Topic: IPTable Settings for BPALogin

[Luke]

Okay I think I've tracked down the changes that need to be made to the IPTables config to allow BPALogin's heartbeat through etc.

The only thing that I don't know is which template holds the details for the IPTables config (and thus which custom templates I need to create).

If anybody can supply these details, it would be grately appreciated.

Regards,
Luke

[Luke]

Don't worry... found it.

Can anybody confirm the following rules are okay for NSW?:

#Allow the BPA Heartbeat
IPTABLES -A UDPINPUT -s 61.9.192.13 -p udp --dport 5050 -j ACCEPT
   
    #Allow BPA DHCP
IPTABLES -A UDPINPUT -s 61.9.192.13 -p udp --sport 67 --dport 68 -j ACCEPT

Do I need any for the outgoing packets? ( I would of thought not...)

Regards,
Luke

[Luke]

Further to that thought...

Having a look at all the table related files... can somebody point me to the files that need the rules to be added.

Regards,
Luke

[Luke]

Okay.

In attempting to change the default SSH port, I think I've come across the right area to alter for BPALogin.

Could someone please confirm or deny that the following is the way to go:

mkdir -p /etc/e-smith/templates-custom/etc/rc.d/init.d/masq

pico -w /etc/e-smith/templates/etc/rc.d/init.d/masq/46AllowBPALogin

{    $OUT = allow_udp_in(5050,1); }


Regards,
Luke

[Luke]

Ooookay,

Can anybody supply the UDP equivilant of the alloy_tcp_in scripts?

Regards,
Luke

[Damien Curtain]

I use:

45AllowBPA

        /sbin/iptables --insert INPUT 9 --protocol udp --source spr3.nsw.bigpond.net.au \
                --destination $OUTERNET --dport 5050 --in-interface $OUTERIF --jump ACCEPT

Where spr3.nsw.bigpond.net.au is my auth server, I prefer to have just telstra's auth server being able to connect, the allow_udp blah functions are way too limited to achieve this.

And ensure your bpalogin.conf is correct otherwise bpalogin will reject the udp packets... setting authserver and authdomain seems to do the trick.
--
 Damien

[Luke Drumm]

Thanks.

It seems to be doing the job nicely.

Regards,
Luke