 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
1080/tcp filtered socks
3128/tcp filtered squid-http
6588/tcp filtered analogx
8081/tcp filtered blackice-icecap
Nmap run completed -- 1 IP address (1 host up) scanned in 5.598 seconds
*Port Sentry is running*
Thanks Guys!
(Last edited by MayorSlay on 30 Nov 2006, 19:00)