.titleBar { margin-bottom: 5px!important; }

[Frage] Nutzung des AVM-firewall/-forwarding Web-IF bei Fritz!OS 7.x

Dieses Thema im Forum "Freetz" wurde erstellt von MikeBl, 13 Aug. 2018.

  1. MikeBl

    MikeBl Neuer User

    Registriert seit:
    3 Feb. 2008
    Beiträge:
    36
    Zustimmungen:
    1
    Punkte für Erfolge:
    8
    #1 MikeBl, 13 Aug. 2018
    Zuletzt bearbeitet: 14 Aug. 2018
    Kurze Frage. Kann es sein das beim Image Bauen für eine 7590 mit 7-er Firmware das avm-forwarding cgi deaktiviert ist? Dieser Menüpunkt ist in der Freetzoberfläche nicht mehr auffindbar. Auch beim Bauen nirgends zu finden.
    (Tippe darauf, dass dies unter der ar7. cfg gemacht werden sollte)

    Danke.

    Hat sich erledigt, gelöst
     
  2. PeterPawn

    PeterPawn IPPF-Urgestein

    Registriert seit:
    10 Mai 2006
    Beiträge:
    10,927
    Zustimmungen:
    512
    Punkte für Erfolge:
    113
    Beruf:
    IT-Freelancer
    Ort:
    Berlin
  3. frater

    frater Mitglied

    Registriert seit:
    23 Nov. 2008
    Beiträge:
    397
    Zustimmungen:
    0
    Punkte für Erfolge:
    16
    #3 frater, 24 Aug. 2018
    Zuletzt von einem Moderator bearbeitet: 26 Aug. 2018
    I'm not getting any option for forwarding.
    I just placed a # before "depends on FREETZ_AVM_VERSION_06_0X_MIN && FREETZ_AVM_VERSION_06_5X_MAX" in ~/trunk/make/avm-forwarding/Config.in

    It will then give me "AVM-forwarding 0.0.1b - EXPERIMENTAL"

    Am I supposed to get a webinterface for firewall manipulation????
    I want to make a 7490 firmware International 6.8x

    It looks as if FREETZ_AVM_VERSION_06_0X_MIN is actively preventing me from getting a WebIF.

    There's FREETZ_AVM_VERSION_05_5X_MAX in ~/trunk/make/avm-firewall/Config.in

    I've always been able to use FREETZ_PACKAGE_AVM_FIREWALL

    If I can't make the forwardings I need, I have no advantages using Freetz as opposed to the standard firmware.
    I know that firewall manipulation always has been a bit unstable, but I can't miss it.

    I hell coming to the world if I place a # before that line or is there a better solution?

    ### Zusammenführung Doppelpost by stoney ###

    The culprit was this code in ~/trunk/make/zabbix/Config.in
    Code:
            select FREETZ_PACKAGE_AVM_FIREWALL     if !FREETZ_AVM_HAS_AR7CFG_V12_MIN
            select FREETZ_PACKAGE_AVM_FORWARDING   if FREETZ_AVM_HAS_AR7CFG_V12_MIN
    
    which I changed into
    Code:
            select FREETZ_PACKAGE_AVM_FIREWALL      if FREETZ_AVM_VERSION_05_5X_MAX
            select FREETZ_PACKAGE_AVM_FORWARDING    if !FREETZ_AVM_VERSION_05_5X_MAX
    It somehow suddenly started to select FREETZ_PACKAGE_AVM_FIREWALL where it before always selected FREETZ_PACKAGE_AVM_FORWARDING

    I wrote those lines in ~/trunk/make/zabbix/Config.in
     
  4. er13

    er13 Aktives Mitglied

    Registriert seit:
    20 Dez. 2005
    Beiträge:
    957
    Zustimmungen:
    14
    Punkte für Erfolge:
    18
    Neither AVM_FIREWALL- nor AVM_FORWARDING-package works with Fritz!OS >= 6.8x.
     
  5. frater

    frater Mitglied

    Registriert seit:
    23 Nov. 2008
    Beiträge:
    397
    Zustimmungen:
    0
    Punkte für Erfolge:
    16
    I know it never was that stable, but has anything changed to worsen that?
    I had some way of working around that

    It has always been in there in many 6.8x versions.
    Will a better one come back?

    If I patch it so it is enabled anyhow, will it work worse than it did in other 6.8 versions where it was normally enabled.
     
  6. frater

    frater Mitglied

    Registriert seit:
    23 Nov. 2008
    Beiträge:
    397
    Zustimmungen:
    0
    Punkte für Erfolge:
    16
    The whole reason I'm using Freetz instead of the standard firmware is having remote access to its console and the ability to run the Zabbix agent.
    For both I need port forwardings to itself.

    Without this I have no reason to use Freetz.

    Is it a solution to patch the AVM-firewall so it accepts forwards to itself???
    That would even be better...

    I'm apparently missing some info here.
    Can someone fill me in why this change has become retro active?

    You used >=6.8x
    Should it have been >6.8 maybe?
     
  7. f666

    f666 Neuer User

    Registriert seit:
    6 Apr. 2016
    Beiträge:
    147
    Zustimmungen:
    18
    Punkte für Erfolge:
    18
  8. frater

    frater Mitglied

    Registriert seit:
    23 Nov. 2008
    Beiträge:
    397
    Zustimmungen:
    0
    Punkte für Erfolge:
    16
    Aha...
    So the trick is to use voip_forwardrules instead of internet_forwardrules ??
    The Freetz developers think they are safer there.

    But this means that Freetz can do this as well.
    Are there any plans to create this?
     
  9. f666

    f666 Neuer User

    Registriert seit:
    6 Apr. 2016
    Beiträge:
    147
    Zustimmungen:
    18
    Punkte für Erfolge:
    18
    So far no one volunteered to adapt the "old" forwarding GUI to the new firmware versions. It seems that everyone does it manually via the command line.
    Mind that those rules only work when voipd is running.
     
  10. PeterPawn

    PeterPawn IPPF-Urgestein

    Registriert seit:
    10 Mai 2006
    Beiträge:
    10,927
    Zustimmungen:
    512
    Punkte für Erfolge:
    113
    Beruf:
    IT-Freelancer
    Ort:
    Berlin
    There was a post (short time ago) that firewall settings from "vpn.cfg" are not taken into account any longer with FRITZ!OS 7 - in the past they were an alternative way to open ports on the box itself, while the "avmike" daemon was running.

    It's not really useful to adapt the firewall packet to the new behavior.

    If anybody wants a stable and reliable manner to activate local port forwardings, (s)he should consider to implement a helper function into the daemon in question.

    Or we need another (new) daemon as a service, where any startup script may register a local port forwarding for the daemon it just started prior.

    Both approaches would need some efforts - there are open points with bigger importance in my opinion.

    Any interested programmer, who wants to implement it himself in a safe and future-proof manner (using the PCP daemon), should have a look at the "ftpd" server - AVM's programmer uses there an utility to open the incoming ports for passive transfers dynamically.

    Usually PCP mappings have to be renewed within a short interval ... therefore one single call is not really an option, if there's no additional daemon to manage these recurring refreshes.