Jump to content


Photo

Firewall on openpli


  • Please log in to reply
11 replies to this topic

#1 beastyboy

  • Senior Member
  • 36 posts

0
Neutral

Posted 19 November 2015 - 18:44

Last weekend i was thinking to give another try to openpli on my vu+ solo 2. Everything was running great but i have encountered some problems when i was trying to make my firewall script to work.
I have managed to install iptables but i didn't found the following packages:
kernel-module-ipt-reject
kernel-module-xt-tcpudp

On other images those packages are in place.
Can you tell me what should i do?

Re: Firewall on openpli #2 40H3X

  • Forum Moderator
    PLi® Contributor
  • 5,782 posts

+186
Excellent

Posted 19 November 2015 - 18:50

You should not need a firewall on your stb, as a stb should be in your LAN.

Hardware: Vu+ Uno 4K SE - Vu+ Duo 4K  - Fuba 78 cm - Tripleblock LNB Quad 19.2/23.5/28.2 - DS918+
Software : OpenPLi - OSCam - Settings van Hans - Autotimer - EPGImport

---------------------------------------------------------------------------------------------------------------------------------------

Remember: Upvote with the rep_up.png button for any user/post you find to be helpful, informative, or deserving of recognition!

---------------------------------------------------------------------------------------------------------------------------------------

Many answers to your question can be found in our new and improved wiki

Note: I do not provide support via PM !.


Re: Firewall on openpli #3 beastyboy

  • Senior Member
  • 36 posts

0
Neutral

Posted 19 November 2015 - 19:00

I know but i need a firewall as i use my box for streaming from one town to another, and i am doing software updates via telnet or ssh.

Last days i have seen some invalid username/password in logs mostly from chinese ip's so i need my own firewall for security reasons

Re: Firewall on openpli #4 Erik Slagter

  • PLi® Core member
  • 46,951 posts

+541
Excellent

Posted 19 November 2015 - 19:15

I won't forbid it ;) But you're on your own then... Not supported.


* Wavefrontier T90 with 28E/23E/19E/13E via SCR switches 2 x 2 x 6 user bands
I don't read PM -> if you have something to ask or to report, do it in the forum so others can benefit. I don't take freelance jobs.
Ik lees geen PM -> als je iets te vragen of te melden hebt, doe het op het forum, zodat anderen er ook wat aan hebben.


Re: Firewall on openpli #5 Tony il Capo

  • Senior Member
  • 96 posts

0
Neutral

Posted 19 November 2015 - 19:28

You don't need a firewall in your box if you have a proper LAN configuration. Your router shouldn't allow any incoming connections that you didn't granted (port forwarding).

You should get a supported openwrt router, flash a user friendly image like ROOter, and then use SSH to connect to your LAN when outside - using SSH tunnel (encrypted connection) - port forwards on client... It takes a little bit of learning.. but then you can close all ports on router and leave just SSH one open. It only allows connections that have the private keys that match.


DVBS Tuner (satfinder only) || GI Avatar 2 2xDVBS2 (spark162_SH4) ||Vu+ Zero || Vu+ Duo2 4xDVBS2 1TB HD || OpenATV 6.0

0,6m+(0.8m)+0,9m+1,2m Multi feed @13ºE, 19.2ºE, 28.3ºE, 30W

Samsung 32" HDTV || 2.1 Trust Tytan

Win 10 x64 || FX8350 || 8GB RAM || MSI Gaming GTX970 || ASUS VP278H 27" || Trust Tytan 2.1 || Logitech G29

Raspberry PI 3 Model B || Samsung S22c300 21.5"

TPLINK WR1043NDv2  running LEDE || OpenVPN >=< LAN||  Lt26i Custom Android


Re: Firewall on openpli #6 MiLo

  • PLi® Core member
  • 14,042 posts

+298
Excellent

Posted 21 November 2015 - 19:57

Last weekend i was thinking to give another try to openpli on my vu+ solo 2. Everything was running great but i have encountered some problems when i was trying to make my firewall script to work.
I have managed to install iptables but i didn't found the following packages:
kernel-module-ipt-reject
kernel-module-xt-tcpudp

On other images those packages are in place.
Can you tell me what should i do?


Download the OpenPLi code, configure the kernel to build them. That's basically the only option available at this time.
Real musicians never die - they just decompose

Re: Firewall on openpli #7 MiLo

  • PLi® Core member
  • 14,042 posts

+298
Excellent

Posted 21 November 2015 - 20:01

Open only the SSH port, and tunnel everything on that. Use key authentication.

If there's no NAT router on your net, close all other things, in particular, telnet, ftp and http. And set the root password to a 16-character string.
Real musicians never die - they just decompose

Re: Firewall on openpli #8 Erik Slagter

  • PLi® Core member
  • 46,951 posts

+541
Excellent

Posted 21 November 2015 - 20:01

and hope it won't change the kernel signature ;)


* Wavefrontier T90 with 28E/23E/19E/13E via SCR switches 2 x 2 x 6 user bands
I don't read PM -> if you have something to ask or to report, do it in the forum so others can benefit. I don't take freelance jobs.
Ik lees geen PM -> als je iets te vragen of te melden hebt, doe het op het forum, zodat anderen er ook wat aan hebben.


Re: Firewall on openpli #9 littlesat

  • PLi® Core member
  • 56,123 posts

+685
Excellent

Posted 22 November 2015 - 00:35

Or install openvpn... Make a keyset and arrange a openvpn config and open an udp port for openvpn to your box... Probably even more save than ssh... For using blackbox on an ipad the only thing that works stable and secure as from ios 7 the ssh connection wil be brokem after 5 min by ios when you leave the application that forwards the required ports.... Openvpn on an ipad doesn't do that...

Likely I soon will give you a plan how you can arrange that step-by-step... Including how to create the required keys and licences... And including how to create the .opvn file for your ipad or iphone...

Edited by littlesat, 22 November 2015 - 00:39.

WaveFrontier 28.2E | 23.5E | 19.2E | 16E | 13E | 10/9E | 7E | 5E | 1W | 4/5W | 15W


Re: Firewall on openpli #10 mackguil

  • Senior Member
  • 158 posts

0
Neutral

Posted 24 November 2015 - 15:40

Iptables can also work for filtering.

 

i use it behind a ssh tunnel to access my set top box.



Re: Firewall on openpli #11 littlesat

  • PLi® Core member
  • 56,123 posts

+685
Excellent

Posted 24 November 2015 - 17:51

I also use ssh tunnel... but with an iPad with recent iOS the port forwarding will be closed after 5 minutes or so when you are in a different app.... So I switched to (Open)VPN.


WaveFrontier 28.2E | 23.5E | 19.2E | 16E | 13E | 10/9E | 7E | 5E | 1W | 4/5W | 15W


Re: Firewall on openpli #12 Tony il Capo

  • Senior Member
  • 96 posts

0
Neutral

Posted 24 November 2015 - 18:45

It works great on Android, ConnectBot does the job (connection and port forwarding) perfectly

For accessing from Android devices or other PC, I think SSH is the way to go.


DVBS Tuner (satfinder only) || GI Avatar 2 2xDVBS2 (spark162_SH4) ||Vu+ Zero || Vu+ Duo2 4xDVBS2 1TB HD || OpenATV 6.0

0,6m+(0.8m)+0,9m+1,2m Multi feed @13ºE, 19.2ºE, 28.3ºE, 30W

Samsung 32" HDTV || 2.1 Trust Tytan

Win 10 x64 || FX8350 || 8GB RAM || MSI Gaming GTX970 || ASUS VP278H 27" || Trust Tytan 2.1 || Logitech G29

Raspberry PI 3 Model B || Samsung S22c300 21.5"

TPLINK WR1043NDv2  running LEDE || OpenVPN >=< LAN||  Lt26i Custom Android



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users