[Frage] Nutzung des AVM-firewall/-forwarding Web-IF bei Fritz!OS 7.x

MikeBl

Neuer User
Mitglied seit
3 Feb 2008
Beiträge
43
Punkte für Reaktionen
2
Punkte
8
Kurze Frage. Kann es sein das beim Image Bauen für eine 7590 mit 7-er Firmware das avm-forwarding cgi deaktiviert ist? Dieser Menüpunkt ist in der Freetzoberfläche nicht mehr auffindbar. Auch beim Bauen nirgends zu finden.
(Tippe darauf, dass dies unter der ar7. cfg gemacht werden sollte)

Danke.

Hat sich erledigt, gelöst
 
Zuletzt bearbeitet:
I'm not getting any option for forwarding.
I just placed a # before "depends on FREETZ_AVM_VERSION_06_0X_MIN && FREETZ_AVM_VERSION_06_5X_MAX" in ~/trunk/make/avm-forwarding/Config.in

It will then give me "AVM-forwarding 0.0.1b - EXPERIMENTAL"

Am I supposed to get a webinterface for firewall manipulation????
I want to make a 7490 firmware International 6.8x

It looks as if FREETZ_AVM_VERSION_06_0X_MIN is actively preventing me from getting a WebIF.

There's FREETZ_AVM_VERSION_05_5X_MAX in ~/trunk/make/avm-firewall/Config.in

I've always been able to use FREETZ_PACKAGE_AVM_FIREWALL

If I can't make the forwardings I need, I have no advantages using Freetz as opposed to the standard firmware.
I know that firewall manipulation always has been a bit unstable, but I can't miss it.

I hell coming to the world if I place a # before that line or is there a better solution?

### Zusammenführung Doppelpost by stoney ###

The culprit was this code in ~/trunk/make/zabbix/Config.in
Code:
        select FREETZ_PACKAGE_AVM_FIREWALL     if !FREETZ_AVM_HAS_AR7CFG_V12_MIN
        select FREETZ_PACKAGE_AVM_FORWARDING   if FREETZ_AVM_HAS_AR7CFG_V12_MIN
which I changed into
Code:
        select FREETZ_PACKAGE_AVM_FIREWALL      if FREETZ_AVM_VERSION_05_5X_MAX
        select FREETZ_PACKAGE_AVM_FORWARDING    if !FREETZ_AVM_VERSION_05_5X_MAX

It somehow suddenly started to select FREETZ_PACKAGE_AVM_FIREWALL where it before always selected FREETZ_PACKAGE_AVM_FORWARDING

I wrote those lines in ~/trunk/make/zabbix/Config.in
 
Zuletzt bearbeitet von einem Moderator:
Neither AVM_FIREWALL- nor AVM_FORWARDING-package works with Fritz!OS >= 6.8x.
 
I know it never was that stable, but has anything changed to worsen that?
I had some way of working around that

It has always been in there in many 6.8x versions.
Will a better one come back?

If I patch it so it is enabled anyhow, will it work worse than it did in other 6.8 versions where it was normally enabled.
 
The whole reason I'm using Freetz instead of the standard firmware is having remote access to its console and the ability to run the Zabbix agent.
For both I need port forwardings to itself.

Without this I have no reason to use Freetz.

Is it a solution to patch the AVM-firewall so it accepts forwards to itself???
That would even be better...

I'm apparently missing some info here.
Can someone fill me in why this change has become retro active?

Neither AVM_FIREWALL- nor AVM_FORWARDING-package works with Fritz!OS >= 6.8x.

You used >=6.8x
Should it have been >6.8 maybe?
 
Aha...
So the trick is to use voip_forwardrules instead of internet_forwardrules ??
The Freetz developers think they are safer there.

But this means that Freetz can do this as well.
Are there any plans to create this?
 
So far no one volunteered to adapt the "old" forwarding GUI to the new firmware versions. It seems that everyone does it manually via the command line.
Mind that those rules only work when voipd is running.
 
There was a post (short time ago) that firewall settings from "vpn.cfg" are not taken into account any longer with FRITZ!OS 7 - in the past they were an alternative way to open ports on the box itself, while the "avmike" daemon was running.

It's not really useful to adapt the firewall packet to the new behavior.

If anybody wants a stable and reliable manner to activate local port forwardings, (s)he should consider to implement a helper function into the daemon in question.

Or we need another (new) daemon as a service, where any startup script may register a local port forwarding for the daemon it just started prior.

Both approaches would need some efforts - there are open points with bigger importance in my opinion.

Any interested programmer, who wants to implement it himself in a safe and future-proof manner (using the PCP daemon), should have a look at the "ftpd" server - AVM's programmer uses there an utility to open the incoming ports for passive transfers dynamically.

Usually PCP mappings have to be renewed within a short interval ... therefore one single call is not really an option, if there's no additional daemon to manage these recurring refreshes.
 
Könnte man das AVM-Forwarding und die AVM-Firewall nicht in den Bereich Developer als Auswahl wieder aktievieren ?
Würde das gerne zu testzwecken hin und wieder mal aktivieren wollen.
Leider weiß ich nicht wie ich das im trunk dauerhaft als Auswahl aktivieren kann. Derzeit löse ich die Frage über die .config
 
Du solltest aber erwähnen das das eine nicht von Freetz gewollte und eigenmächtige Änderung an der .config ist.
Ob wirklich alle Funktionen der Firewall wie früher funktionieren und ob man durch den Eingriff nicht etwas aktiviert was so nicht gewollt ist, haben wir noch nicht nachgewiesen. Es wird schon seinen Grund gehabt haben warum damals die Firewall deaktiviert wurde.
 
Hallo ,kann das freetz team nicht die AVM Firewall wieder in freetz aktivieren so wie es früher mal war.

Iptables . Das währe echt super .
 
  • Like
Reaktionen: alis123
Holen Sie sich 3CX - völlig kostenlos!
Verbinden Sie Ihr Team und Ihre Kunden Telefonie Livechat Videokonferenzen

Gehostet oder selbst-verwaltet. Für bis zu 10 Nutzer dauerhaft kostenlos. Keine Kreditkartendetails erforderlich. Ohne Risiko testen.

3CX
Für diese E-Mail-Adresse besteht bereits ein 3CX-Konto. Sie werden zum Kundenportal weitergeleitet, wo Sie sich anmelden oder Ihr Passwort zurücksetzen können, falls Sie dieses vergessen haben.