Firewall Changes for Those Who Can’t Get to Userfriendly.org?
Couple of people have mentioned problems getting to userfriendly.org lately. The problem is that the IP that it recently moved onto (126.96.36.199) is still thought of as a restricted IP by your firecard or GGOS/Gateway Guardian based firewall (or maybe something else you have).
If you have a Firecard (this is for all the ex-Merilus people out there), you need to do the following (not sure if this can be done from the management console or not):
- ssh into the device (you know how, if not ask me via email)
- # cd /etc/fw
- edit the file “spoof”: # vi spoof
- a page or so down there is a comment starting
# The rules below exist as per RFC 1466 – Reserved by IANA
Look below that for the line with an IP starting with 69., and remove it.
- save and exit <esc>:x
- re-run the firewall script: # /etc/firewall
Now you should be able to access userfriendly.org. Because I’m bad and lazy and horrible I just removed all the lines below the comment I noted above, at least until an update comes down from SafetyNet.
To make sure that when you reboot the device these changes don’t get lost (which they will), you will have to do the following:
- mount the config partition: # mnt 2
- go into the fw directory on it: # cd /2/etc/fw
- edit and save the file as in the steps above.
Hopefully this will keep things fixed up. Please let me know if I missed anything here guys. Muckhead mentioned that he didn’t have a spoof file in /2/etc/fw, so I’m not sure what’s up with that, maybe an older version of the software or something.
Update It is available to edit from the CSMv2 software. Go to security->setup for the device and click advanced, then remove the 188.8.131.52/8 subnet from the list, then save and upload. If you don’t have anything in the list Muckhead says to set it to the defaults minus the 60.* entry, “and life is good.”