DMZ, loopback web access and dnsmasq problems

[ispyisail]

I just tried telnet on port 23 and it refused the connection. This was the expected result

[nicram]

Putty on port 223 worked well.
I try telnet on port 80 to see if it will at least connect with HTTP server on my laptop. If there will be connection available (bcoz no web browser on the router).

Well now i upgraded

Code: Select all

uname -a
Linux berlin 2.6.32.27 #15 Thu Dec 22 17:43:50 NZDT 2011 mips GNU/Linux

From GUI window:
Gargoyle Version:1.5.X (Built 20111222-0422 git@98f1300)
Device Configuration:Gateway
Memory Usage:13.3MB / 28.8MB (46.4%)
Connections:18/4096 

And the dnsmasq errors do not appear anymore in logread, but still i can't call myself using external IP to load the site served by my laptop.
Also trying to connect from outside do not work (#links myexetrnalip = connection refused). My laptop use DHCP with static IP 192.168.1.108, and i setup DMZ for 192.168.1.108. Remote web administration for gargoyle is turned off, and i changed local remote port to 9090.

There is my config in attachment.

Update info abour ports:
I changes SSH ports to 223, i use remote and local access to SSH,
i changed web admin port to 9090, left 443, remote web managment isn;t enabled,
i use telnet to try to connect with HTTP server n my laptop, using externel IP i get with PPPoE connection, i dnot try to telnet with command line on port 80
Web server on my laptop works on port 80, that is why i use DMZ for it.

[ispyisail]

I'm still a little confused

Why are you trying to telnet on port 80 to your web server on your notebook?

Which device are you trying to connect from?

[nicram]

I'm still a little confused

Why are you trying to telnet on port 80 to your web server on your notebook?

Which device are you trying to connect from?

I'm trying only to know if it's possible to connect. To check if port 80 is available/workin. No other reason. I'm trying to do it from router itself.

Sometimes i use telnet on port 80 as most fast and most simple method to check if some port is opened and if connection can be achieved. It's more simple than install web browser to only know if something work or not.

for example:

Code: Select all

~# telnet www.gargoyle-router.com 80
HEAD / HTTP/1.0

HTTP/1.1 301 Moved Permanently
Server: '; DROP TABLE servertypes; --
Date: Sat, 24 Dec 2011 11:30:16 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.3.2
Location: http://www.gargoyle-router.com/
Set-Cookie: phpbb3_iktzz_u=1; expires=Sun, 23-Dec-2012 11:30:16 GMT; path=/; domain=.gargoyle-router.com; HttpOnly
Set-Cookie: phpbb3_iktzz_k=; expires=Sun, 23-Dec-2012 11:30:16 GMT; path=/; domain=.gargoyle-router.com; HttpOnly
Set-Cookie: phpbb3_iktzz_sid=3bdb5ba94b3281a5850d73069e38f645; expires=Sun, 23-Dec-2012 11:30:16 GMT; path=/; domain=.gargoyle-router.com; HttpOnly

Connection closed by foreign host

A little update.
Just checked logread again, some errors that appeared:

Code: Select all

Dec 24 22:03:37 berlin daemon.err miniupnpd[1731]: ioctl(s, SIOCGIFADDR, ...): Cannot assign requested address
Dec 24 22:03:37 berlin daemon.err miniupnpd[1731]: Failed to get IP for interface eth0.2
Dec 24 22:07:11 berlin daemon.err miniupnpd[1731]: ioctl(s, SIOCGIFADDR, ...): Cannot assign requested address
Dec 24 22:07:11 berlin daemon.err miniupnpd[1731]: ioctl(s, SIOCGIFADDR, ...): Cannot assign requested address
Dec 24 22:07:11 berlin daemon.err miniupnpd[1731]: ioctl(s, SIOCGIFADDR, ...): Cannot assign requested address
Dec 24 22:07:11 berlin daemon.err miniupnpd[1731]: ioctl(s, SIOCGIFADDR, ...): Cannot assign requested address
Dec 24 22:07:11 berlin daemon.err miniupnpd[1731]: ioctl(s, SIOCGIFADDR, ...): Cannot assign requested address
Dec 24 22:07:11 berlin daemon.err miniupnpd[1731]: ioctl(s, SIOCGIFADDR, ...): Cannot assign requested address
Dec 24 22:07:15 berlin daemon.err miniupnpd[1731]: ioctl(s, SIOCGIFADDR, ...): Cannot assign requested address
Dec 24 22:07:15 berlin daemon.err miniupnpd[1731]: ioctl(s, SIOCGIFADDR, ...): Cannot assign requested address
Dec 24 22:07:17 berlin daemon.err miniupnpd[1731]: ioctl(s, SIOCGIFADDR, ...): Cannot assign requested address
Dec 24 22:07:17 berlin daemon.err miniupnpd[1731]: ioctl(s, SIOCGIFADDR, ...): Cannot assign requested address
Dec 24 22:07:53 berlin daemon.err miniupnpd[1731]: ioctl(s, SIOCGIFADDR, ...): Cannot assign requested address
Dec 24 22:07:53 berlin daemon.err miniupnpd[1731]: Failed to get IP for interface eth0.2

Dec 24 22:16:25 berlin daemon.err miniupnpd[1731]: ioctl(s, SIOCGIFADDR, ...): Cannot assign requested address
Dec 24 22:16:25 berlin daemon.err miniupnpd[1731]: Failed to get IP for interface eth0.2

Dec 24 22:17:49 berlin user.err kernel: ath: Failed to stop TX DMA, queues=0x004!
Dec 24 22:21:01 berlin cron.err crond[3335]: USER root pid 9432 cmd /usr/bin/set_kernel_timezone >/dev/null 2>&1

Dec 24 22:46:25 berlin daemon.err miniupnpd[1731]: ioctl(s, SIOCGIFADDR, ...): Cannot assign requested address
Dec 24 22:46:25 berlin daemon.err miniupnpd[1731]: Failed to get IP for interface eth0.2

Dec 24 22:48:01 berlin user.err kernel: ath: Failed to stop TX DMA, queues=0x004!

[mix]

DMZ, loopback, and non standard web ports. It doesn't surprise me one bit this isn't working the way you think it should. The reality is, you need to view the iptables rules you have created by enabling these options if you want to figure this out. In fact, you ultimately may need to just create your own iptables rules to accomplish what you are trying to do, and negate from using the web interface entirely.

[nicram]

DMZ, loopback, and non standard web ports. It doesn't surprise me one bit this isn't working the way you think it should. The reality is, you need to view the iptables rules you have created by enabling these options if you want to figure this out. In fact, you ultimately may need to just create your own iptables rules to accomplish what you are trying to do, and negate from using the web interface entirely.

Hello mix, thank You for reply Well You have just negate the sense of makin GUI for router administration DMZ isn't hard thing, it is just all ports TCP/UDP redirection from external IP onto internal one that i select. From point of view of my works with OpenBSD it would be 1 line. But i didn't work with iptables for years now, and i'm quiet sure, they expand it in Linux way (which i never liked because of bloat), and this is why i would like to use GUI. Learning Linux is like learning medicine book about new drug, that after few months will be outdated and not value anymore, so i try to skip this Loopback is also something simple, like doing thing on the same machine, with it's all IP's (including those that are used for it as external by some NAT/DMZ/BiNAT...). It have nothing to do over GUI configuration. Also non standard ports are something not even strange. Really, what it have to do with being hard? It's just port that is used by some deamon to listen on. I do not know why You things such simple operations may need to be done by hand. Those are fundamental, almost basic functions of any kind of wifi router. Really, my old WRT54GL got all of this running just fine for few years, with uptime reset only when power was down.

Some new informations about the problem:
I have a lot of problems on the network last day (my family came for christmas and new computers connected by wifi). By default when i setup WPA-PSK it use TKIP, and there was problem because it disconnected some computers many times every few seconds, so most of the time some computer were try to connect instead of working. So today i changed it to WPA2-PSK (it use AES this time, both case i didn;t have possibility to change what i want by GUI), and no problem with deauth of wireless computer, but dnsmasq error came back. What is more funny, DMZ started to work (so i can access website on my laptop from anywhere in the world). But loopback connection (my external IP inside web browser address) on my laptop still do not work.

[ispyisail]

Some new informations about the problem:
I have a lot of problems on the network last day (my family came for christmas and new computers connected by wifi). By default when i setup WPA-PSK it use TKIP, and there was problem because it disconnected some computers many times every few seconds, so most of the time some computer were try to connect instead of working. So today i changed it to WPA2-PSK (it use AES this time, both case i didn;t have possibility to change what i want by GUI), and no problem with deauth of wireless computer, but dnsmasq error came back. What is more funny, DMZ started to work (so i can access website on my laptop from anywhere in the world). But loopback connection (my external IP inside web browser address) on my laptop still do not work.

Thanks for the feed back

I do not know why You things such simple operations may need to be done by hand. Those are fundamental, almost basic functions of any kind of wifi router.

It must be remembered that this is an open source project made by volunteers. I would suggest that if you have the skills the polite thing to do would to be have a deeper look at this yourself and hopefully find a fix that could be pushed out.

I would suggest that it is unlikely that Eric will look deeply at this unless this feature/bug has a large/"more than one" user base?

But who knows?

Thanks for the report

[nicram]

Yes, this is what i try to do now, but it's hard for me to find some good documentation of all things inside. It is new environment for me, and it may take some time to understand everything how and why it's workin, but it must be possible:) Well i will give more info if i will find some solutions or understand something more from inside. Thanks for help

[ispyisail]

Thanks

[nicram]

I'm not sure if i understand it well.
1st i updated to 1.5.2, i setup wpa2-psk from gui.
In the shell i find:

Code: Select all

daemon.warn dnsmasq-dhcp[4287]: DHCP packet received on eth0.2 which has no address

So i checked /etc/config/network.
If i understand correctly

config 'interface' 'wan'
option 'ifname' 'eth0.2' - interface where dnsmasq trying to do something???
option 'proto' 'pppoe'
option 'username' 'xxx'
option 'password' 'xxx'
option 'keepalive' '3 5'

So i checked the /etc/config/dhcp. I found there:

Code: Select all

config 'dhcp' 'wan'
        option 'interface' 'wan'
        option 'ignore' '1'

But it uses eth0.2, so it should theoretically ignore it, but it do not. To solve it i try this:

Code: Select all

config 'dnsmasq'
        list 'notinterface' 'eth0.2'
        ...

I just add this nointerface line in 'dnsmasq' section on the top, and now no dnsmasq errors in logread!

I do not know if it's good solution, but it works for me, and because i use eth0.2 as my wan port, do not need dnsmasq work there. Or maybe it should work there because it doing something more than serving DHCP?

Well i will try to solve another problem, but this one is now gone