|
光猫是:贝尔E140WP,
碰到的问题是:光猫获得ipv6下发成功,内网也能分配ipv6,但是光猫内置的防火墙太严了,只出不进。而且ipv6层面防火墙连配置页面都没有,不像ipv4防火墙,还有虚拟主机啦,dmz啦,等几个页面能够配置。本来就想ipv6都有了,再也不用内网穿透了,可以直接从外网(比如手机4g连入内网服务,用ipv6+ddns)直接访问内网ipv6地址了,可惜这防火墙太碍事。但是也不敢全部关闭。万一有人恶意扫描端口可挡不住。
结果:希望直接在光猫ipv6防火墙上直接开一条或者多条规则。
研究了一天,终于用telnet登陆了光猫控制台。进linuxshell。ip6tables命令列出目前的配置,看了一下,看不懂,似乎forward链上有哪条规则在起作用,挡掉了进站数据?!
哪位老师请看看,即使手工加规则,该如何写?
# ip6tables
ip6tables v1.4.16.3: no command specified
Try `ip6tables -h' or 'ip6tables --help' for more information.
# ip6tables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
in_mcast all anywhere anywhere
in_anti_scan all anywhere anywhere
in_anti_dos all anywhere anywhere
in_app all anywhere anywhere
in_ip_filter_in all anywhere anywhere
in_acl all anywhere anywhere
in_firewall all anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
fwd_url_ctl tcp anywhere anywhere tcp flags:FIN,SYN,RST/NONE
fwd_anti_dos all anywhere anywhere
fwd_mcast all anywhere anywhere
fwd_virtual_server all anywhere anywhere
fwd_app all anywhere anywhere
fwd_ip_filter_in all anywhere anywhere
fwd_ip_filter_out all anywhere anywhere
fwd_firewall all anywhere anywhere
fwd_wan_conn all anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fwd_anti_dos (1 references)
target prot opt source destination
Chain fwd_app (1 references)
target prot opt source destination
Chain fwd_firewall (1 references)
target prot opt source destination
ACCEPT all anywhere anywhere state RELATED,ESTABLISHED
LOG tcp anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 6/hour burst 5 LOG level alert prefix "Intrusion -> "
DROP all anywhere anywhere
Chain fwd_ip_filter_in (1 references)
target prot opt source destination
Chain fwd_ip_filter_out (1 references)
target prot opt source destination
Chain fwd_mcast (1 references)
target prot opt source destination
Chain fwd_url_ctl (1 references)
target prot opt source destination
Chain fwd_url_filter (0 references)
target prot opt source destination
Chain fwd_virtual_server (1 references)
target prot opt source destination
Chain fwd_wan_conn (1 references)
target prot opt source destination
TCPMSS tcp anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
Chain in_acl (1 references)
target prot opt source destination
DROP tcp anywhere anywhere tcp dpt:ftp
DROP udp anywhere anywhere udp dpt:tftp
DROP udp anywhere anywhere udp dpt:snmp
Chain in_anti_dos (1 references)
target prot opt source destination
Chain in_anti_dos_syn (0 references)
target prot opt source destination
Chain in_anti_scan (1 references)
target prot opt source destination
Chain in_app (1 references)
target prot opt source destination
ACCEPT tcp anywhere anywhere tcp dpt:auth
ACCEPT tcp anywhere anywhere tcp dpt:546
ACCEPT udp anywhere anywhere udp dpt:546
DROP tcp anywhere anywhere tcp dpt:2021
DROP udp anywhere anywhere udp dpt:2021
DROP tcp anywhere anywhere tcp dpt:1976
DROP udp anywhere anywhere udp dpt:1976
Chain in_firewall (1 references)
target prot opt source destination
ACCEPT icmpv6 anywhere anywhere ipv6-icmp neighbour-advertisement
ACCEPT icmpv6 anywhere anywhere ipv6-icmp neighbour-solicitation
ACCEPT icmpv6 anywhere anywhere ipv6-icmp router-solicitation
ACCEPT udp anywhere anywhere udp dpt:546
ACCEPT tcp anywhere anywhere tcp dpt:546
ACCEPT all anywhere anywhere state RELATED,ESTABLISHED
LOG tcp anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 6/hour burst 5 LOG level alert prefix "Intrusion -> "
DROP udp anywhere anywhere udp dpt:domain
DROP all anywhere anywhere
DROP udp anywhere anywhere udp dpt:546
DROP tcp anywhere anywhere tcp dpt:546
Chain in_ip_filter_in (1 references)
target prot opt source destination
Chain in_mcast (1 references)
target prot opt source destination
#
|
|