**** BEGIN LOGGING AT Fri Apr 16 03:00:02 2010
Apr 16 08:26:43 <ChrisPZV> hi there
Apr 16 08:28:32 <ChrisPZV> does anyone of you fon guys have a conclusion why that curious behavior concerning the "overwriting firewall rules" that kyros introduced yesterday?
Apr 16 08:28:51 <ChrisPZV> ...occurs?
Apr 16 08:30:12 <snufkin> hi
Apr 16 08:30:35 <ChrisPZV> or any idea, which process appends a rule that messes up the user rule from /etc/firewall.user to iptables?
Apr 16 08:30:38 <ChrisPZV> hi there
Apr 16 08:36:49 <ChrisPZV> hi kyros
Apr 16 08:36:51 <ChrisPZV> ;-)
Apr 16 08:37:24 <barbon> \o&
Apr 16 08:38:41 <blathijs> ChrisPZV: That's the issue mentioned on the mailing list, right?
Apr 16 08:38:59 <ChrisPZV> yes
Apr 16 08:39:24 <blathijs> Did adding the include to /etc/config/firewall help?
Apr 16 08:40:08 <ChrisPZV> didn't test it but im sure it won't 'cause firewall.user is executed for sure
Apr 16 08:40:35 <ChrisPZV> (i added a touch /tmp/file and it is there after reboot
Apr 16 08:40:36 <ChrisPZV> )
Apr 16 08:40:42 <blathijs> Ah, right.
Apr 16 08:42:35 <ChrisPZV> the rule is mentioned in the iptables -L also
Apr 16 08:42:42 <snufkin> can some one help me?
Apr 16 08:42:50 <blathijs> But it disappears after a while?
Apr 16 08:42:57 <blathijs> snufkin: Only if you ask a real question :-)
Apr 16 08:42:59 <snufkin> i have a problem with e220 and fonera 2.0n
Apr 16 08:43:04 <snufkin> ^)
Apr 16 08:43:06 <snufkin> :)
Apr 16 08:43:23 <snufkin> i connect it without usb hub
Apr 16 08:43:38 <snufkin> router can see it, but can not connect
Apr 16 08:43:50 <ChrisPZV> no it doesn't but there is a rule that accepts incomming traffic on the same port from register.fon.com (or so) some time later
Apr 16 08:44:20 <barbon> http://trac.fonosfera.org/fon-ng/ticket/653
Apr 16 08:45:22 <ChrisPZV> @snufkin: don't know what a e220 is and don't own a f2n, sorry
Apr 16 08:46:15 <blathijs> snufkin: It's a 3G modem thingy, I think?
Apr 16 08:48:06 <snufkin> Yes it is a 3G modem
Apr 16 08:48:19 <ChrisPZV> helloooo fon guys, anyone of here && reading?
Apr 16 08:49:18 <blathijs> ChrisPZV: Can you explain what happens from beginning to start? I can try to reproduce, then
Apr 16 08:49:43 <ChrisPZV> of course
Apr 16 08:49:52 <blathijs> ChrisPZV: Also, you should be aware that "registerlafonera.fon.com" is one of the hostnames that points to your own fonera
Apr 16 08:50:09 <blathijs> In fact, a reverse lookup of your fonera's IP address will probably yield that address
Apr 16 08:50:25 <blathijs> So you might want to use iptables -n to see addresses instead of hostnames
Apr 16 08:51:07 <ChrisPZV> install a webwerver like kyros introduced in the http://wiki.fon.com/wiki/F2_webserver and make it accessable from outside by adding the given line to /etc/firewall.user
Apr 16 08:51:59 <ChrisPZV> ah, interesting
Apr 16 08:52:34 <ChrisPZV> so the f2 adds a rule to iptables that allow access from itself??
Apr 16 08:53:27 <blathijs> Dunno. Can you pastebin the iptables output somewhere, that shows your problem?
Apr 16 08:53:39 <ChrisPZV> mom
Apr 16 08:54:03 <blathijs> You've still not explained what happens (and why you think it is wrong) after you've added the firewall.user line, though.
Apr 16 08:54:27 <blathijs> snufkin: Are you using the latest firmware (2.3.6.0 / Gari)?
Apr 16 08:55:01 <snufkin> blathijs: yes i upgraded it manually
Apr 16 08:59:56 <blathijs> snufkin: I don't really know how these 3G modems work, so I don't really know where to look
Apr 16 09:00:05 <ChrisPZV> sorry, busy...
Apr 16 09:00:35 <snufkin> ok, thanks!
Apr 16 09:01:59 <SkyNETbbs> @snufkin check out http://wiki.fon.com/wiki/3G-ISP-Mobile_Vikings
Apr 16 09:02:11 <SkyNETbbs> ssh to your box to get "more" then "dialin in"
Apr 16 09:02:15 <SkyNETbbs> and execute "logread"
Apr 16 09:02:41 <SkyNETbbs> compare with the wiki link which shows howit worked in a few firmware versions ago...
Apr 16 09:03:07 <SkyNETbbs> Btw I also have a Huawei E220... and it doesn't want to work anymore since 2.3.0 ... only get it working on a F2G with 2.2.4
Apr 16 09:03:36 <SkyNETbbs> the "mar 3" log is from 2009 :-)
Apr 16 09:09:12 <ChrisPZV> @blathijs: im sorry, can't get the lines, but let me explain how it ends
Apr 16 09:09:29 <blathijs> Eh, why not?
Apr 16 09:09:54 <ChrisPZV> when you restart f2g after webserver installation, it should show the pages on yours.dyndns.org:port
Apr 16 09:10:03 <ChrisPZV> but it doesn't
Apr 16 09:10:32 <ChrisPZV> this worked fine for a long time but now it does not
Apr 16 09:11:06 <ChrisPZV> maybe 'now' is since last update from FON... it seems they don't know too ;-)
Apr 16 09:11:19 <ChrisPZV> 'cause it's not on my box
Apr 16 09:11:22 <blathijs> You're running a custom build of 2.3.6 for the 2.0g?
Apr 16 09:11:28 <blathijs> Ah, right.
Apr 16 09:12:19 <ChrisPZV> but no, its a 2.2.6 (displayd as 2.2.5) on the f2g
Apr 16 09:12:33 <ChrisPZV> -but no
Apr 16 09:13:24 <blathijs> Ah, since Kyros mentioned the last 2.0n update in his email
Apr 16 09:13:40 <blathijs> It's Kyros' Fonera, then?
Apr 16 09:15:04 <blathijs> Hmm, I can't reproduce this right away, since I'm running in bridge mode (which doesn't have a WAN side with closed ports)
Apr 16 09:16:59 <ChrisPZV> yes it is
Apr 16 09:17:18 <ChrisPZV> i got the lines from my log...
Apr 16 09:17:20 <ChrisPZV> http://pastebin.com/5KDZRiCF
Apr 16 09:17:41 <ChrisPZV> consider the lines containing "8080"
Apr 16 09:18:15 <ChrisPZV> that one with register... is added from elsewhere some time later and seems to mess up the right way of the network packages
Apr 16 09:29:47 <blathijs> ChrisPZV: Did you use the iptables rule from the wiki page, that adds to the input_daemon chain? Because I don't see that rule in your outpt
Apr 16 09:35:10 <ChrisPZV> i don't know exactly but i would say the wiki line does end up with line 15 in this case
Apr 16 09:36:06 <ChrisPZV> i have to say that im not quiet familier with iptables and its capability to add own zones...
Apr 16 09:36:45 <ChrisPZV> familiar
Apr 16 09:37:17 <ChrisPZV> the ip of line 15 is the wan ip of the f2g
Apr 16 09:37:55 <blathijs> I can't really say anything useful right now. When kyros shows up again, I have some commands to run to find out more about what happens.
Apr 16 09:38:38 <ChrisPZV> so let me know these commands, may be i did it right know or know the answer
Apr 16 09:39:06 <blathijs> I'd like to know what is in /etc/firewall.user and /etc/config/firewall exactly
Apr 16 09:39:16 <blathijs> and the full output from "iptables -Ln" would also help
Apr 16 09:41:36 <ChrisPZV> may be this is interesting:
Apr 16 09:42:03 <ChrisPZV> config 'redirect' 	option 'src' 'wan' 	option 'proto' 'tcp' 	option 'dest_ip' '192.168.178.1' 	option 'src_dport' '8383' 	option 'dest_port' '8383'
Apr 16 09:42:21 <ChrisPZV> ( some lines from /etc/config/firewall
Apr 16 09:42:22 <ChrisPZV> )
Apr 16 09:43:08 <ChrisPZV> redirect incomes from port 8383 (the actual port the webserver is configured to use) to itself?
Apr 16 09:43:26 <ChrisPZV> i make a pastebin of that, momo
Apr 16 09:46:35 <ChrisPZV> http://pastebin.com/7mDpkuty
Apr 16 09:46:39 <ChrisPZV> here it is
Apr 16 09:49:38 <snufkin> SkyNETbbs: Thank i'll try to downgrade firmware to 2.2.4, thanks
Apr 16 09:50:13 <snufkin> SkyNETbbs: yesterday i try with 2.2.6 and it was the same, dailing in ... and nothing happens
Apr 16 09:52:24 <blathijs> ChrisPZV: I think that is a "forward" port configuration, perhaps that was done through the web interface?
Apr 16 09:52:48 <blathijs> ChrisPZV: Why is the webserver configured to use 8383, if you've talked about 8080 so far?
Apr 16 09:55:10 <ChrisPZV> it is for testing, my first guess was that there is another rule, that 'takes' the focus of that port, so i told kyros to configure the port to another one, but same behaviour
Apr 16 09:56:46 <blathijs> Ah, that makes sense, yes :-)
Apr 16 09:57:46 <ChrisPZV> thanks ;-)
Apr 16 09:59:22 <ChrisPZV> it only worked for some seconds, maybe a minute and then it turned to 'not working' (some times my browser got the bg-color but couldn't load more... --> points IMHO to a firewall problem
Apr 16 10:07:36 <ChrisPZV> @blathijs: what do you know about transmission? could it be, that it recognises the opened port and takes it for better transmission performane?
Apr 16 10:08:19 <blathijs> I don't expect so, but I don't know for sure
Apr 16 10:15:05 <ChrisPZV> me too
Apr 16 16:13:06 <iurgi> blathijs: hi
Apr 16 16:13:18 <barbon> iurgi ^^
Apr 16 16:13:24 <barbon> ò/////
Apr 16 16:13:30 <iurgi> hi barbon
Apr 16 16:13:51 <barbon> working hard?
Apr 16 16:14:44 <iurgi> really hard
Apr 16 16:19:17 <blathijs> ey iurgi
Apr 16 16:20:23 <barbon> iurgi i tryed to follow the admiral0
Apr 16 16:20:26 <barbon> istructions
Apr 16 16:20:36 <barbon> i have error when i try to execute this comand on ssh
Apr 16 16:20:44 <barbon> start dnsmasq
Apr 16 16:20:52 <barbon> it say "ip already in use"
Apr 16 16:21:07 <iurgi> this means dnsmasq is already running, probably
Apr 16 16:21:54 <barbon> mmm
Apr 16 16:22:12 <barbon> is not runing, because it not create the config file
Apr 16 16:22:28 <iurgi> weird
Apr 16 16:22:29 <barbon> it must be dhcp-host
Apr 16 16:22:37 <barbon> the name of file
Apr 16 16:24:43 <barbon> iurgi take a look
Apr 16 16:24:44 <barbon> http://pastebin.com/5pPUQnMv
Apr 16 16:26:29 <barbon> maybe you can find where i wrong :)
Apr 16 16:27:29 <blathijs> barbon: What does "ps aux" give?
Apr 16 16:27:42 <blathijs> barbon: And what command are you running exactly?
Apr 16 16:27:51 <barbon> start dnsmasq
Apr 16 16:28:21 <blathijs> Hmm, my 2.0n says: -ash: start: not found
Apr 16 16:28:55 <barbon> blat
Apr 16 16:29:02 <barbon> write only dnsmasq
Apr 16 16:30:12 <barbon> balthijs write only "dnsmasq"
Apr 16 16:31:43 <blathijs> barbon: dnsmasq is already running for me in bridge mode it seems
Apr 16 16:34:02 <blathijs> barbon: Do you have an /etc/ethers file?
Apr 16 16:34:08 <barbon> nope
Apr 16 16:34:21 <barbon> so what i have to do as next?
Apr 16 16:35:57 <blathijs> I'm looking
Apr 16 16:36:12 <blathijs> It seems dnsmasq is started with the -2 option, causing it to not do DHCP
Apr 16 16:39:38 <barbon> dnsmasq with dhcp, and without dhcp?
Apr 16 16:40:53 <blathijs> barbon: dnsmasq also runs DNS
Apr 16 16:41:23 <blathijs> barbon: Try changing the ignore option under the "lan" interface to "0" instead of "1" in /etc/config/dhcp
Apr 16 16:41:37 <blathijs>         option 'ignore' '1'
Apr 16 16:41:39 <blathijs> that one
Apr 16 16:42:16 <blathijs> and then restart the fonera, or run "killall dnsmasq" and wait for FonState to restart dnsmasq
Apr 16 16:52:50 <barbon> i dont have fon now
Apr 16 16:52:55 <barbon> you can try yourself?
Apr 16 16:53:21 <blathijs> bit busy right now
Apr 16 16:53:39 <blathijs> And I'll have two DHCP servers then, so that might become messy
Apr 16 16:54:13 <barbon> so i have to disable the first
Apr 16 16:57:45 <blathijs> barbon: For testing, it's probably better to enable DHCP on the Fonera and then plug into the fonera directly
Apr 16 16:58:00 <blathijs> (And unplug the fonera from your internet modem)
Apr 16 16:58:05 <barbon> yea
Apr 16 16:58:35 <blathijs> I've just checked, I think the Fonera should hand out the right IP adress range as well, no need to configure that manually.
Apr 16 16:59:27 <barbon> so just start it?
Apr 16 16:59:41 <blathijs> barbon: Hmm, it's a bit complicated. dnsmasq will probably refuse to start when another DHCP server is already active :-)
Apr 16 17:00:00 <barbon> the dhcp of main router
Apr 16 17:00:01 <barbon> i know
Apr 16 17:00:09 <barbon> i disable i
Apr 16 17:00:11 <barbon> it*
Apr 16 17:00:32 <blathijs> barbon: So you should plug in to the Fonera (get an IP address from your modem), unplug the Fonera from your modem, change the config, restart the Fonera, and then see what happens.
Apr 16 17:00:59 <blathijs> If you get an IP, you can plug in to your modem again and disable the DHCP server there and you should be set.
Apr 16 17:08:03 <barbon> so i have to change the ignore option under the "lan" interface to "0" instead of "1" in /etc/config/dhcp
Apr 16 17:08:12 <blathijs> yes
Apr 16 17:08:14 <barbon> is the only config that i have to do
Apr 16 17:08:16 <barbon> ?
Apr 16 17:08:20 <blathijs> Yup
Apr 16 17:08:26 <barbon> NICE
Apr 16 17:08:29 <barbon> ops
Apr 16 17:08:32 <barbon> sorry cap xD
Apr 16 17:08:41 <blathijs> At least, as far as I can see right now :-)
Apr 16 17:09:05 <blathijs> That one tells /etc/fonstate/RestartDnsmasq whether to start DHCP on the given interface
Apr 16 17:09:30 <blathijs> Stuff like the address range is automatically calculated from the ip address assigned
Apr 16 17:09:49 <barbon> so here i can config the ip assigned to mac?
Apr 16 17:10:31 <blathijs> I think that is done in /etc/ethers
Apr 16 17:10:34 <blathijs> Not sure about the format, though
Apr 16 17:11:01 <blathijs> But if you've configured some addresses before switching to bridge mode, perhaps there is already something in that file?
Apr 16 17:11:22 <barbon> dunno i have to test this when i am at home
Apr 16 17:11:38 <blathijs> Oh wait, it's in /etc/config/luci_ethers
Apr 16 17:16:49 <blathijs> I think it should look like this:
Apr 16 17:17:00 <blathijs> config 'static_lease' 'foo'
Apr 16 17:17:02 <blathijs>   option 'hostname' foo
Apr 16 17:17:08 <blathijs>   option 'macaddr' '00:00:..'
Apr 16 17:17:11 <blathijs>   option 'ipaddr' '192.168.1.102'
Apr 16 17:17:22 <blathijs> Where foo is the hostname
Apr 16 17:17:36 <blathijs> Not sure about the mac address format, though, you'll have to try a bit
Apr 16 17:17:57 <blathijs> Oh, and there should be quotes around foo in the option 'hostname' line
Apr 16 17:22:13 <barbon> this config will be autocreated?
Apr 16 17:26:26 <blathijs> You should create the luci_ethers file, which will then be converted to /tmp/dhcp_hosts automatically
Apr 16 17:34:33 <barbon> empy file with that name?
Apr 16 17:36:22 <blathijs> luci_ethers you mean?
Apr 16 17:56:42 <barbon> yea
Apr 16 19:30:48 <Barbon> mmm
Apr 16 19:34:12 <Barbon> i have disable dhcp
Apr 16 19:34:15 <Barbon> of my main router
Apr 16 19:36:05 <Barbon> how i have to config?
Apr 16 19:39:23 <Barbon> iurgi y here?
Apr 16 19:42:43 <Barbon> somesone can post
Apr 16 19:42:50 <Barbon> the histroy chat
Apr 16 19:42:55 <Barbon> about blatijs?
Apr 16 19:42:56 <Barbon> please'
Apr 16 19:42:58 <Barbon> xD
Apr 16 19:44:14 <Barbon> i need only the last rows that he says
Apr 16 19:57:54 <blathijs> He should have prepared for this :-)
Apr 16 19:58:29 <blathijs> If he shows up again, do point him at http://logs.nslu2-linux.org/livelogs/fonosfera.txt
Apr 16 21:04:33 <Barbon> the router was fucked again
Apr 16 21:04:34 <Barbon> >_>
Apr 16 21:44:22 <blathijs> Barbon: http://logs.nslu2-linux.org/livelogs/fonosfera.txt
Apr 16 21:44:36 <blathijs> Barbon: You should bookmark that :-)
Apr 16 22:30:53 * blathijs is off to bed
Apr 16 22:31:01 <blathijs> Barbon: Let me know if it works :-)
Apr 16 22:42:00 <Barbon> i have follow
Apr 16 22:42:04 <Barbon> your path :(
**** ENDING LOGGING AT Sat Apr 17 02:59:56 2010