Dear IPFire PROs
I thoroughly screwed up (related to my capabilities) and would be glad if I could get some support on the below:
My initial IPFire system main aspects:
Alix board w/ red (WAN), green (LAN), blue (WiFi), orange (DMZ), OVPN
IPFire 2.21 (i586) core 128
No specific firewall rules except routing blue to green for TCP and UDP
SSH is off.
tried to create a (set of) firewall rules in IPFire WUI to tie in a device that obviously could not communicate with it’s cloud service based on existing firewall rules (DMZ pinhole) (excluded device defect by tying it in at ISP router which I need to use as modem)
gave that device which is connected via ethernet only a static IP based on MAC in IPFire DHCP setup
Managed with some firewall rule configuration to reach a sync, but no further communication as it would do if it was not sitting behind my firewall
attempted further variations of firewall rule and finally managed (seemingly) to route ALL queries directed to my IPFire to the IP of that device, since actually i cannot reach my IPFire WUI any longer.
Only access I still have to the IPFire currently is to the console via RS232 and Putty.
Internet access through the IPFire sill works, however since I’m not 100% sure what that latest rule variation does, I unplugged red (long live mobile hotspot)
I researched couple of community entries and wiki articles and could find one line in iptables FORWARDFW rules that would most likely represent this malicious rule i created, however it seems that it will not be removed even if i use iptables -D to this line - or if it takes effect, which other rule in iptables would relate to this:
-A FORWARDFW -d 192.168.0.**/32 -i red0 -j ACCEPT
which seems to be the same as below in FORWARDFW chain for iptables -L
ACCEPT all -- anywhere **device.**Network
only other line i traced that /could/ be related is this one in POLICYFWD after doing iptables -L:
ACCEPT all -- **Fire.**Network/24 anywhere
otherwise I could not identify any rules or chains from iptables that would have an indication to the specific device or the IPFire host.
- I looked into the firewall.local yet I could not find a more detailed syntax / description on how firewall rules are represented there, how and where they are tied in, which would give me sufficient confidence to utilize this script.
If I remember correctly, that rule looked like the following in WUI (but i might be wrong here):
Source: Standard Network RED
NAT: Destination NAT (Port forwarding)
New source IP: green (IP of IPFire)
Destination: static Device IP
Optically it looked in the rules list such that RED was listed under source and a combination of IPFire address above target address was listed under Destination.
So here I am now, asking kindly and hoping for your support or guidance on how I best could remove this stupid rule that forwards my former WUI query to a different IP (respectively masks the reply with a different IP) so that I can no longer reach it, other than by console.
Thanks in advance for your replies, and let me know what additional information would be required to give recommendations.