Tornar o roteador doméstico acessível via Internet

0

Configuração:

Eu fiz login em um roteador Huawei usando o ssh. É um sistema busybox com cinzas. As ferramentas disponíveis são ifconfig, iptables e algumas outras.

O que eu quero fazer:

Disponibilizando todas as portas (http, ssh, telnet, etc.) para a Internet.

# iptables -L --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    REJECT     tcp  --  anywhere             anywhere            tcp dpt:113 reject-with tcp-reset 
2    ACCEPT     all  --  anywhere             anywhere            
3    INPUT_DOSFLT  all  --  anywhere             anywhere            
4    INPUT_SERVICE_ACL  all  --  anywhere             anywhere            
5    INPUT_URLFLT  all  --  anywhere             anywhere            
6    INPUT_SERVICE  all  --  anywhere             anywhere            
7    SPI_FILTER  all  --  anywhere             anywhere            
8    INPUT_FIREWALL  all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    FWD_DOSFLT  all  --  anywhere             anywhere            
2    FWD_MACFLT  all  --  anywhere             anywhere            
3    FWD_URLFLT  all  --  anywhere             anywhere            
4    FWD_IPFLT  all  --  anywhere             anywhere            
5    FWD_NATSERVICE  all  --  anywhere             anywhere            
6    FWD_SERVICE  all  --  anywhere             anywhere            
7    SPI_FILTER  all  --  anywhere             anywhere            
8    FWD_FIREWALL  all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    SPI_FILTER  all  --  anywhere             anywhere            
2    ACCEPT     all  --  anywhere             anywhere            
3    OUTPUT_DOSFLT  all  --  anywhere             anywhere            

Chain ACC_FLT (0 references)
num  target     prot opt source               destination         

Chain DMZ_FLT (1 references)
num  target     prot opt source               destination         

Chain FWD_DOSFLT (1 references)
num  target     prot opt source               destination         
1    syn_flood  tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/SYN 
2    ping_flood  icmp --  anywhere             anywhere            icmp echo-request 

Chain FWD_FIREWALL (1 references)
num  target     prot opt source               destination         

Chain FWD_IPFLT (1 references)
num  target     prot opt source               destination         

Chain FWD_MACFLT (1 references)
num  target     prot opt source               destination         

Chain FWD_NATSERVICE (1 references)
num  target     prot opt source               destination         
1    PORTMAP_FLT  all  --  anywhere             anywhere            
2    UPNP_PORTMAP  all  --  anywhere             anywhere            
3    DMZ_FLT    all  --  anywhere             anywhere            

Chain FWD_SERVICE (1 references)
num  target     prot opt source               destination         
1    ACCEPT     udp  --  anywhere             anywhere            multiport ports 53,67,68,80,443 
2    ACCEPT     tcp  --  anywhere             anywhere            multiport ports 53,67,68,80,443 
3    ACCEPT     udp  --  anywhere             anywhere            multiport ports 143,110,25 
4    ACCEPT     tcp  --  anywhere             anywhere            multiport ports 143,110,25 
5    ACCEPT     udp  --  anywhere             anywhere            multiport ports 21,115,23 
6    ACCEPT     tcp  --  anywhere             anywhere            multiport ports 21,115,23 
7    ACCEPT     icmp --  anywhere             anywhere            

Chain FWD_URLFLT (1 references)
num  target     prot opt source               destination         

Chain FWFLT_NULL (0 references)
num  target     prot opt source               destination         

Chain INPUT_DOSFLT (1 references)
num  target     prot opt source               destination         
1    syn_flood  tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/SYN 
2    ping_flood  icmp --  anywhere             anywhere            icmp echo-request 

Chain INPUT_FIREWALL (1 references)
num  target     prot opt source               destination         
1    DROP       all  --  anywhere             anywhere            
2    DROP       tcp  --  anywhere             anywhere            tcp dpt:23 
3    DROP       tcp  --  anywhere             anywhere            tcp dpt:8081 
4    DROP       all  --  anywhere             anywhere            

Chain INPUT_SERVICE (1 references)
num  target     prot opt source               destination         
1    ACCEPT     udp  --  anywhere             anywhere            multiport ports 53,67,68 
2    DROP       tcp  --  anywhere             anywhere            multiport dports 631 
3    DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,ACK/SYN 
4    ACCEPT     udp  --  anywhere             anywhere            udp dpt:500 
5    ACCEPT     udp  --  anywhere             anywhere            udp dpt:4500 
6    ACCEPT     esp  --  anywhere             anywhere            
7    ACCEPT     udp  --  anywhere             anywhere            udp dpts:67:68 
8    ACCEPT     udp  --  anywhere             anywhere            udp dpt:6050 
9    ACCEPT     udp  --  anywhere             anywhere            udp dpt:0 
10   ACCEPT     udp  --  anywhere             anywhere            udp dpts:50000:50020 

Chain INPUT_SERVICE_ACL (1 references)
num  target     prot opt source               destination         
1    ACCEPT     all  --  anywhere             anywhere            
2    ACCEPT     icmp --  anywhere             anywhere            

Chain INPUT_URLFLT (1 references)
num  target     prot opt source               destination         
1    ACCEPT     udp  --  anywhere             anywhere            udp dpt:53 dns_flt match homerouter.cpe 

Chain IPFLT_BLACKTABLE (0 references)
num  target     prot opt source               destination         

Chain IPFLT_WHITETABLE (0 references)
num  target     prot opt source               destination         

Chain MACFLT_BLACKTABLE (0 references)
num  target     prot opt source               destination         

Chain MACFLT_WHITETABLE (0 references)
num  target     prot opt source               destination         

Chain OUTPUT_DOSFLT (1 references)
num  target     prot opt source               destination         

Chain PORTMAP_FLT (1 references)
num  target     prot opt source               destination         
1    ACCEPT     tcp  --  anywhere             192.168.1.2         tcp dpt:22 

Chain SPI_FILTER (3 references)
num  target     prot opt source               destination         
1    DROP       all  --  anywhere             anywhere            state INVALID 
2    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 

Chain UPNP_PORTMAP (1 references)
num  target     prot opt source               destination         

Chain URLFLT_BLACKTABLE (0 references)
num  target     prot opt source               destination         

Chain URLFLT_WHITETABLE (0 references)
num  target     prot opt source               destination         

Chain ping_flood (2 references)
num  target     prot opt source               destination         
1    RETURN     all  --  anywhere             anywhere            limit: avg 100/sec burst 150 
2    DROP       all  --  anywhere             anywhere            

Chain syn_flood (2 references)
num  target     prot opt source               destination         
1    RETURN     all  --  anywhere             anywhere            limit: avg 100/sec burst 150 
2    DROP       all  --  anywhere             anywhere 
    
por linuscl 03.11.2016 / 18:27

0 respostas