[fli4l] Kein Internetzugan?==?utf-8?Q?g der Clients

w01xpro at t-online.de w01xpro at t-online.de
Mi Aug 9 15:22:55 CEST 2017 

Hallo zusammen,

was mache ich noch falsch bei meiner Konfiguration eines
Fli4l_UMTS-Routers ?  :blush: 

Folgendes funktioniert schon:

Zugang der Clients via Web-Interface zum Fli4l-Router.

Ping auf die externe IP des Fli4l-Router ist auch möglich.

Erfolgreiche Einwahl ins WWW-Netz vom Router aus ist auch gegeben. Kann
gerne noch einen Screenshot anhängen, falls benötigt.

Nur von den Clients erreiche ich das WWW-Netz nicht.

Hier meine Config auszugsweise, mit den relevanten Infos:

 #-----------------------------------------------------------------------
-------
# Packet filter configuration
 #-----------------------------------------------------------------------
-------

PF_INPUT_POLICY='REJECT'        # be nice and use reject as policy
PF_INPUT_ACCEPT_DEF='yes'       # use default rule set
PF_INPUT_LOG='no'               # don't log at all
PF_INPUT_LOG_LIMIT='3/minute:5' # log 3 events per minute; allow a burst
of 5
                                # events
PF_INPUT_REJ_LIMIT='1/second:5' # reject 1 connection per second; allow
a burst
                                # of 5 events; otherwise drop packet
PF_INPUT_UDP_REJ_LIMIT='1/second:5'
                                # reject 1 udp packet per second; allow
a burst
                                # of 5 events; otherwise drop packet
PF_INPUT_N='2'                  # number of INPUT rules
PF_INPUT_1='IP_NET_1 ACCEPT'    # allow all hosts in the local network
to
                                # access the router
PF_INPUT_2='tmpl:samba DROP NOLOG'
                                # drop (or reject) samba access
PF_INPUT_2_COMMENT='no samba traffic allowed'
                                # without logging, otherwise the log
file will
                                # be filled with useless entries

PF_FORWARD_POLICY='REJECT'      # be nice and use reject as policy
PF_FORWARD_ACCEPT_DEF='no'     # use default rule set
PF_FORWARD_LOG='no'             # don't log at all
PF_FORWARD_LOG_LIMIT='3/minute:5'
                                # log 3 events per minute; allow a burst
of 5
                                # events
PF_FORWARD_REJ_LIMIT='1/second:5'
                                # reject 1 connection per second; allow
a burst
                                # of 5 events; otherwise drop packet
PF_FORWARD_UDP_REJ_LIMIT='1/second:5'
                                # reject 1 udp packet per second; allow
a burst
                                # of 5 events; otherwise drop packet
#PF_FORWARD_N='2'                # number of FORWARD rules
PF_FORWARD_N='5'   
PF_FORWARD_1='tmpl:samba DROP'  # drop samba traffic if it tries to
leave the
                                # subnet
PF_FORWARD_2='IP_NET_1 ACCEPT'  # accept everything else

PF_FORWARD_3='state:ESTABLISHED,RELATED ACCEPT'
PF_FORWARD_4='state:INVALID DROP'
PF_FORWARD_5='state:NEW 127.0.0.1 DROP BIDIRECTIONAL'
PF_OUTPUT_POLICY='ACCEPT'       # default policy for outgoing packets
PF_OUTPUT_ACCEPT_DEF='yes'      # use default rule set
PF_OUTPUT_LOG='no'              # don't log at all
PF_OUTPUT_LOG_LIMIT='3/minute:5'
                                # log 3 events per minute; allow a burst
of 5
                                # events
PF_OUTPUT_REJ_LIMIT='1/second:5'
                                # reject 1 connection per second; allow
a burst
                                # of 5 events; otherwise drop packet
PF_OUTPUT_UDP_REJ_LIMIT='1/second:5'
                                # reject 1 udp packet per second; allow
a burst
                                # of 5 events; otherwise drop packet
PF_OUTPUT_N='0'                 # number of OUTPUT rules

PF_POSTROUTING_N='1'            # number of POSTROUTING rules
PF_POSTROUTING_1='IP_NET_1 MASQUERADE'
                                # masquerade traffic leaving the subnet

PF_PREROUTING_N='0'             # number of PREROUTING rules
PF_PREROUTING_1='1.2.3.4 dynamic:22 DNAT:@client2'
                                # forward ssh connections coming from
1.2.3.4
                                # to client2

PF_PREROUTING_CT_ACCEPT_DEF='yes'
                                # use default rule set
PF_PREROUTING_CT_N='1'          # number of conntrack PREROUTING rules
PF_PREROUTING_CT_1='tmpl:ftp IP_NET_1 HELPER:ftp'
                                # associate FTP conntrack helper for
active FTP
                                # forwarded from within the LAN
PF_PREROUTING_CT_2='tmpl:ftp any dynamic HELPER:ftp'
                                # associate FTP conntrack helper for
active FTP
                                # forwarded to the router's external IP

PF_OUTPUT_CT_ACCEPT_DEF='yes'   # use default rule set
PF_OUTPUT_CT_N='0'              # number of conntrack OUTPUT rules
PF_OUTPUT_CT_1='tmpl:ftp HELPER:ftp'
                                # associate FTP conntrack helper for
outgoing
                                # active FTP on the router (this rule is
added
                                # automatically by the tools package if
                                # OPT_FTP='yes' and
FTP_PF_ENABLE_ACTIVE='yes')

PF_USR_CHAIN_N='0'              # number of user-defined rules

 #-----------------------------------------------------------------------
-------


Vielen Dank im voraus,

Mehr Informationen über die Mailingliste Fli4L