Hale's picture

I have a TKL-fileserver with firewall configured via webmin.

And rules are not applied after reboot. WORSE. Route everything kind of rule is applied by default. This is unacceptable! How did this happen?

Basically, I use TKL-fileserver as a simple DNS/NBT/DHCP/Proxy autoconfig in our lab. And as a redirector to some specific internet gateway, only for specified clients and ports.

 

But to my surprize, after rebooting, everyone got direct unrestricted access to the internet.

 

How can I fix this? I need rules to be executed on boot, and no routing applied efore the rules execution.

Forum: 
Jeremy Davis's picture

Although I'm not sure why you have a 'route everything rule' that applies where nothing else does... Like I said (in the subject) you'll need to tell it to (re)apply settings on boot. TurnKey (and Webmin) uses IPTables and by default IPTables requires that you have to set it to apply the settings on boot (and Webmin honours that default).

Hopefully that helps...

Hale's picture

Not exactly. To apply IPtables, there's a "Network" config in /etc/network in Symbian.

The problem is that it was not working.

I pinned the problem: "Act as router?" was enabled in network interface config in WebMin.

 

I am not sure what does it do, but it was clearing iptables completely.

 

However, after disabling this feature, firewall works, but routing does not work anymore via WebMin's firewall(IPtables) config.

 

How can I fix it?

 

==========

It seems for me that that thing uses iproutes2 to tweak kernel routes for transparrent routing, and cleans iptables rules. When it is turned off, there are just no chains in "mangle" and "nat" tables to route the traffic with iptables. Worse, DNS seems stopping responding, so I can not use even SQUID proxy on the same server (I don't know why).

How can I recreate normal router behaviour with "Webmin firewall" settings only? I mean, to forward all the local requests for the internet to other gateway in the same network (the same eth0) ?

 

Temporarily I made a script repopulating iptables again after webmin was started. But id does not seem correct because the firewall does not block anything during webmin startup.


Jeremy Davis's picture

TBH I have no idea. I have never used TurnKey (or even IPTables) as a router/firewall for a network. Theoretically I imagine that it should be possible but personally I've never bothers.

From your response it seems that you know tons more about this stuff than I do, so I doubt I can be of much help at all... Sorry

Add new comment