IPTables Rules
Home › Forums › Conduit: mLinux Model › IPTables Rules
- This topic has 4 replies, 2 voices, and was last updated 8 years, 6 months ago by Jeff Hatch.
-
AuthorPosts
-
November 16, 2015 at 2:16 am #10012Jonathan BrewerParticipant
Is there some documentation of the IPTables rules or other filtering going on with the Multitech Conduit? The device I have (with a LoRa modem) does not appear to respond to ICMP. Since flushing its IPTables rules it is no longer allowing SSH connections. It’d be excellent to have some documentation on how this works – searching the site and this forum for both ICMP and IPTables turns up no hints.
November 17, 2015 at 7:17 am #10014Jeff HatchKeymasterJonathan,
Which version of Conduit do you have (AEP or mLinux)? The AEP Conduit has a number of configuration items in the Web UI including HTTPS access for the UI, SSH access, response to ICMP Pings, etc. If it is the mLinux version, you will have to deal directly with IPTables itself.
On the AEP version I am sorry to say that the documentation for the firewall functionality is sparse, though it is essentially a simplified front-end for IPTables. This help has been enhanced for an upcoming release.
Jeff Hatch
November 18, 2015 at 12:53 am #10028Jonathan BrewerParticipantHi Jeff,
I’m working with a MTCDT-H5-210A Firmware 1.0.33. I have looked at the web interface. The firewall configuration menu only has options for TCP/UDP and ANY.
From the command line I’ve enabled ICMP echo response with:
# iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -d $router_ip -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
It would be excellent if in future firmware you always enable ICMP – or at least make it easy to enable in the web UI. Some support for IPv6 would also be appreciated.
Thanks,
Jon
- This reply was modified 8 years, 6 months ago by Jonathan Brewer. Reason: highlighted the code
- This reply was modified 8 years, 6 months ago by Jonathan Brewer.
November 18, 2015 at 1:08 am #10029Jonathan BrewerParticipantMaking those changes persistent should require:
# /usr/sbin/iptables-save
But in fact this script doesn’t make the rule change persist. 🙁
- This reply was modified 8 years, 6 months ago by Jonathan Brewer.
November 18, 2015 at 8:40 am #10036Jeff HatchKeymasterJonathan,
From the firmware version you stated, I am led to believe that you have an AEP Conduit. The 1.0.33 is the version of the latest AEP to be released. To enable ICMP responses on the AEP model and make that configuration persists you need to log in with the UI, go to the Access Configuration page. Then, under ICMP, check the enable box and check the “Via LAN” and/or “Via WAN” boxes depending if you want both LAN and WAN ping responses or not.
There is an “Advanced Settings” option on the Firewall->Settings page that will also give you much more IPTable “flexibility” with the rules you can create without having to go to the SSH command line.
Hope that helps,
Jeff Hatch
-
AuthorPosts
- You must be logged in to reply to this topic.