[Cerowrt-devel] CeroWrt 3.10.18-1 odd firewall warnings

Development issues regarding the cerowrt test router project
 help / color / mirror / Atom feed

* [Cerowrt-devel] CeroWrt 3.10.18-1 odd firewall warnings
@ 2013-12-03  1:21 Richard E. Brown
  2013-12-04  2:35 ` Jim Gettys
  0 siblings, 1 reply; 2+ messages in thread
From: Richard E. Brown @ 2013-12-03  1:21 UTC (permalink / raw)
  To: cerowrt-devel

When I was trying to set up the Hurricane Electric 6in4 tunnel, I got two sets of warnings from CeroWrt 3.10.18-1.

1) I used the tunnel.sh script (see URL below) to set up my tunnel. I got the first set of output. Note the “Error: Failed to connect to ubus” message. Is this OK? (The tunnel did come up after restarting the router.)

2) I then re-ran the firewall restart command (see second set of output) and saw a number of warnings. Any problems/surprises here?

Best,

Rich

============= 1) Restarting the firewall from the script that sets up the HE.net 6in4 tunnel ===========
============= see script at the bottom of: http://www.bufferbloat.net/projects/cerowrt/wiki/IPv6_Tunnel

root@cerowrt:/tmp# sh tunnel.sh
Downloading http://snapon.lab.bufferbloat.net/~cero2/cerowrt/wndr/3.10.18-1/packages/Packages.gz.
Updated list of available packages in /var/opkg-lists/vancouver.
Package 6in4 (14-1) installed in root is up to date.
Setting up HE.net tunnel
Restarting network... "Device busy (-16)" messages are OK.
Restarting firewall...
Error: Failed to connect to ubus
Done. You should restart the router now to make these take effect.

============== 2) Restarting the firewall from the command line =============

root@cerowrt:~# uname -a
Linux cerowrt 3.10.18 #1 Sun Nov 10 14:35:09 PST 2013 mips GNU/Linux

root@cerowrt:~# /etc/init.d/firewall restart
 * Flushing IPv4 filter table
 * Flushing IPv4 nat table
 * Flushing IPv4 mangle table
 * Flushing IPv4 raw table
 * Flushing IPv6 filter table
 * Flushing IPv6 nat table
 * Flushing IPv6 mangle table
 * Flushing IPv6 raw table
 * Flushing conntrack table ...
 * Populating IPv4 filter table
   * Zone 'wan'
   * Zone 'lan'
   * Zone 'guest'
   * Rule 'domain'
   * Rule 'ntp'
   * Rule 'dhcp4'
   * Rule 'printers'
   * Rule 'Useful Services'
   * Rule 'blockconfig'
   * Rule 'blockconfig2'
   * Forward 'guest' -> 'wan'
   * Forward 'lan' -> 'wan'
   * Forward 'wan' -> 'lan'
   * Forward 'lan' -> 'guest'
   * Forward 'wan' -> 'guest'
 * Populating IPv4 nat table
   * Zone 'wan'
   * Zone 'lan'
   * Zone 'guest'
 * Populating IPv4 mangle table
   * Zone 'wan'
   * Zone 'lan'
   * Zone 'guest'
 * Populating IPv4 raw table
   * Zone 'wan'
   * Zone 'lan'
   * Zone 'guest'
 * Populating IPv6 filter table
   * Zone 'wan'
   * Zone 'lan'
   * Zone 'guest'
   * Rule 'domain'
   * Rule 'ntp'
   * Rule 'printers'
   * Rule 'Useful Services'
   * Rule 'ipv6 dfz'
   * Rule 'icmpv6'
   * Rule 'blockconfig'
   * Rule 'Allow-DHCPv6'
   * Rule 'blockconfig2'
   * Forward 'guest' -> 'wan'
   * Forward 'lan' -> 'wan'
   * Forward 'wan' -> 'lan'
   * Forward 'lan' -> 'guest'
   * Forward 'wan' -> 'guest'
 * Populating IPv6 nat table
   * Zone 'wan'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_wan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_wan_rule'
   * Zone 'lan'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_lan_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_lan_rule'
   * Zone 'guest'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_guest_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_guest_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'delegate_prerouting'
Warning: fw3_ipt_rule_append(): Can't find target 'delegate_postrouting'
Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_rule'
Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_rule'
 * Populating IPv6 mangle table
   * Zone 'wan'
   * Zone 'lan'
   * Zone 'guest'
 * Populating IPv6 raw table
   * Zone 'wan'
   * Zone 'lan'
   * Zone 'guest'
 * Set tcp_ecn to on
 * Set tcp_syncookies to on
 * Set tcp_window_scaling to on

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [Cerowrt-devel] CeroWrt 3.10.18-1 odd firewall warnings
  2013-12-03  1:21 [Cerowrt-devel] CeroWrt 3.10.18-1 odd firewall warnings Richard E. Brown
@ 2013-12-04  2:35 ` Jim Gettys
  0 siblings, 0 replies; 2+ messages in thread
From: Jim Gettys @ 2013-12-04  2:35 UTC (permalink / raw)
  To: Richard E. Brown; +Cc: cerowrt-devel

[-- Attachment #1: Type: text/plain, Size: 4753 bytes --]

Dave helped me get up a HE IPv6 tunnel.

There were two things:
1) when I change routers, Comcast gives me a different IPv4 address, so I
had to update the Hurricane information to correspond.
2) CeroWrt is using a new version of dnsmasq, which has good support for
IPv6, and IIRC, Dave turned on the dnsmasq support and turned off 6relayd,
or some such...

Been working fine for me since.
                  - Jim



On Mon, Dec 2, 2013 at 8:21 PM, Richard E. Brown <richb.hanover@gmail.com>wrote:

> When I was trying to set up the Hurricane Electric 6in4 tunnel, I got two
> sets of warnings from CeroWrt 3.10.18-1.
>
> 1) I used the tunnel.sh script (see URL below) to set up my tunnel. I got
> the first set of output. Note the “Error: Failed to connect to ubus”
> message. Is this OK? (The tunnel did come up after restarting the router.)
>
> 2) I then re-ran the firewall restart command (see second set of output)
> and saw a number of warnings. Any problems/surprises here?
>
> Best,
>
> Rich
>
> ============= 1) Restarting the firewall from the script that sets up the
> HE.net 6in4 tunnel ===========
> ============= see script at the bottom of:
> http://www.bufferbloat.net/projects/cerowrt/wiki/IPv6_Tunnel
>
> root@cerowrt:/tmp# sh tunnel.sh
> Downloading
> http://snapon.lab.bufferbloat.net/~cero2/cerowrt/wndr/3.10.18-1/packages/Packages.gz
> .
> Updated list of available packages in /var/opkg-lists/vancouver.
> Package 6in4 (14-1) installed in root is up to date.
> Setting up HE.net tunnel
> Restarting network... "Device busy (-16)" messages are OK.
> Restarting firewall...
> Error: Failed to connect to ubus
> Done. You should restart the router now to make these take effect.
>
> ============== 2) Restarting the firewall from the command line
> =============
>
> root@cerowrt:~# uname -a
> Linux cerowrt 3.10.18 #1 Sun Nov 10 14:35:09 PST 2013 mips GNU/Linux
>
> root@cerowrt:~# /etc/init.d/firewall restart
>  * Flushing IPv4 filter table
>  * Flushing IPv4 nat table
>  * Flushing IPv4 mangle table
>  * Flushing IPv4 raw table
>  * Flushing IPv6 filter table
>  * Flushing IPv6 nat table
>  * Flushing IPv6 mangle table
>  * Flushing IPv6 raw table
>  * Flushing conntrack table ...
>  * Populating IPv4 filter table
>    * Zone 'wan'
>    * Zone 'lan'
>    * Zone 'guest'
>    * Rule 'domain'
>    * Rule 'ntp'
>    * Rule 'dhcp4'
>    * Rule 'printers'
>    * Rule 'Useful Services'
>    * Rule 'blockconfig'
>    * Rule 'blockconfig2'
>    * Forward 'guest' -> 'wan'
>    * Forward 'lan' -> 'wan'
>    * Forward 'wan' -> 'lan'
>    * Forward 'lan' -> 'guest'
>    * Forward 'wan' -> 'guest'
>  * Populating IPv4 nat table
>    * Zone 'wan'
>    * Zone 'lan'
>    * Zone 'guest'
>  * Populating IPv4 mangle table
>    * Zone 'wan'
>    * Zone 'lan'
>    * Zone 'guest'
>  * Populating IPv4 raw table
>    * Zone 'wan'
>    * Zone 'lan'
>    * Zone 'guest'
>  * Populating IPv6 filter table
>    * Zone 'wan'
>    * Zone 'lan'
>    * Zone 'guest'
>    * Rule 'domain'
>    * Rule 'ntp'
>    * Rule 'printers'
>    * Rule 'Useful Services'
>    * Rule 'ipv6 dfz'
>    * Rule 'icmpv6'
>    * Rule 'blockconfig'
>    * Rule 'Allow-DHCPv6'
>    * Rule 'blockconfig2'
>    * Forward 'guest' -> 'wan'
>    * Forward 'lan' -> 'wan'
>    * Forward 'wan' -> 'lan'
>    * Forward 'lan' -> 'guest'
>    * Forward 'wan' -> 'guest'
>  * Populating IPv6 nat table
>    * Zone 'wan'
> Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_wan_rule'
> Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_wan_rule'
>    * Zone 'lan'
> Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_lan_rule'
> Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_lan_rule'
>    * Zone 'guest'
> Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_guest_rule'
> Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_guest_rule'
> Warning: fw3_ipt_rule_append(): Can't find target 'delegate_prerouting'
> Warning: fw3_ipt_rule_append(): Can't find target 'delegate_postrouting'
> Warning: fw3_ipt_rule_append(): Can't find target 'prerouting_rule'
> Warning: fw3_ipt_rule_append(): Can't find target 'postrouting_rule'
>  * Populating IPv6 mangle table
>    * Zone 'wan'
>    * Zone 'lan'
>    * Zone 'guest'
>  * Populating IPv6 raw table
>    * Zone 'wan'
>    * Zone 'lan'
>    * Zone 'guest'
>  * Set tcp_ecn to on
>  * Set tcp_syncookies to on
>  * Set tcp_window_scaling to on
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>

[-- Attachment #2: Type: text/html, Size: 6758 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2013-12-04  2:35 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-12-03  1:21 [Cerowrt-devel] CeroWrt 3.10.18-1 odd firewall warnings Richard E. Brown
2013-12-04  2:35 ` Jim Gettys

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox