[clug] Firewall settings on NetGear modem/router?
Hal Ashburner
hal.ashburner at gmail.com
Sun Jun 28 04:21:43 GMT 2009
Felix Karpfen wrote:
>>
>> At times like these I really, really, really like being able to ssh into
>> my router and then interrogate it just like any other linux machine
>> because that's what it is.
>>
>
> I believe that the NetGear router gives that possibility. Below is what
> I got. I hope that it tells you what you wanted.
>
Assuming the netgear is running vxworks then it does not give you the
possibility of treating it like a linux machine.
# iptables --list
on a linux machine tells you all about your firewall settings. I can run
this on my router as it's a linux machine. You can't if you aren't
running linux on your router. Some people say running command line stuff
isn't user friendly and that's a valid opinion. I find it extremely
friendly to be able to know *exactly* what is going on very fast without
it being hidden behind some magic friendly user interface that hides the
actual diganosis. YMMV - but it's a point that is sometimes lost on the
whirlpool people who may not like, use, or have any desire to deal with
command lines.
> ROUTING tABLE
>
> Destination Mask Gateway Metric Active
> 10.20.x.x 255.255.255.255 0.0.0.0 0 Yes
> 192.168.0.0 255.255.255.0 0.0.0.0 0 Yes
> 127.0.0.0 255.255.0.0 0.0.0.0 0 Yes
> 239.0.0.0 255.0.0.0 0.0.0.0 0 Yes
> 0.0.0.0 0.0.0.0 10.20.x.x 0 Yes
>
Usually not a bad idea to obfuscate your actual ip address in public. If
someone knows more about it than me I'd be pleased to hear their thoughts.
> Router Status
>
looks fine
>
> LAN Port
>
looks fine
> Modem
>
looks fine
>
>
> Test ping - from command-line:
> ==============================
>
> [felixk@ ~]$ ping 203.12.160.35
> PING 203.12.160.35 (203.12.160.35) 56(84) bytes of data.
>
> --- 203.12.160.35 ping statistics ---
> 26 packets transmitted, 0 received, 100% packet loss, time 25008ms
>
> ------
>
> Also - for good measure - the output of "dhclient eth0:
>
>
> [root at carrot ~]# dhclient eth0
> Internet Software Consortium DHCP Client 2.0pl5
> Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium.
> All rights reserved.
>
> Please contribute if you find this software useful.
> For info, please visit http://www.isc.org/dhcp-contrib.html
>
> sit0: unknown hardware address type 776 ??
> sit0: unknown hardware address type 776 ??
> Listening on LPF/eth0/00:0e:a6:7a:d9:45
> Sending on LPF/eth0/00:0e:a6:7a:d9:45
> Sending on Socket/fallback/fallback-net
> DHCPREQUEST on eth0 to 255.255.255.255 port 67
> DHCPACK from 192.168.0.1
> IOCADDRT: File exists
> bound to 192.168.0.2 -- renewal in 129600 seconds.
> -----
>
> I hope that this provides "grist for the mills" and thank all who are
> taking an interest in my woes.
>
Still need you to know the configuration of your _desktop_ machine so
that can be eliminated as the source of trouble before digging through
arcane router firewall documentation. I still don't know whether your
desktop machine is using the router as a gateway or is blocking things
with it's own firewall.
Please run these on your _desktop_ machine.
# ifconfig -a
# route
# cat /resolv.conf
- these check that your router's dhcp server gave eth0 the right info.
It's pretty unlikely that it didn't but let's "check it's plugged in"
# iptables --list
- highly likely that the firewall on your desktop machine is causing you
trouble. But if we eliminate it then we can isolate the problem at the
router.
Hal
More information about the linux
mailing list