API tools faq
paste
Advertisement
Guest User

TP Link diagnostics

a guest
May 10th, 2021
34
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 26.72 KB | None | 0 0
raw download clone embed print report
  1. uci show network
  2.  
  3. network.loopback=interface
  4. network.loopback.ifname='lo'
  5. network.loopback.proto='static'
  6. network.loopback.ipaddr='127.0.0.1'
  7. network.loopback.netmask='255.0.0.0'
  8. network.globals=globals
  9. network.globals.ula_prefix='fd1e:0106:18d6::/48'
  10. network.lan=interface
  11. network.lan.type='bridge'
  12. network.lan.ifname='eth0.1'
  13. network.lan.proto='static'
  14. network.lan.netmask='255.255.255.0'
  15. network.lan.ipaddr='192.168.12.1'
  16. network.lan.ip6assign='64'
  17. network.lan_eth0_1_dev=device
  18. network.lan_eth0_1_dev.name='eth0.1'
  19. network.lan_eth0_1_dev.macaddr='3c:84:6a:d1:77:4b'
  20. network.wan=interface
  21. network.wan.ifname='eth0.2'
  22. network.wan.proto='dhcp'
  23. network.wan_eth0_2_dev=device
  24. network.wan_eth0_2_dev.name='eth0.2'
  25. network.wan_eth0_2_dev.macaddr='3c:84:6a:d1:77:4c'
  26. network.wan6=interface
  27. network.wan6.ifname='eth0.2'
  28. network.wan6.proto='dhcpv6'
  29. network.@switch[0]=switch
  30. network.@switch[0].name='switch0'
  31. network.@switch[0].reset='1'
  32. network.@switch[0].enable_vlan='1'
  33. network.@switch_vlan[0]=switch_vlan
  34. network.@switch_vlan[0].device='switch0'
  35. network.@switch_vlan[0].vlan='1'
  36. network.@switch_vlan[0].ports='1 2 3 4 6t'
  37. network.@switch_vlan[1]=switch_vlan
  38. network.@switch_vlan[1].device='switch0'
  39. network.@switch_vlan[1].vlan='2'
  40. network.@switch_vlan[1].ports='0 6t'
  41.  
  42. uci show dhcp
  43.  
  44. dhcp.@dnsmasq[0]=dnsmasq
  45. dhcp.@dnsmasq[0].domainneeded='1'
  46. dhcp.@dnsmasq[0].boguspriv='1'
  47. dhcp.@dnsmasq[0].filterwin2k='0'
  48. dhcp.@dnsmasq[0].localise_queries='1'
  49. dhcp.@dnsmasq[0].rebind_protection='1'
  50. dhcp.@dnsmasq[0].rebind_localhost='1'
  51. dhcp.@dnsmasq[0].local='/lan/'
  52. dhcp.@dnsmasq[0].domain='lan'
  53. dhcp.@dnsmasq[0].expandhosts='1'
  54. dhcp.@dnsmasq[0].nonegcache='0'
  55. dhcp.@dnsmasq[0].authoritative='1'
  56. dhcp.@dnsmasq[0].readethers='1'
  57. dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
  58. dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
  59. dhcp.@dnsmasq[0].nonwildcard='1'
  60. dhcp.@dnsmasq[0].localservice='1'
  61. dhcp.lan=dhcp
  62. dhcp.lan.interface='lan'
  63. dhcp.lan.start='100'
  64. dhcp.lan.limit='150'
  65. dhcp.lan.leasetime='12h'
  66. dhcp.lan.dhcpv6='server'
  67. dhcp.lan.ra='server'
  68. dhcp.lan.ra_management='1'
  69. dhcp.wan=dhcp
  70. dhcp.wan.interface='wan'
  71. dhcp.wan.ignore='1'
  72. dhcp.odhcpd=odhcpd
  73. dhcp.odhcpd.maindhcp='0'
  74. dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
  75. dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
  76. dhcp.odhcpd.loglevel='4'
  77.  
  78. uci show firewall
  79.  
  80. firewall.@defaults[0]=defaults
  81. firewall.@defaults[0].syn_flood='1'
  82. firewall.@defaults[0].input='ACCEPT'
  83. firewall.@defaults[0].output='ACCEPT'
  84. firewall.@defaults[0].forward='REJECT'
  85. firewall.@zone[0]=zone
  86. firewall.@zone[0].name='lan'
  87. firewall.@zone[0].network='lan'
  88. firewall.@zone[0].input='ACCEPT'
  89. firewall.@zone[0].output='ACCEPT'
  90. firewall.@zone[0].forward='ACCEPT'
  91. firewall.@zone[1]=zone
  92. firewall.@zone[1].name='wan'
  93. firewall.@zone[1].network='wan' 'wan6'
  94. firewall.@zone[1].input='REJECT'
  95. firewall.@zone[1].output='ACCEPT'
  96. firewall.@zone[1].forward='REJECT'
  97. firewall.@zone[1].masq='1'
  98. firewall.@zone[1].mtu_fix='1'
  99. firewall.@forwarding[0]=forwarding
  100. firewall.@forwarding[0].src='lan'
  101. firewall.@forwarding[0].dest='wan'
  102. firewall.@rule[0]=rule
  103. firewall.@rule[0].name='Allow-DHCP-Renew'
  104. firewall.@rule[0].src='wan'
  105. firewall.@rule[0].proto='udp'
  106. firewall.@rule[0].dest_port='68'
  107. firewall.@rule[0].target='ACCEPT'
  108. firewall.@rule[0].family='ipv4'
  109. firewall.@rule[1]=rule
  110. firewall.@rule[1].name='Allow-Ping'
  111. firewall.@rule[1].src='wan'
  112. firewall.@rule[1].proto='icmp'
  113. firewall.@rule[1].icmp_type='echo-request'
  114. firewall.@rule[1].family='ipv4'
  115. firewall.@rule[1].target='ACCEPT'
  116. firewall.@rule[2]=rule
  117. firewall.@rule[2].name='Allow-IGMP'
  118. firewall.@rule[2].src='wan'
  119. firewall.@rule[2].proto='igmp'
  120. firewall.@rule[2].family='ipv4'
  121. firewall.@rule[2].target='ACCEPT'
  122. firewall.@rule[3]=rule
  123. firewall.@rule[3].name='Allow-DHCPv6'
  124. firewall.@rule[3].src='wan'
  125. firewall.@rule[3].proto='udp'
  126. firewall.@rule[3].src_ip='fc00::/6'
  127. firewall.@rule[3].dest_ip='fc00::/6'
  128. firewall.@rule[3].dest_port='546'
  129. firewall.@rule[3].family='ipv6'
  130. firewall.@rule[3].target='ACCEPT'
  131. firewall.@rule[4]=rule
  132. firewall.@rule[4].name='Allow-MLD'
  133. firewall.@rule[4].src='wan'
  134. firewall.@rule[4].proto='icmp'
  135. firewall.@rule[4].src_ip='fe80::/10'
  136. firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
  137. firewall.@rule[4].family='ipv6'
  138. firewall.@rule[4].target='ACCEPT'
  139. firewall.@rule[5]=rule
  140. firewall.@rule[5].name='Allow-ICMPv6-Input'
  141. firewall.@rule[5].src='wan'
  142. firewall.@rule[5].proto='icmp'
  143. firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
  144. firewall.@rule[5].limit='1000/sec'
  145. firewall.@rule[5].family='ipv6'
  146. firewall.@rule[5].target='ACCEPT'
  147. firewall.@rule[6]=rule
  148. firewall.@rule[6].name='Allow-ICMPv6-Forward'
  149. firewall.@rule[6].src='wan'
  150. firewall.@rule[6].dest='*'
  151. firewall.@rule[6].proto='icmp'
  152. firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
  153. firewall.@rule[6].limit='1000/sec'
  154. firewall.@rule[6].family='ipv6'
  155. firewall.@rule[6].target='ACCEPT'
  156. firewall.@rule[7]=rule
  157. firewall.@rule[7].name='Allow-IPSec-ESP'
  158. firewall.@rule[7].src='wan'
  159. firewall.@rule[7].dest='lan'
  160. firewall.@rule[7].proto='esp'
  161. firewall.@rule[7].target='ACCEPT'
  162. firewall.@rule[8]=rule
  163. firewall.@rule[8].name='Allow-ISAKMP'
  164. firewall.@rule[8].src='wan'
  165. firewall.@rule[8].dest='lan'
  166. firewall.@rule[8].dest_port='500'
  167. firewall.@rule[8].proto='udp'
  168. firewall.@rule[8].target='ACCEPT'
  169. firewall.@include[0]=include
  170. firewall.@include[0].path='/etc/firewall.user'
  171. firewall.@redirect[0]=redirect
  172. firewall.@redirect[0].src='wan'
  173. firewall.@redirect[0].name='Mc java'
  174. firewall.@redirect[0].src_dport='25565'
  175. firewall.@redirect[0].target='DNAT'
  176. firewall.@redirect[0].dest_ip='192.168.12.117'
  177. firewall.@redirect[0].dest='lan'
  178.  
  179. ifstatus wan6
  180.  
  181. {
  182. "up": true,
  183. "pending": false,
  184. "available": true,
  185. "autostart": true,
  186. "dynamic": false,
  187. "uptime": 71012,
  188. "l3_device": "eth0.2",
  189. "proto": "dhcpv6",
  190. "device": "eth0.2",
  191. "metric": 0,
  192. "dns_metric": 0,
  193. "delegation": true,
  194. "ipv4-address": [
  195.  
  196. ],
  197. "ipv6-address": [
  198. {
  199. "address": "2001:1670:c:4787:3e84:6aff:fed1:774c",
  200. "mask": 64,
  201. "preferred": 0,
  202. "valid": 4502
  203. },
  204. {
  205. "address": "2001:1670:c:5e10:3e84:6aff:fed1:774c",
  206. "mask": 64,
  207. "preferred": 172663,
  208. "valid": 259063
  209. },
  210. {
  211. "address": "2001:1670:c:4787::1",
  212. "mask": 128,
  213. "preferred": 101778,
  214. "valid": 188178
  215. }
  216. ],
  217. "ipv6-prefix": [
  218. {
  219. "address": "2001:1670:c:4787::",
  220. "mask": 64,
  221. "preferred": 101778,
  222. "valid": 188178,
  223. "class": "wan6",
  224. "assigned": {
  225. "lan": {
  226. "address": "2001:1670:c:4787::",
  227. "mask": 64
  228. }
  229. }
  230. }
  231. ],
  232. "ipv6-prefix-assignment": [
  233.  
  234. ],
  235. "route": [
  236. {
  237. "target": "2001:1670:c:4787::",
  238. "mask": 64,
  239. "nexthop": "::",
  240. "metric": 256,
  241. "valid": 256163,
  242. "source": "::/0"
  243. },
  244. {
  245. "target": "2001:1670:c:5e10::",
  246. "mask": 64,
  247. "nexthop": "::",
  248. "metric": 256,
  249. "valid": 259063,
  250. "source": "::/0"
  251. },
  252. {
  253. "target": "::",
  254. "mask": 0,
  255. "nexthop": "fe80::1",
  256. "metric": 512,
  257. "valid": 1663,
  258. "source": "2001:1670:c:4787::/64"
  259. },
  260. {
  261. "target": "::",
  262. "mask": 0,
  263. "nexthop": "fe80::1",
  264. "metric": 512,
  265. "valid": 1663,
  266. "source": "2001:1670:c:4787:3e84:6aff:fed1:774c/64"
  267. },
  268. {
  269. "target": "::",
  270. "mask": 0,
  271. "nexthop": "fe80::1",
  272. "metric": 512,
  273. "valid": 1663,
  274. "source": "2001:1670:c:5e10:3e84:6aff:fed1:774c/64"
  275. },
  276. {
  277. "target": "::",
  278. "mask": 0,
  279. "nexthop": "fe80::1",
  280. "metric": 512,
  281. "valid": 1663,
  282. "source": "2001:1670:c:4787::1/128"
  283. }
  284. ],
  285. "dns-server": [
  286. "fe80::1"
  287. ],
  288. "dns-search": [
  289.  
  290. ],
  291. "neighbors": [
  292.  
  293. ],
  294. "inactive": {
  295. "ipv4-address": [
  296.  
  297. ],
  298. "ipv6-address": [
  299.  
  300. ],
  301. "route": [
  302.  
  303. ],
  304. "dns-server": [
  305.  
  306. ],
  307. "dns-search": [
  308.  
  309. ],
  310. "neighbors": [
  311.  
  312. ]
  313. },
  314. "data": {
  315. "passthru": "00170010fe800000000000000000000000000001"
  316. }
  317. }
  318.  
  319. \ip address show
  320.  
  321. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
  322. link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  323. inet 127.0.0.1/8 scope host lo
  324. valid_lft forever preferred_lft forever
  325. inet6 ::1/128 scope host
  326. valid_lft forever preferred_lft forever
  327. 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 1000
  328. link/ether 3c:84:6a:d1:77:4b brd ff:ff:ff:ff:ff:ff
  329. inet6 fe80::3e84:6aff:fed1:774b/64 scope link
  330. valid_lft forever preferred_lft forever
  331. 4: wlan1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
  332. link/ether 3c:84:6a:d1:77:4a brd ff:ff:ff:ff:ff:ff
  333. 7: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
  334. link/ether 3c:84:6a:d1:77:4c brd ff:ff:ff:ff:ff:ff
  335. inet 192.168.100.71/24 brd 192.168.100.255 scope global eth0.2
  336. valid_lft forever preferred_lft forever
  337. inet6 2001:1670:c:5e10:3e84:6aff:fed1:774c/64 scope global dynamic
  338. valid_lft 258976sec preferred_lft 172576sec
  339. inet6 2001:1670:c:4787:3e84:6aff:fed1:774c/64 scope global deprecated dynamic
  340. valid_lft 4415sec preferred_lft 0sec
  341. inet6 2001:1670:c:4787::1/128 scope global dynamic
  342. valid_lft 188092sec preferred_lft 101692sec
  343. inet6 fe80::3e84:6aff:fed1:774c/64 scope link
  344. valid_lft forever preferred_lft forever
  345. 8: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
  346. link/ether 3c:84:6a:d1:77:4b brd ff:ff:ff:ff:ff:ff
  347. inet6 fe80::3e84:6aff:fed1:774b/64 scope link
  348. valid_lft forever preferred_lft forever
  349. 9: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
  350. link/ether 3c:84:6a:d1:77:4b brd ff:ff:ff:ff:ff:ff
  351. inet 192.168.12.1/24 brd 192.168.12.255 scope global br-lan
  352. valid_lft forever preferred_lft forever
  353. inet6 fd1e:106:18d6::1/60 scope global
  354. valid_lft forever preferred_lft forever
  355. inet6 2001:1670:c:4787::1/64 scope global dynamic
  356. valid_lft 188091sec preferred_lft 101691sec
  357. inet6 fe80::3e84:6aff:fed1:774b/64 scope link
  358. valid_lft forever preferred_lft forever
  359. 10: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
  360. link/ether 3c:84:6a:d1:77:4b brd ff:ff:ff:ff:ff:ff
  361.  
  362. ip route show table all
  363.  
  364. default via 192.168.100.1 dev eth0.2 src 192.168.100.71
  365. 192.168.12.0/24 dev br-lan scope link src 192.168.12.1
  366. 192.168.100.0/24 dev eth0.2 scope link src 192.168.100.71
  367. broadcast 127.0.0.0 dev lo table local scope link src 127.0.0.1
  368. local 127.0.0.0/8 dev lo table local scope host src 127.0.0.1
  369. local 127.0.0.1 dev lo table local scope host src 127.0.0.1
  370. broadcast 127.255.255.255 dev lo table local scope link src 127.0.0.1
  371. broadcast 192.168.12.0 dev br-lan table local scope link src 192.168.12.1
  372. local 192.168.12.1 dev br-lan table local scope host src 192.168.12.1
  373. broadcast 192.168.12.255 dev br-lan table local scope link src 192.168.12.1
  374. broadcast 192.168.100.0 dev eth0.2 table local scope link src 192.168.100.71
  375. local 192.168.100.71 dev eth0.2 table local scope host src 192.168.100.71
  376. broadcast 192.168.100.255 dev eth0.2 table local scope link src 192.168.100.71
  377. default from 2001:1670:c:4787::1 via fe80::1 dev eth0.2 metric 512
  378. default from 2001:1670:c:4787::/64 via fe80::1 dev eth0.2 metric 512
  379. default from 2001:1670:c:5e10::/64 via fe80::1 dev eth0.2 metric 512
  380. 2001:1670:c:4787::/64 dev eth0.2 metric 256
  381. 2001:1670:c:4787::/64 dev br-lan metric 1024
  382. unreachable 2001:1670:c:4787::/64 dev lo metric 2147483647 error -148
  383. 2001:1670:c:5e10::/64 dev eth0.2 metric 256
  384. unreachable 2001:1670:c:5e10::/64 dev lo metric 2147483647 error -148
  385. fd1e:106:18d6::/64 dev br-lan metric 1024
  386. unreachable fd1e:106:18d6::/48 dev lo metric 2147483647 error -148
  387. fe80::/64 dev eth0 metric 256
  388. fe80::/64 dev eth0.2 metric 256
  389. fe80::/64 dev wlan0 metric 256
  390. fe80::/64 dev br-lan metric 256
  391. local ::1 dev lo table local metric 0
  392. anycast 2001:1670:c:4787:: dev eth0.2 table local metric 0
  393. anycast 2001:1670:c:4787:: dev br-lan table local metric 0
  394. local 2001:1670:c:4787::1 dev eth0.2 table local metric 0
  395. local 2001:1670:c:4787::1 dev br-lan table local metric 0
  396. local 2001:1670:c:4787:3e84:6aff:fed1:774c dev eth0.2 table local metric 0
  397. anycast 2001:1670:c:5e10:: dev eth0.2 table local metric 0
  398. local 2001:1670:c:5e10:3e84:6aff:fed1:774c dev eth0.2 table local metric 0
  399. anycast fd1e:106:18d6:: dev br-lan table local metric 0
  400. local fd1e:106:18d6::1 dev br-lan table local metric 0
  401. anycast fe80:: dev eth0.2 table local metric 0
  402. anycast fe80:: dev eth0 table local metric 0
  403. anycast fe80:: dev wlan0 table local metric 0
  404. anycast fe80:: dev br-lan table local metric 0
  405. local fe80::3e84:6aff:fed1:774b dev eth0 table local metric 0
  406. local fe80::3e84:6aff:fed1:774b dev wlan0 table local metric 0
  407. local fe80::3e84:6aff:fed1:774b dev br-lan table local metric 0
  408. local fe80::3e84:6aff:fed1:774c dev eth0.2 table local metric 0
  409. ff00::/8 dev eth0 table local metric 256
  410. ff00::/8 dev eth0.2 table local metric 256
  411. ff00::/8 dev wlan0 table local metric 256
  412. ff00::/8 dev br-lan table local metric 256
  413. root@Archer_C50:~# ip rule show
  414. 0: from all lookup local
  415. 32766: from all lookup main
  416. 32767: from all lookup default
  417.  
  418. ip route show table all
  419.  
  420. default via 192.168.100.1 dev eth0.2 src 192.168.100.71
  421. 192.168.12.0/24 dev br-lan scope link src 192.168.12.1
  422. 192.168.100.0/24 dev eth0.2 scope link src 192.168.100.71
  423. broadcast 127.0.0.0 dev lo table local scope link src 127.0.0.1
  424. local 127.0.0.0/8 dev lo table local scope host src 127.0.0.1
  425. local 127.0.0.1 dev lo table local scope host src 127.0.0.1
  426. broadcast 127.255.255.255 dev lo table local scope link src 127.0.0.1
  427. broadcast 192.168.12.0 dev br-lan table local scope link src 192.168.12.1
  428. local 192.168.12.1 dev br-lan table local scope host src 192.168.12.1
  429. broadcast 192.168.12.255 dev br-lan table local scope link src 192.168.12.1
  430. broadcast 192.168.100.0 dev eth0.2 table local scope link src 192.168.100.71
  431. local 192.168.100.71 dev eth0.2 table local scope host src 192.168.100.71
  432. broadcast 192.168.100.255 dev eth0.2 table local scope link src 192.168.100.71
  433. default from 2001:1670:c:4787::1 via fe80::1 dev eth0.2 metric 512
  434. default from 2001:1670:c:4787::/64 via fe80::1 dev eth0.2 metric 512
  435. default from 2001:1670:c:5e10::/64 via fe80::1 dev eth0.2 metric 512
  436. 2001:1670:c:4787::/64 dev eth0.2 metric 256
  437. 2001:1670:c:4787::/64 dev br-lan metric 1024
  438. unreachable 2001:1670:c:4787::/64 dev lo metric 2147483647 error -148
  439. 2001:1670:c:5e10::/64 dev eth0.2 metric 256
  440. unreachable 2001:1670:c:5e10::/64 dev lo metric 2147483647 error -148
  441. fd1e:106:18d6::/64 dev br-lan metric 1024
  442. unreachable fd1e:106:18d6::/48 dev lo metric 2147483647 error -148
  443. fe80::/64 dev eth0 metric 256
  444. fe80::/64 dev eth0.2 metric 256
  445. fe80::/64 dev wlan0 metric 256
  446. fe80::/64 dev br-lan metric 256
  447. local ::1 dev lo table local metric 0
  448. anycast 2001:1670:c:4787:: dev eth0.2 table local metric 0
  449. anycast 2001:1670:c:4787:: dev br-lan table local metric 0
  450. local 2001:1670:c:4787::1 dev eth0.2 table local metric 0
  451. local 2001:1670:c:4787::1 dev br-lan table local metric 0
  452. local 2001:1670:c:4787:3e84:6aff:fed1:774c dev eth0.2 table local metric 0
  453. anycast 2001:1670:c:5e10:: dev eth0.2 table local metric 0
  454. local 2001:1670:c:5e10:3e84:6aff:fed1:774c dev eth0.2 table local metric 0
  455. anycast fd1e:106:18d6:: dev br-lan table local metric 0
  456. local fd1e:106:18d6::1 dev br-lan table local metric 0
  457. anycast fe80:: dev eth0.2 table local metric 0
  458. anycast fe80:: dev eth0 table local metric 0
  459. anycast fe80:: dev wlan0 table local metric 0
  460. anycast fe80:: dev br-lan table local metric 0
  461. local fe80::3e84:6aff:fed1:774b dev eth0 table local metric 0
  462. local fe80::3e84:6aff:fed1:774b dev wlan0 table local metric 0
  463. local fe80::3e84:6aff:fed1:774b dev br-lan table local metric 0
  464. local fe80::3e84:6aff:fed1:774c dev eth0.2 table local metric 0
  465. ff00::/8 dev eth0 table local metric 256
  466. ff00::/8 dev eth0.2 table local metric 256
  467. ff00::/8 dev wlan0 table local metric 256
  468. ff00::/8 dev br-lan table local metric 256
  469. root@Archer_C50:~# ip rule show
  470. 0: from all lookup local
  471. 32766: from all lookup main
  472. 32767: from all lookup default
  473.  
  474. iptables-save -c
  475.  
  476. # Generated by iptables-save v1.8.3 on Mon May 10 06:46:50 2021
  477. *nat
  478. :PREROUTING ACCEPT [1247:177624]
  479. :INPUT ACCEPT [56:4720]
  480. :OUTPUT ACCEPT [649:45730]
  481. :POSTROUTING ACCEPT [2:677]
  482. :postrouting_lan_rule - [0:0]
  483. :postrouting_rule - [0:0]
  484. :postrouting_wan_rule - [0:0]
  485. :prerouting_lan_rule - [0:0]
  486. :prerouting_rule - [0:0]
  487. :prerouting_wan_rule - [0:0]
  488. :zone_lan_postrouting - [0:0]
  489. :zone_lan_prerouting - [0:0]
  490. :zone_wan_postrouting - [0:0]
  491. :zone_wan_prerouting - [0:0]
  492. [1247:177624] -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
  493. [976:114622] -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
  494. [271:63002] -A PREROUTING -i eth0.2 -m comment --comment "!fw3" -j zone_wan_prerouting
  495. [1229:93884] -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
  496. [2:677] -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
  497. [1227:93207] -A POSTROUTING -o eth0.2 -m comment --comment "!fw3" -j zone_wan_postrouting
  498. [2:677] -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
  499. [0:0] -A zone_lan_postrouting -s 192.168.12.0/24 -d 192.168.12.117/32 -p tcp -m tcp --dport 25565 -m comment --comment "!fw3: Mc java (reflection)" -j SNAT --to-source 192.168.12.1
  500. [0:0] -A zone_lan_postrouting -s 192.168.12.0/24 -d 192.168.12.117/32 -p udp -m udp --dport 25565 -m comment --comment "!fw3: Mc java (reflection)" -j SNAT --to-source 192.168.12.1
  501. [976:114622] -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
  502. [0:0] -A zone_lan_prerouting -s 192.168.12.0/24 -d 192.168.100.71/32 -p tcp -m tcp --dport 25565 -m comment --comment "!fw3: Mc java (reflection)" -j DNAT --to-destination 192.168.12.117:25565
  503. [0:0] -A zone_lan_prerouting -s 192.168.12.0/24 -d 192.168.100.71/32 -p udp -m udp --dport 25565 -m comment --comment "!fw3: Mc java (reflection)" -j DNAT --to-destination 192.168.12.117:25565
  504. [1227:93207] -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
  505. [1227:93207] -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
  506. [271:63002] -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
  507. [0:0] -A zone_wan_prerouting -p tcp -m tcp --dport 25565 -m comment --comment "!fw3: Mc java" -j DNAT --to-destination 192.168.12.117:25565
  508. [0:0] -A zone_wan_prerouting -p udp -m udp --dport 25565 -m comment --comment "!fw3: Mc java" -j DNAT --to-destination 192.168.12.117:25565
  509. COMMIT
  510. # Completed on Mon May 10 06:46:50 2021
  511. # Generated by iptables-save v1.8.3 on Mon May 10 06:46:50 2021
  512. *mangle
  513. :PREROUTING ACCEPT [59516:36825578]
  514. :INPUT ACCEPT [1107:143655]
  515. :FORWARD ACCEPT [57841:36561567]
  516. :OUTPUT ACCEPT [1012:112826]
  517. :POSTROUTING ACCEPT [58835:36673486]
  518. [560:33520] -A FORWARD -o eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  519. [566:32136] -A FORWARD -i eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
  520. COMMIT
  521. # Completed on Mon May 10 06:46:50 2021
  522. # Generated by iptables-save v1.8.3 on Mon May 10 06:46:50 2021
  523. *filter
  524. :INPUT ACCEPT [1:52]
  525. :FORWARD DROP [0:0]
  526. :OUTPUT ACCEPT [0:0]
  527. :forwarding_lan_rule - [0:0]
  528. :forwarding_rule - [0:0]
  529. :forwarding_wan_rule - [0:0]
  530. :input_lan_rule - [0:0]
  531. :input_rule - [0:0]
  532. :input_wan_rule - [0:0]
  533. :output_lan_rule - [0:0]
  534. :output_rule - [0:0]
  535. :output_wan_rule - [0:0]
  536. :reject - [0:0]
  537. :syn_flood - [0:0]
  538. :zone_lan_dest_ACCEPT - [0:0]
  539. :zone_lan_forward - [0:0]
  540. :zone_lan_input - [0:0]
  541. :zone_lan_output - [0:0]
  542. :zone_lan_src_ACCEPT - [0:0]
  543. :zone_wan_dest_ACCEPT - [0:0]
  544. :zone_wan_dest_REJECT - [0:0]
  545. :zone_wan_forward - [0:0]
  546. :zone_wan_input - [0:0]
  547. :zone_wan_output - [0:0]
  548. :zone_wan_src_REJECT - [0:0]
  549. [0:0] -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
  550. [1108:143695] -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
  551. [949:129807] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  552. [4:216] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
  553. [107:9134] -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
  554. [52:4754] -A INPUT -i eth0.2 -m comment --comment "!fw3" -j zone_wan_input
  555. [57841:36561567] -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
  556. [57180:36508853] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  557. [661:52714] -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
  558. [0:0] -A FORWARD -i eth0.2 -m comment --comment "!fw3" -j zone_wan_forward
  559. [0:0] -A FORWARD -m comment --comment "!fw3" -j reject
  560. [0:0] -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
  561. [1015:113714] -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
  562. [364:67616] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
  563. [4:1045] -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
  564. [647:45053] -A OUTPUT -o eth0.2 -m comment --comment "!fw3" -j zone_wan_output
  565. [9:360] -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
  566. [43:4394] -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
  567. [4:216] -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
  568. [0:0] -A syn_flood -m comment --comment "!fw3" -j DROP
  569. [4:1045] -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
  570. [661:52714] -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
  571. [661:52714] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
  572. [0:0] -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  573. [0:0] -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  574. [107:9134] -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
  575. [0:0] -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  576. [107:9134] -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
  577. [4:1045] -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
  578. [4:1045] -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
  579. [106:9082] -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
  580. [18:907] -A zone_wan_dest_ACCEPT -o eth0.2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
  581. [1290:96860] -A zone_wan_dest_ACCEPT -o eth0.2 -m comment --comment "!fw3" -j ACCEPT
  582. [0:0] -A zone_wan_dest_REJECT -o eth0.2 -m comment --comment "!fw3" -j reject
  583. [0:0] -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
  584. [0:0] -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
  585. [0:0] -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
  586. [0:0] -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
  587. [0:0] -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
  588. [52:4754] -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
  589. [0:0] -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
  590. [0:0] -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
  591. [0:0] -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
  592. [0:0] -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
  593. [52:4754] -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
  594. [647:45053] -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
  595. [647:45053] -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
  596. [52:4754] -A zone_wan_src_REJECT -i eth0.2 -m comment --comment "!fw3" -j reject
  597. COMMIT
  598. # Completed on Mon May 10 06:46:50 2021
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!