0 Membres et 1 Invité sur ce sujet
firewall { all-ping enable broadcast-ping disable group { } ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable name WAN_IN { default-action drop description "WAN to internal (WAN interface destined for other interfaces)" enable-default-log rule 10 { action accept description "Allow established/related" log disable protocol all state { established enable invalid disable new disable related enable } } rule 30 { action drop description "Drop invalid state" log disable protocol all state { established disable invalid enable new disable related disable } } } name WAN_LOCAL { default-action drop description "WAN to router" rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action accept description "Allow Ping" destination { group { address-group ADDRv4_eth2 } } log enable protocol icmp } rule 60 { action drop description "Drop invalid state" log disable state { invalid enable } } } options { mss-clamp { interface-type pppoe interface-type pptp interface-type tun mss 1452 } } receive-redirects disable send-redirects enable source-validation disable syn-cookies enable}interfaces { bridge br1 { aging 300 bridged-conntrack disable description "br1 -> eth0.840 LIVEBOX (ZAPPING + CANAL 1)" hello-time 2 max-age 20 priority 0 promiscuous disable stp false } ethernet eth0 { description "eth0 VERS LIVEBOX" duplex auto speed auto vif 832 { address 192.168.1.1/24 description "eth0.832 LIVEBOX (INTERNET + VOIP + CANAL 2)" } vif 840 { bridge-group { bridge br1 } description "eth0.840 LIVEBOX (ZAPPING + CANAL 1)" egress-qos "0:5 1:5 2:5 3:5 4:5 5:5 6:5 7:5" } } ethernet eth1 { description "eth1 ONT (FIBRE RJ45)" duplex auto speed auto vif 832 { address dhcp description "eth1.832 (INTERNET + VOIP + CANAL 2)" dhcp-options { client-option "send vendor-class-identifier "sagem";" client-option "send user-class "\053FSVDSL_livebox.Internet.softathome.Livebox3";" client-option "send rfc3118-auth 00:00:00:00:00:00:00:00:00:00:00:1a:09:00:00:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;" client-option "request dhcp-lease-time, dhcp-renewal-time, dhcp-rebinding-time, domain-search, rfc3118-auth, SIP;" default-route update default-route-distance 210 global-option "option rfc3118-auth code 90 = string;" name-server update } egress-qos "0:0 1:0 2:0 3:0 4:0 5:0 6:6 7:0" firewall { in { name WAN_IN } local { name WAN_LOCAL } } ipv6 { address { autoconf } dup-addr-detect-transmits 1 } } vif 840 { bridge-group { bridge br1 } description "eth1.840 (ZAPPING + CANAL 1)" egress-qos "0:5 1:5 2:5 3:5 5:5 6:5 7:5" } } ethernet eth2 { address 192.168.10.1/16 description "eth2 LOCAL LAN (Local Routers)" duplex auto speed auto } loopback lo { }}port-forward { auto-firewall enable hairpin-nat enable lan-interface eth2... wan-interface eth1.832}protocols { igmp-proxy { disable-quickleave interface br1 { alt-subnet 0.0.0.0/0 role upstream threshold 1 } interface eth0 { alt-subnet 0.0.0.0/0 role downstream threshold 1 } }}service { dhcp-server { disabled false global-parameters "option rfc3118-auth code 90 = string;" global-parameters "option SIP code 120 = string;" global-parameters "option Vendor-specific code 125 = string;" hostfile-update disable shared-network-name LAN { authoritative disable subnet 192.168.10.0/24 { default-router 192.168.10.1 domain-name HOME lease 86400 start 192.168.10.3 { stop 192.168.10.254 } static-mapping MYHOME2 { ip-address 192.168.10.7 mac-address xxxxxxxxxx } static-mapping MYHOME { ip-address 192.168.10.6 mac-address xxxxxxxxxx } } } shared-network-name LAN_ETH3 { authoritative disable subnet 192.168.30.0/24 { default-router 192.168.30.1 dns-server 8.8.8.8 dns-server 8.8.4.4 domain-name ETH-THREE lease 86400 start 192.168.30.10 { stop 192.168.30.50 } } } shared-network-name LIVEBOX { authoritative enable subnet 192.168.1.0/24 { default-router 192.168.1.1 dns-server 80.10.246.1 dns-server 81.253.149.13 lease 86400 start 192.168.1.2 { stop 192.168.1.254 } subnet-parameters "option rfc3118-auth 00:00:00:00:00:00:00:00:00:00:00:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;" subnet-parameters "option SIP xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;" subnet-parameters "option Vendor-specific xxxxxxxxxx:ff:ff:ff:ff:ff;" subnet-parameters "option domain-search "NCY.access.orange-multimedia.net.";" subnet-parameters "option domain-name "orange.fr";" } } static-arp disable use-dnsmasq disable } dns { forwarding { cache-size 600 listen-on eth2 } } gui { http-port 80 https-port 443 older-ciphers enable } mdns { reflector } nat { rule 1 { description "Allow SSH" destination { port 22222 } inbound-interface eth1.832 inside-address { port 22222 } log disable protocol tcp source { } type destination } rule 5010 { description "eth1.832 MAsquerade to public network" log disable outbound-interface eth1.832 protocol all type masquerade } } ssh { port 22222 protocol-version v2 } upnp2 { listen-on eth0.832 listen-on eth2 nat-pmp enable secure-mode disable wan eth1.832 }}system { analytics-handler { send-analytics-report true } config-management { commit-revisions 50 } crash-handler { send-crash-report true } domain-name WOLFNET host-name edgemaxer4 login { user admin { authentication { encrypted-password $xxxxxxxxxxxxxxxxxxxxxxxxxxxx plaintext-password "" } full-name Administrator level admin } user system { authentication { encrypted-password $xxxxxxxxxxxxxxxxxxxxxxxxxxxx plaintext-password "" } level admin } user ubnt { authentication { encrypted-password $xxxxxxxxxxxxxxxxxxxxxxxxxxxx plaintext-password "" } full-name "please change default password and remove firewall rules... your whole internet is exposed." level admin } } name-server 1.1.1.1 name-server 1.0.0.1 ntp { server 0.ubnt.pool.ntp.org { } server 1.ubnt.pool.ntp.org { } server 2.ubnt.pool.ntp.org { } server 3.ubnt.pool.ntp.org { } } offload { hwnat disable ipsec enable ipv4 { forwarding enable vlan enable } ipv6 { forwarding disable } } package { repository wheezy { components "main contrib non-free" distribution wheezy password "" url http://http.us.debian.org/debian username "" } repository wheezy-security { components main distribution wheezy/updates password "" url http://security.debian.org username "" } } syslog { global { facility all { level notice } facility protocols { level debug } } host 192.168.10.1 { facility all { level info } } } time-zone Europe/Paris}/* Warning: Do not remove the following line. *//* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:suspend@1:system@5:ubnt-l2tp@1:ubnt-pptp@1:ubnt-udapi-server@1:ubnt-unms@2:ubnt-util@1:vrrp@1:vyatta-netflow@1:webgui@1:webproxy@1:zone-policy@1" === *//* Release version: v2.0.9.5346345.201028.1647 */
j'arrive a entendre et parler avec les personnes qui m'appellent par contre eux m'entendent mais le son n'arrive pas chez eux.
global-option "option rfc3118-auth code 90 = string;"
Je rectifieCôté GSM : on entend bien la voix provenant de la boxCôté box : on entend rien Désolé pour le message pas clair
show conntrack table ipv4 source 192.168.32.10TCP state codes: SS - SYN SENT, SR - SYN RECEIVED, ES - ESTABLISHED, FW - FIN WAIT, CW - CLOSE WAIT, LA - LAST ACK, TW - TIME WAIT, CL - CLOSE, LI - LISTENCONN ID Source Destination Protocol TIMEOUT475026560 192.168.32.10:8004 81.253.175.107:44330 udp [17] 167209356768 192.168.32.10:5060 81.253.173.253:5060 udp [17] 3573475029152 192.168.32.10:8005 81.253.175.107:44331 udp [17] 175
lsmod | grep conntrack_sipnf_conntrack_sip 23229 1 nf_nat_sip
show conntrack table ipv4 source 192.168.10.6 | grep udp1219853056 192.168.10.6:46103 192.168.10.1:53 udp [17] 841208091392 192.168.10.6:37754 134.41.82.216:57497 udp [17] 1071216867712 192.168.10.6:58752 47.245.143.156:22102 udp [17] 1751241320064 192.168.10.6:1025 52.28.25.255:10000 udp [17] 1681219847296 192.168.10.6:37754 221.156.183.179:7681 udp [17] 1091299908480 192.168.10.6:37754 178.148.74.66:54323 udp [17] 71299908096 192.168.10.6:53703 192.168.10.1:53 udp [17] 51213954816 192.168.10.6:37754 177.180.195.242:44258 udp [17] 1091216868480 192.168.10.6:37754 51.15.91.215:49784 udp [17] 21213068160 192.168.10.6:55875 192.168.10.1:53 udp [17] 231211228160 192.168.10.6:10000 52.28.25.255:10000 udp [17] 1751180895104 192.168.10.6:37754 141.164.43.52:6881 udp [17] 1091176598528 192.168.10.6:37754 178.57.214.208:49001 udp [17] 1081219848832 192.168.10.6:34058 192.168.10.1:53 udp [17] 831210375296 192.168.10.6:37754 82.73.147.149:51413 udp [17] 221208092160 192.168.10.6:37754 18.218.241.3:6881 udp [17] 1081211298688 192.168.10.6:29 61.164.36.105:123 udp [17] 211214376192 192.168.10.6:37754 193.37.254.27:27412 udp [17] 1091214600448 192.168.10.6:50384 211.149.233.35:20001 udp [17] 261176675840 192.168.10.6:37754 85.144.246.90:33204 udp [17] 1111180898560 192.168.10.6:37754 208.110.64.170:6881 udp [17] 1081180309120 192.168.10.6:37754 87.248.15.180:45117 udp [17] 1251210371456 192.168.10.6:37754 185.203.56.4:56981 udp [17] 121299909632 192.168.10.6:50384 74.207.241.132:20001 udp [17] 1761216870016 192.168.10.6:50384 139.162.72.65:20001 udp [17] 1761210369536 192.168.10.6:1025 17.171.4.36:123 udp [17] 121176679680 192.168.10.6:1024 52.28.25.255:10000 udp [17] 1621216870784 192.168.10.6:50384 123.57.105.118:20001 udp [17] 1611210370688 192.168.10.6:37754 200.149.207.233:45205 udp [17] 171216870400 192.168.10.6:50384 176.58.96.231:20001 udp [17] 1761211232768 192.168.10.6:37754 141.226.10.159:6222 udp [17] 1091299906944 192.168.10.6:39124 192.168.10.1:53 udp [17] 71213067776 192.168.10.6:53252 46.182.109.110:49799 udp [17] 231211297152 192.168.10.6:123 61.164.36.105:123 udp [17] 101299913856 192.168.10.6:37754 188.4.118.205:10695 udp [17] 271299910400 192.168.10.6:53252 77.249.175.207:51413 udp [17] 161216865024 192.168.10.6:30 61.164.36.105:123 udp [17] 191209560448 192.168.10.6:37754 220.83.140.238:11850 udp [17] 1471213064320 192.168.10.6:1024 17.171.4.36:123 udp [17] 20
Alors je viens de tester la redirection des ports 8000 8004 8008 8012 8016 mais sans succes
Pour ce qui est du conntrack je vois des choses mais aucune idee de ce quelles valeurs je devrais avoirvoici les infos