[Olsr-users] Query about OpenWRT-specific firewall settings preferred for SmartGateway

Teco Boot (spam-protected)
Tue Oct 22 21:02:59 CEST 2013 

I use:
   iptables -t mangle -A POSTROUTING -o tnl_+ -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1440

This applies to output chain also.

Teco

Op 22 okt. 2013, om 19:19 heeft Ben West <(spam-protected)> het volgende geschreven:

> Hi Teco,
> 
> Thank you for the response.  I have indeed been looking for examples of current iptables syntax for TCPMSS appropriate to the default chains set up by OpenWRT (of which there are many).
> 
> Besides the chain named "FORWARD," as suggested in README-Olsr-Extensions, OpenWRT also has the chains "forward," and "forwarding_wan," "zone_wan_forward," et al.     If anyone else on this list has such an iptables rule working on OpenWRT AA, do certainly feel free to chime in.
> 
> Also, I believe I was able to answer my own question.  The olsrd.init file presently packaged with OpenWRT does now include the two iptables rules listed on the Freifunk wiki page for use with SmartGateway option.
> 
> https://github.com/openwrt-routing/packages/blob/master/olsrd/files/olsrd.init
> 
> 
> 
> On Tue, Oct 22, 2013 at 12:02 AM, Teco Boot <(spam-protected)> wrote:
> The firewall filter could be needed if a catch_all DROP rule in forward chain exists.
> I don't understand the masquerade. Maybe something with rp_filter.
> Don't forget TCPMSS.
> 
> Teco
> 
> 
> This could have to do with rpfilter.
> 
> Op 21 okt. 2013, om 19:07 heeft Ben West <(spam-protected)> het volgende geschreven:
> 
> > Hello,
> >
> > I happened upon this 2-year-old page on the Freifunk wiki listing (in German) preferred firewall settings to use with the SmartGateway plugin:
> >
> > http://wiki.freifunk.net/index.php?title=OLSR/SmartGateway
> >
> > Are these suggested firewall settings still valid for OpenWRT?
> >
> > The info provided in README-Olsr-Extensions is a bit more vague about suggested firewall / iptables setup for SmartGateway, i.e. to accommodate diverse linux distros.
> >
> >
> > --
> > Ben West
> > http://gowasabi.net
> > (spam-protected)
> > 314-246-9434
> > --
> > Olsr-users mailing list
> > (spam-protected)
> > https://lists.olsr.org/mailman/listinfo/olsr-users
> 
> 
> --
> Olsr-users mailing list
> (spam-protected)
> https://lists.olsr.org/mailman/listinfo/olsr-users
> 
> 
> 
> -- 
> Ben West
> http://gowasabi.net
> (spam-protected)
> 314-246-9434

More information about the Olsr-users mailing list