**** BEGIN LOGGING AT Wed Jun 23 02:59:56 2010
Jun 23 11:14:29 <giuseppeg88> blathijs: hi!
Jun 23 11:14:35 <blathijs> hey giuseppeg88
Jun 23 11:14:40 <giuseppeg88> I may have solved that problem of security...
Jun 23 11:14:46 <blathijs> do tell
Jun 23 11:14:54 <giuseppeg88> with two commands:
Jun 23 11:15:25 <giuseppeg88> iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
Jun 23 11:15:27 <giuseppeg88> iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 3 -j DROP
Jun 23 11:18:20 <giuseppeg88> it is strange that the lock does not work just by itself... instead in the Fonera 2.0g, I don't need to give these commands: why is already working
Jun 23 11:19:02 <blathijs> Yeah, there should be rules for this already
Jun 23 11:20:17 <blathijs> But it seems the rules aren't present in my 2.0n either (they should be in the input_daemon chain)
Jun 23 11:21:23 <blathijs> Oh wait, I don't have external SSH enabled it seems
Jun 23 11:22:34 <giuseppeg88> lol
Jun 23 11:23:05 <blathijs> Hmm, now I do get the rules
Jun 23 11:23:44 <blathijs> giuseppeg88: Could you see what "iptables -n -v -L input_daemon" gives you on a clean boot (so without the manual iptables commands)?
Jun 23 11:23:55 <giuseppeg88> I can try rebooting the fonera (so it forgets these commands) and can I do iptables-L to see if there is this rule... ok?
Jun 23 11:24:04 <giuseppeg88> ok
Jun 23 11:24:46 <blathijs> exactly :-)
Jun 23 11:27:15 <barbon> giuseppeg88
Jun 23 11:27:24 <barbon> you are italian?
Jun 23 11:27:30 <giuseppeg88> http://paste-it.net/public/oed47c2/
Jun 23 11:27:36 <giuseppeg88> barbon: yes!
Jun 23 11:27:47 <barbon> you play wow right?
Jun 23 11:28:40 <giuseppeg88> no ;-)
Jun 23 11:29:03 <barbon> because i have thinked that you are the same giuseppe88 of another server
Jun 23 11:29:05 <barbon> xD
Jun 23 11:29:12 <giuseppeg88> ahahah
Jun 23 11:29:46 <barbon> also have a fonera 1.0
Jun 23 11:29:50 <barbon> so  :P
Jun 23 11:30:34 <giuseppeg88>  in the past I played sporadically with cod4
Jun 23 11:31:02 <barbon> lol
Jun 23 11:32:57 <giuseppeg88> blathijs: did you see what I sent?
Jun 23 11:33:17 <blathijs> giuseppeg88: Yeah, but I don't know why it wouldn't be working :-)
Jun 23 11:34:01 <blathijs> giuseppeg88: Perhaps it is working, but these rules had been somehow disappeared earlier?
Jun 23 11:35:05 <giuseppeg88> blathijs: I have neither added to or taken from the rules lately ...
Jun 23 11:36:17 <barbon> what are you speaking about?
Jun 23 11:36:49 <giuseppeg88> blathijs: did you try with your fonera?
Jun 23 11:37:23 <giuseppeg88> barbon: http://logs.nslu2-linux.org/livelogs/fonosfera-prev.txt
Jun 23 11:39:02 <giuseppeg88> now I have to go to lunch ... see you later!
Jun 23 11:39:18 <blathijs> giuseppeg88: Perhaps some firewall reload went wrong and missed a few rules, dunno
Jun 23 11:39:41 <blathijs> giuseppeg88: I'll see what mine does (but I do remember it working, since I regularly locked myself out :-p)
Jun 23 11:39:54 <barbon> http://trac.fonosfera.org/fon-ng/ticket/516
Jun 23 11:39:58 <blathijs> barbon: We're talking about the SSH hammer protection, that didn't seem to be working for giuseppeg88 yesterday
Jun 23 11:42:58 <barbon> ok
Jun 23 12:18:04 <amanullang> hello blathijs..
Jun 23 12:27:00 <blathijs> hey amanullang
Jun 23 12:27:11 <blathijs> I'm off for lunch, brb
Jun 23 12:43:05 <blathijs> back :-)
Jun 23 12:44:33 <amanullang> so..
Jun 23 12:45:17 <amanullang> what about my firmware...any progress?
Jun 23 12:49:08 <blathijs> amanullang: I'm talking to blogic right now
Jun 23 12:49:30 <blathijs> amanullang: Do you know if you can configure a PIN code for your 3G modem?
Jun 23 12:53:22 <amanullang> but,theres is no pin
Jun 23 12:55:37 <blathijs> But if you would have a SIM card with a PIN, could you set it somewhere (in Windows for example?)
Jun 23 12:56:19 <amanullang> yess...but i dont put any pin right now...should i?
Jun 23 12:59:54 <blathijs> amanullang: If you could try, just any pin will do. And then copy the Windows modem log again, like you did before?
Jun 23 13:03:30 <amanullang> do you mean i should make my own PIN?
Jun 23 13:05:22 <blathijs> yes, I want to see how the Windows driver sends the PIN to your modem, even if it is incorrect
Jun 23 13:08:00 <amanullang> ok
Jun 23 13:17:57 <amanullang> blathijs
Jun 23 13:18:03 <amanullang> i'm forgot how to make it..
Jun 23 13:18:08 <amanullang> can you tell me again?
Jun 23 13:18:20 <blathijs> Let me find the link
Jun 23 13:19:37 <blathijs> amanullang: http://support.microsoft.com/kb/162694
Jun 23 13:45:30 <amanullang> blathijs
Jun 23 13:45:34 <amanullang> http://pastebin.com/DrK5tCCt
Jun 23 13:46:06 <amanullang> i've got a problem when connecting modem to fonera too
Jun 23 13:46:39 <amanullang> i have to waiting the fonera on stabil and then plug in my modem
Jun 23 13:46:46 <amanullang> then connected
Jun 23 13:48:18 <blathijs> Hmm, there's no mention ofthe PIN in the log. So the driver perhaps sends the PIN before logging or something. Thanks for checking!
Jun 23 13:48:35 <blathijs> amanullang: You mean that it doesn't work when the modem is plugged in on startup?
Jun 23 13:48:47 <amanullang> yes
Jun 23 13:49:00 <amanullang> i have to make the fonera on first
Jun 23 13:49:10 <amanullang> and wait til stable
Jun 23 13:49:28 <amanullang> and the plug in my modem
Jun 23 13:50:09 <blathijs> I have a hunch why that might be
Jun 23 13:50:21 <blathijs> Hold on, I'll give you a file for testing in a minute
Jun 23 13:50:29 <amanullang> ok
Jun 23 13:50:31 <amanullang> anyway
Jun 23 13:50:49 <amanullang> i've a problem when make pin to this modem
Jun 23 13:51:16 <amanullang> the modem cant connect when there is a pin
Jun 23 13:51:38 <blathijs> You can just remove the PIN again, it was just for testing
Jun 23 13:51:38 <amanullang> then i should disable the pin first toconnecting the modem with fonera
Jun 23 13:51:44 <amanullang> ok
Jun 23 14:23:20 <blathijs> amanullang: Could you put www.stdout.nl/fon/fonstated in /sbin, reboot your Fonera with the 3G modem connected and give me a logread?
Jun 23 14:24:40 <amanullang> i dont get it
Jun 23 14:25:00 <amanullang> oohh...ok
Jun 23 14:29:08 <amanullang_> http://pastebin.com/EGep1NTp
Jun 23 14:29:20 <amanullang_> blathijs...
Jun 23 14:37:00 <amanullang_> blathijs?
Jun 23 14:37:23 <blathijs> amanullang_: Ah, I thought you had quit again :-)
Jun 23 14:37:35 <blathijs> amanullang_: From the log, it looks like it should have been connected normally
Jun 23 14:37:44 <amanullang_> yess
Jun 23 14:37:46 <blathijs> Could it be that it breaks only sometimes
Jun 23 14:37:47 <blathijs> ?
Jun 23 14:38:09 <amanullang_> its normal...for rebooting then connected
Jun 23 14:38:20 <amanullang_> normal now
Jun 23 14:38:29 <amanullang_> dont know later
Jun 23 14:39:15 <amanullang_> what about the PIN thing?
Jun 23 14:39:46 <blathijs> huh?
Jun 23 14:39:55 <blathijs> What did you mean with this then?
Jun 23 14:39:58 <blathijs> 15:49:00 < amanullang> i have to make the fonera on first
Jun 23 14:39:59 <blathijs> 15:49:10 < amanullang> and wait til stable
Jun 23 14:40:01 <blathijs> 15:49:28 < amanullang> and the plug in my modem
Jun 23 14:40:47 <amanullang_> ok
Jun 23 14:41:46 <blathijs> that was a question :-)
Jun 23 14:42:18 <amanullang_> sometimes i get dc too..and need to refresh the browser first
Jun 23 14:42:32 <blathijs> dc?
Jun 23 14:42:38 <blathijs> disconnected?
Jun 23 14:42:39 <amanullang_> disconnect
Jun 23 14:42:42 <amanullang_> yup
Jun 23 14:42:49 <blathijs> hmkay
Jun 23 14:47:01 <amanullang_> do you know what is the problem?
Jun 23 14:51:24 <amanullang_> other things...what about 'usb hub',how should fix the problem?
Jun 23 14:53:18 <amanullang_> blathijs...brb
Jun 23 14:57:13 <amanullang_> blathijs?
Jun 23 17:22:34 <giuseppeg88> blathijs: hi!
Jun 23 17:22:58 <giuseppeg88> blathijs: I saw the ticket
Jun 23 17:23:31 <blathijs> giuseppeg88: Are you running bridge mode? :-)
Jun 23 17:23:43 <giuseppeg88> yes
Jun 23 17:23:49 <blathijs> then there's the problem :-)
Jun 23 17:24:22 <giuseppeg88> understood...
Jun 23 17:25:49 <giuseppeg88> but beyond this problem, what is wrong in the firewall when the Fonera is in bridge mode?
Jun 23 17:26:45 <giuseppeg88> temporarily (to block attacks outside), going well the two commands I wrote this morning?
Jun 23 17:29:09 <blathijs> giuseppeg88: Adding those lines to /etc/firewall.fon is probably fine
Jun 23 17:29:31 <blathijs> might be a while before we fix this problem, though, we might need to rethink bridge mode a bit
Jun 23 17:31:18 <giuseppeg88> what do you mean by "we might need to rethink bridge mode a bit"?
Jun 23 17:34:48 <blathijs> giuseppeg88: It's currently implemented using the hardware switch configuration, we're considering using kernel bridging instead
Jun 23 17:36:31 <giuseppeg88> this would lead improvements?
Jun 23 17:37:24 <blathijs> also, the firewall configuration now puts every netwerk interface in a single zone (wan, lan, hotspot), but that doesn't apply for bridge mode exactly
Jun 23 17:37:46 <blathijs> it would make the code a bit cleaner, hopefully making it easier to get things like firewalling right
Jun 23 17:41:32 <giuseppeg88> ok, I now everything is clear ... thanks for the info!
Jun 23 17:41:59 <blathijs> np
Jun 23 17:42:37 <giuseppeg88> ops! I now everything is clear -- > now everything is clear to me
Jun 23 17:50:53 <blathijs> hehe
Jun 23 17:52:09 <giuseppeg88> blathijs: last question (I do not know if it is a question by dummy ;-) ): this could lead to greater use of the CPU?
Jun 23 18:03:31 <blathijs> I don't really think so
Jun 23 18:03:48 <blathijs> perhaps a bit, though
Jun 23 18:04:43 <blathijs> but the MyPlace <-> LAN connection is a kernel bridge already, so he stuff is loaded anyway
Jun 23 18:07:31 <giuseppeg88> ok!
**** ENDING LOGGING AT Thu Jun 24 02:59:58 2010