IPTables Rules

Home Forums Conduit: mLinux Model IPTables Rules

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • November 16, 2015 at 2:16 am #10012
    Jonathan Brewer
    Participant

    Is there some documentation of the IPTables rules or other filtering going on with the Multitech Conduit? The device I have (with a LoRa modem) does not appear to respond to ICMP. Since flushing its IPTables rules it is no longer allowing SSH connections. It’d be excellent to have some documentation on how this works – searching the site and this forum for both ICMP and IPTables turns up no hints.

    November 17, 2015 at 7:17 am #10014
    Jeff Hatch
    Keymaster

    Jonathan,

    Which version of Conduit do you have (AEP or mLinux)? The AEP Conduit has a number of configuration items in the Web UI including HTTPS access for the UI, SSH access, response to ICMP Pings, etc. If it is the mLinux version, you will have to deal directly with IPTables itself.

    On the AEP version I am sorry to say that the documentation for the firewall functionality is sparse, though it is essentially a simplified front-end for IPTables. This help has been enhanced for an upcoming release.

    Jeff Hatch

    November 18, 2015 at 12:53 am #10028
    Jonathan Brewer
    Participant

    Hi Jeff,

    I’m working with a MTCDT-H5-210A Firmware 1.0.33. I have looked at the web interface. The firewall configuration menu only has options for TCP/UDP and ANY.

    From the command line I’ve enabled ICMP echo response with:

    # iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -d $router_ip -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

    It would be excellent if in future firmware you always enable ICMP – or at least make it easy to enable in the web UI. Some support for IPv6 would also be appreciated.

    Thanks,

    Jon

    • This reply was modified 9 years, 4 months ago by Jonathan Brewer. Reason: highlighted the code
    • This reply was modified 9 years, 4 months ago by Jonathan Brewer.
    November 18, 2015 at 1:08 am #10029
    Jonathan Brewer
    Participant

    Making those changes persistent should require:

    # /usr/sbin/iptables-save

    But in fact this script doesn’t make the rule change persist. 🙁

    November 18, 2015 at 8:40 am #10036
    Jeff Hatch
    Keymaster

    Jonathan,

    From the firmware version you stated, I am led to believe that you have an AEP Conduit. The 1.0.33 is the version of the latest AEP to be released. To enable ICMP responses on the AEP model and make that configuration persists you need to log in with the UI, go to the Access Configuration page. Then, under ICMP, check the enable box and check the “Via LAN” and/or “Via WAN” boxes depending if you want both LAN and WAN ping responses or not.

    There is an “Advanced Settings” option on the Firewall->Settings page that will also give you much more IPTable “flexibility” with the rules you can create without having to go to the SSH command line.

    Hope that helps,

    Jeff Hatch

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.