Distant access through cellular connection
Home › Forums › Conduit: AEP Model › Distant access through cellular connection
- This topic has 10 replies, 3 voices, and was last updated 8 years, 2 months ago by
Julien DEV.
-
AuthorPosts
-
February 16, 2017 at 10:20 am #17243
Julien DEV
ParticipantHi,
I have to connect to my Conduit AEP through the cellular connection.
– On Setup/Network Interfaces, I have ppp0 with ip address
– On Setup/WAN, ppp0 is enabled
– I haven’t DDNS
– In Firewall, I added Rule to accept ANY source and destination (for test)
– In Administration/Access configuration, I checked all “Via WAN”
but when I ping her, I receive “Request timeout” and it’s impossible to access to html admin page.Can you tell me what I forgot
Thanks for your help.February 16, 2017 at 10:44 am #17246Jeff Hatch
KeymasterJulien,
Did you save and restart after making your changes? Also, is PPP your only WAN, and is it the highest priority in Setup->WAN? Does your SIM have a static public IP?
Jeff
February 16, 2017 at 10:58 am #17250ParticipantHi Jeff,
Yes I save and Restart after all config test.
In Setup/WAN, Eth0 is disabled and PPP is first priority and enabled.
I dont have static public IP but I test with the new IP after restart.February 16, 2017 at 12:23 pm #17255KeymasterJulien,
Just want to make sure: Is the dynamic IP you get a public IP?
Jeff
February 17, 2017 at 1:15 am #17282ParticipantJeff,
My French Operator (Orange) confirmed that the IP is public.
ThxFebruary 17, 2017 at 2:15 am #17283ParticipantCould you telle me if you see any problèmes in my configuration plz ?
February 17, 2017 at 8:26 am #17289KeymasterJulien,
Usually the forward rules are meant for traffic going through the device, and not to the device. I am not sure what the effect of those rules will be. Could you do an “iptables -L” and an “iptables -t nat -L” and post that output. It may be a rule ordering problem with the new rules you added.
When you enabled “Via WAN” and saved and restarted that created rules for the services you enabled “Via WAN” automatically, so you should be able to access the Web UI if that was enabled.
Can you ping your PPP public IP when the device is up and running?
Jeff
February 17, 2017 at 8:58 am #17292Steve Kovarik
ModeratorJulien
Thanks for the screen shot. [10.47.137.30 is private dynamic]
The IP Address assigned to the Conduit by the cellular carrier is a
private dynamic IP address that is being firewalled by the cellular
carrier. To get to the Conduit remotely, you would need to work with the
cellular carrier to assign the Conduit a public IP Address that is
accessible from the Internet. Or in other words, tell the cellular carrier
you need a SIM card capable of “mobile terminated data”.-Best Regards
February 17, 2017 at 9:05 am #17293Participantiptables -L give me :
admin@mtcdt:~# iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ICMP_LIMIT all -- anywhere anywhere KEEP_STATE_INPUT all -- anywhere anywhere BLACKLIST all -- anywhere anywhere DOS_PREVENTION all -- anywhere anywhere DNS_SERVER_INPUT all -- anywhere anywhere DHCP_SERVER_INPUT all -- anywhere anywhere DHCP_CLIENT_INPUT all -- anywhere anywhere HTTP_LAN_INPUT all -- anywhere anywhere HTTP_WAN_INPUT all -- anywhere anywhere HTTPS_LAN_INPUT all -- anywhere anywhere HTTPS_WAN_INPUT all -- anywhere anywhere NODERED_LAN_INPUT all -- anywhere anywhere NODERED_WAN_INPUT all -- anywhere anywhere SSH_LAN_INPUT all -- anywhere anywhere SSH_WAN_INPUT all -- anywhere anywhere ICMP_WAN_INPUT all -- anywhere anywhere ICMP_LAN_INPUT all -- anywhere anywhere USER_INPUT all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination KEEP_STATE_FORWARD all -- anywhere anywhere TUNNEL_FORWARD all -- anywhere anywhere USER_FORWARD all -- anywhere anywhere LAN_FORWARD all -- anywhere anywhere Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere KEEP_STATE_OUTPUT all -- anywhere anywhere BLACKLIST all -- anywhere anywhere DNS_OUTPUT all -- anywhere anywhere DHCP_SERVER_OUTPUT all -- anywhere anywhere DHCP_CLIENT_OUTPUT all -- anywhere anywhere WAN_MANAGEMENT_OUTPUT all -- anywhere anywhere ICMP_OUTPUT all -- anywhere anywhere USER_OUTPUT all -- anywhere anywhere Chain BLACKLIST (2 references) target prot opt source destination Chain DDNS_OUTPUT (0 references) target prot opt source destination Chain DHCP_CLIENT_INPUT (1 references) target prot opt source destination ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc Chain DHCP_CLIENT_OUTPUT (1 references) target prot opt source destination ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc Chain DHCP_SERVER_INPUT (1 references) target prot opt source destination ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc Chain DHCP_SERVER_OUTPUT (1 references) target prot opt source destination ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc Chain DNS_OUTPUT (1 references) target prot opt source destination ACCEPT udp -- anywhere anywhere udp spts:1024:65535 dpt:domain Chain DNS_SERVER_INPUT (1 references) target prot opt source destination ACCEPT udp -- anywhere anywhere udp spts:1024:65535 dpt:domain Chain DOS_PREVENTION (1 references) target prot opt source destination RETURN tcp -- anywhere anywhere state NEW limit: avg 1/sec burst 100 LOG tcp -- anywhere anywhere state NEW limit: avg 1/sec burst 100 LOG level warning prefix "iptables: [DoS DROP] " DROP tcp -- anywhere anywhere state NEW Chain GPS_CLIENT_OUTPUT (0 references) target prot opt source destination Chain GPS_SERVER_INPUT (0 references) target prot opt source destination Chain HTTPS_LAN_INPUT (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:https Chain HTTPS_WAN_INPUT (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:https Chain HTTP_LAN_INPUT (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:http Chain HTTP_WAN_INPUT (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:http Chain ICMP_LAN_INPUT (1 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere Chain ICMP_LIMIT (1 references) target prot opt source destination RETURN icmp -- anywhere anywhere limit: avg 10/sec burst 30 LOG icmp -- anywhere anywhere limit: avg 10/sec burst 30 LOG level warning prefix "iptables: [ICMP DROP] " DROP icmp -- anywhere anywhere Chain ICMP_OUTPUT (1 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere Chain ICMP_WAN_INPUT (1 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere Chain IPSEC_INPUT (0 references) target prot opt source destination Chain IPSEC_OUTPUT (0 references) target prot opt source destination Chain IP_PIPES_INPUT (0 references) target prot opt source destination Chain IP_PIPES_OUTPUT (0 references) target prot opt source destination Chain KEEP_STATE_FORWARD (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED Chain KEEP_STATE_INPUT (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED Chain KEEP_STATE_OUTPUT (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED Chain LAN_FORWARD (1 references) target prot opt source destination ACCEPT all -- 192.168.2.0/24 anywhere Chain LOG_FORWARD (0 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 2/min burst 5 LOG level warning prefix "iptables: [FWD DROP] " DROP all -- anywhere anywhere Chain LOG_INPUT (0 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 2/min burst 5 LOG level warning prefix "iptables: [IN DROP] " DROP all -- anywhere anywhere Chain LOG_OUTPUT (0 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 2/min burst 5 LOG level warning prefix "iptables: [OUT DROP] " DROP all -- anywhere anywhere Chain NETBIOS_INPUT (0 references) target prot opt source destination Chain NETBIOS_OUTPUT (0 references) target prot opt source destination Chain NODERED_LAN_INPUT (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:1880 Chain NODERED_WAN_INPUT (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:1880 Chain PPP_KEEP_ALIVE_OUTPUT (0 references) target prot opt source destination Chain REMOTE_MNGT_OUTPUT (0 references) target prot opt source destination Chain SMTP_OUTPUT (0 references) target prot opt source destination Chain SNTP (0 references) target prot opt source destination Chain SSH_LAN_INPUT (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ssh Chain SSH_WAN_INPUT (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ssh Chain SYSLOG_OUTPUT (0 references) target prot opt source destination Chain TELAUTO_OUTPUT (0 references) target prot opt source destination Chain TUNNELING (0 references) target prot opt source destination Chain TUNNEL_FORWARD (1 references) target prot opt source destination Chain USER_FORWARD (1 references) target prot opt source destination ACCEPT tcp -- anywhere 192.168.2.1 tcp dpt:http ACCEPT udp -- anywhere 192.168.2.1 udp dpt:http ACCEPT tcp -- anywhere 192.168.2.1 tcp dpt:https ACCEPT udp -- anywhere 192.168.2.1 udp dpt:https Chain USER_INPUT (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpts:1024:65535 ACCEPT udp -- anywhere anywhere udp dpts:1024:65535 Chain USER_OUTPUT (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain WAN_MANAGEMENT_OUTPUT (1 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere ACCEPT icmp -- anywhere anywhereand iptables -t nat -L :
admin@mtcdt:~# iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination USER_PREROUTE all -- anywhere anywhere LOOPBACK_PREROUTE all -- anywhere anywhere Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination USER_POSTROUTE all -- anywhere anywhere LOOPBACK_POSTROUTE all -- anywhere anywhere MTR_POSTROUTE all -- anywhere anywhere WAN_MASQ_POSTROUTE all -- anywhere anywhere Chain LOG_DNAT (0 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 2/min burst 5 LOG level warning prefix "iptables: [PRE ACCEPT] " Chain LOG_SNAT (0 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 2/min burst 5 LOG level warning prefix "iptables: [POST ACCEPT] " Chain LOOPBACK_POSTROUTE (1 references) target prot opt source destination Chain LOOPBACK_PREROUTE (1 references) target prot opt source destination Chain MTR_POSTROUTE (1 references) target prot opt source destination Chain USER_POSTROUTE (1 references) target prot opt source destination Chain USER_PREROUTE (1 references) target prot opt source destination Chain WAN_MASQ_POSTROUTE (1 references) target prot opt source destination MASQUERADE all -- anywhere anywhereFebruary 17, 2017 at 9:10 am #17294ParticipantHi Steve,
I will recontact the cellular carrier because he told me that the ip had to be accessible.
I’ll keep you informedThanks.
February 17, 2017 at 10:46 am #17314ParticipantSteve,
Finally your are right.A new Support Specialist of my cellular carrier confirm me that the used APN is not compatible with distant access.
We have to increase our plan for that it works.Thank you very much Steve and Jeff.
-
AuthorPosts
- You must be logged in to reply to this topic.