Jump to content
XPEnology Community

Question about iptables and DL station CLI


ripreg

Recommended Posts

 

Hi guys.

 

First of all thanks for all your work which is simply awsome!

 

Said that, I want to share my hardware setup so if somebody want to install XPEnology on a computer knows that with this hardware is working and working fine :smile:

 

Intel® Atom CPU D2550 @ 1.86GHz

ASRock AD2550-ITX (full passive)

2 GB DDR3 1333 Mhz (just one for the moment :wink:)

1 x 2TB WD Green

 

Installation went with no problems, everything work fine :smile: - again thanks for your great job.

 

I'm now facing a problem (well actually two)

 

1) the iptables implementation looks really basic and from what I can remember iptables are compiled with the kernel. My problem is that I cannot use the "connlimit" module and yeah, I tried to copy from another Linux box but with no luck :sad:. Do you think is possible to install that module into XPEnology? My goal now is to limit the OUTBOUND http connections number (yeah from my NAS to the internet - long story...)

 

2) I would like to use the CLI for download station: http://downloadstation.jroene.de/ I followed all the instructions but when I run "downloadstation" I get:

 

 


Traceback (most recent call last):

File "/opt/bin/downloadstation", line 16, in

import optparse, sys, os, datetime, time, re, pyPgSQL

ImportError: No module named pyPgSQL

 

 

I'm quite sure I'm missing something really basic but after dealing with this NAS for hours I could be lost a bit :razz:

 

thank you for your time.

 

Link to comment
Share on other sites

1) the iptables implementation looks really basic and from what I can remember iptables are compiled with the kernel. My problem is that I cannot use the "connlimit" module and yeah, I tried to copy from another Linux box but with no luck :sad:. Do you think is possible to install that module into XPEnology? My goal now is to limit the OUTBOUND http connections number (yeah from my NAS to the internet - long story...)

 

2) I would like to use the CLI for download station: http://downloadstation.jroene.de/ I followed all the instructions but when I run "downloadstation" I get:

 

Traceback (most recent call last):
 File "/opt/bin/downloadstation", line 16, in 
   import optparse, sys, os, datetime, time, re, pyPgSQL
ImportError: No module named pyPgSQL

 

First of all you need to install bootstrap : http://forum.synology.com/wiki/index.ph ... stall_ipkg

Use this one : http://ipkg.nslu2-linux.org/feeds/optwa ... 7_i686.xsh

 

Then you can install iptables ipkg and others packages missing for you CLI (according http://downloadstation.jroene.de/ : python24 py-pgsql py24-mx-base).

Link to comment
Share on other sites

  • 2 weeks later...

Back again...

 

So I'm acutally having trouble with DLstation CLI 'cause I can't add any link to it. The command completes just fine but I see nothing in DLStation... very odd.

 

Btw I'm a bit lost with iptables: I restarted my NAS and I added this rule:

 

-A OUTPUT -p tcp -m tcp --dport 80 -m state --state NEW,RELATED -m limit --limit 5/min --limit-burst 1 -j DROP

 

Which SHOULD limit the outbound connection to any IPs on port 80 @ 5 per min.

 

The point is the rule is acutally working (hitcount incrementing) but I can see more than 5 connections ATTEMPT per minute:

 

XPenology> netstat -an | grep ":80"

tcp 1464 0 192.168.0.9:49483 xy.xy.xy.81:80 CLOSE_WAIT

tcp 6 0 192.168.0.9:42483 xy.xy.xy.:80 CLOSE_WAIT

tcp 0 0 192.168.0.9:50774 xy.xy.xy.18:80 TIME_WAIT

tcp 0 1 192.168.0.9:50788 xy.xy.xy.18:80 SYN_SENT

tcp 0 0 192.168.0.9:50763 xy.xy.xy.18:80 TIME_WAIT

tcp 1 0 192.168.0.9:34733 xy.xy.xy.81:80 CLOSE_WAIT

tcp 0 0 192.168.0.9:50778 xy.xy.xy.18:80 TIME_WAIT

tcp 0 0 192.168.0.9:50771 xy.xy.xy.18:80 TIME_WAIT

tcp 1 0 192.168.0.9:37473 xy.xy.xy.81:80 CLOSE_WAIT

tcp 0 0 192.168.0.9:43438 xy.xy.xy.202:80 ESTABLISHED

tcp 0 0 192.168.0.9:50784 xy.xy.xy.18:80 TIME_WAIT

tcp 16 0 192.168.0.9:49484 xy.xy.xy.81:80 CLOSE_WAIT

tcp 0 0 192.168.0.9:50785 xy.xy.xy.18:80 TIME_WAIT

tcp 0 0 192.168.0.9:50779 xy.xy.xy.18:80 ESTABLISHED

tcp 0 0 ::%134822437:80 ::%134897295:* LISTEN

 

 

Well I know that TIME_WAIT doesn't mean there's a connection but it means that my NAS sent a packet to that server which is wrong for me.

 

So my question is: why this rule is working as expected on another linux box but it doesn't work here?

 

Thanks for your help.

Link to comment
Share on other sites

×
×
  • Create New...