Hello All!
Is there a firewall of any type installed by default ?
I have a BBS system used as a back up for my main systems on the pi but it is not rceiving incoming broadband polls. The pi i address has been changed to that of the main system so that the router is passing requests to it (I assume) but that is it.
The system does allow for SSH and VNC via the Pi confiuration tool and I can poll out.
Vince
Nope.
I do not understand what you are saying here. "The pi i address has been changed to that of the main system"
Can you please state what are the IP addresses and default route (ifconfig -a, route) on the Pi, and what the IP addresses are on the broadband router? e.g. here..
$ ifconfig -a lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 1000 (Local Loopback) RX packets 2 bytes 160 (160.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 2 bytes 160 (160.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4163 mtu 1500 inet 192.168.0.200 netmask 255.255.255.0 broadcast 192.168.0.255 inet6 fe80::965f:b869:38ac:5d65 prefixlen 64 scopeid 0x20 ether b8:27:eb:a6:48:7b txqueuelen 1000 (Ethernet) RX packets 6061376 bytes 3183238813 (2.9 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 3139603 bytes 372156616 (354.9 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
and
$ route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 192.168.0.254 0.0.0.0 UG 302 0 0 wlan0
192.168.0.0 0.0.0.0 255.255.255.0 U 302 0 0 wlan0In general if you wish a machine inside a typical NAT broadband router to accept incoming connections from the internet you will need to make it a static IP address and configure the ROUTER for pass thru or DMZ operation. Or you can play with Upnp but I hate it
$ more /etc/dhcpcd.conf # A sample configuration for dhcpcd. # See dhcpcd.conf(5) for details.
# Allow users of this group to interact with dhcpcd via the control socket. #controlgroup wheel
# Inform the DHCP server of our hostname for DDNS. hostname
# Use the hardware address of the interface for the Client ID. clientid # or # Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361. # Some non-RFC compliant DHCP servers do not reply with this set. # In this case, comment out duid and enable clientid above. #duid
# Persist interface configuration when dhcpcd exits. persistent
# Rapid commit support. # Safe to enable by default because it requires the equivalent option set # on the server to actually work. option rapid_commit
# A list of options to request from the DHCP server. option domain_name_servers, domain_name, domain_search, host_name option classless_static_routes # Most distributions have NTP support. option ntp_servers # Respect the network MTU. This is applied to DHCP routes. option interface_mtu
# A ServerID is required by RFC2131. require dhcp_server_identifier
# Generate Stable Private IPv6 Addresses instead of hardware based ones slaac private
interface wlan0 static ip_address=192.168.0.200 static routers=192.168.0.254 static domain_name_servers=192.168.0.100
# Example static IP configuration: #interface eth0 #static ip_address=192.168.0.10/24 #static ip6_address=fd51:42f8:caae:d92e::ff/64 #static routers=192.168.0.1 #static domain_name_servers=192.168.0.1 8.8.8.8 fd51:42f8:caae:d92e::1
# It is possible to fall back to a static IP if DHCP fails: # define static profile #profile static_eth0 #static ip_address=192.168.1.23/24 #static routers=192.168.1.1 #static domain_name_servers=192.168.1.1
# fallback to static profile on eth0 #interface eth0 #fallback static_eth0
Configuring the router to port forward depends on the router: it will be an option on its configuratiuon to pass traic on - say - its port 80 through to the Raspberry PI IP address port 80.
Poll?
-- Any fool can believe in principles - and most of them do!
On Wed, 08 May 2019 12:21:21 +1300, snipped-for-privacy@f1.n50.z2.binkp.net (Vince Coen) declaimed the following:
Not by default, but it is recommended to install/activate it for a machine used as a server.
What do you mean by "poll"? To most of us "poll" means a periodic check for activity ("polling loop" in code, for example). The closest user network activity would be running PING.
I'm presuming a character dropout, and "pi i address" was supposed to be "pi ip address".
Unless your internal nodes have static WAN IP addresses, changing the LAN private IP address probably won't help -- it depends upon the router configuration. Most routers are performing NAT translation (they maintain a table of LAN IP/port# WAN IP/port#, and change packet headers as they go through the router). If the router passthrough scheme uses internal host names, changing LAN IP addresses doesn't change the name, the router still passes traffic to the address the name is associated with.
NAT systems are an inherent firewall -- one has to specify external port numbers from which connections will be accepted, and the internal host to which they should be sent (normally the translation table gets populated only by internal requests making connections to external addresses, and any external packet coming in that does not have a mapping will be dropped). Depending upon router, that internal host may be either a private LAN IP address OR a hostname on the LAN -- on my U-verse router, the firewall - NAT/Gaming page lists my RPi server by hostname and service/port. So... on my router, even if the LAN IP address gets changed, the router still sends incoming HTTP traffic to the RPi.
-- Wulfraed Dennis Lee Bieber AF6VN wlfraed@ix.netcom.com
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.