Hi uklad!
BT locked the Huawei by firewalling all LAN-side access to the device. It is by dropping the relevant firewall rule(s) that LAN-side access is re-enabled.
In Linux, the kernel-level firewall is called
netfilter. We can see from the ECI boot logs you uploaded that the code for
netfilter is compiled 'monolithically' into the kernel image itself.
The kernel-side of the Linux firewalling framework is normally interfaced with the userspace using a tool called
iptables. [1]
iptables is invoked by init scripts to define the firewall rule chains.
However, in the case of the ECI, that is not how it is done.
The kernel boot logs reveal the presence of the
netfilter kernel modules but there is no sign of any corresponding iptables binary in the root file system. As such, it's not clear how the firewall is actually configured.
The
iptables tool is not strictly needed to configure the firewall. Its functioning could be replicated through kernel calls hidden away in other userspace code. That's not a normal thing to do though. Maybe it is being used here to obfuscate?
With a serial console, it should still be possible to determine exactly what is being run at boot time. And, in particular, how and where the firewall is configured. It's just a case of following the boot sequence.
The first userspace process executed by every Unix machine is '
/sbin/init'. The '
init' process is shown as process id (pid) #1.
In many embedded systems,
/sbin/init is actually a symbolic link to
/bin/busybox. Busybox attempts to mimic the functionality of
Unix System V initscripts, but without the resource overheads.
The
init process loads its configuration from the file
/etc/inittab [2]
That
inittab config file identifies the scripts that are to be executed by the
init process.
The code invoked by those scripts will configure the firewall. ;-)
Studying those initscripts should reveal the nature of the firewalling, and how to remove the firewall rules. Ultimately this could be used to re-enable LAN-side access to the web interface.
cheers, a
[1]
http://www.netfilter.org/[2]
http://www.kerneltravel.net/downloads/Building.Embedded.Linux.Systems.pdf (ch.6.8 )