The nat table is for Network Address Translation and it includes the PREROUTING and POSTROUTING chains. The filter table is default and this includes chains like INPUT, OUTPUT, and FORWARD. The main tables we are concerned with are the "filter" table and the "nat" table. Tip: To list the network interfaces on the router use 'ifconfig' on the command line. So, if using PPPoE will require replacing vlan1 with ppp0 in each instance. This information is from IPv6 page and quoted here: "The detailed configuration steps are targeted toward users with a basic DHCP connection for the WAN part. Note: ppp0 is the WAN interface when PPPoE is used. Vlan1 is the WAN port (K24 Only) or the 4 LAN ports (K26 and K3.x) (ppp0 is the WAN interface when PPPoE is used)īr0 is a bridge connecting the 4 LAN and the WIFI together When using the -i or -o to define the physical interfaces, remember that by default: set-counters PKTS BYTES set the counter during insert/append modprobe= try to insert modules using this command fragment -f match second or further fragments only exact -x expand numbers (display exact values) line-numbers print line numbers when listing table -t table table to manipulate (default: `filter') numeric -n numeric output of addresses and ports Match when the TCP flags are as specified: Target for rule (may load target extension) Source port (use `:' when specifying range) A "!" argument before the address specification inverts the Specifying the number of 1's at the left side of the network mask. The mask can be either a network mask or a plain number, new -N chain Create a new user-defined chainĬhange chain name, (moving any references) zero -Z Zero counters in chain or all chains flush -F Delete all rules in chain or all chains list -L List the rules in a chain or all chains Replace rule rulenum (1 = first) in chain Insert in chain as rulenum (default 1=first) delete -D chain Delete matching rule from chainĭelete rule rulenum (1 = first) from chain Iptables -h (print this help information) Commands Iptables -E old-chain-name new-chain-name Iptables - chain rulenum rule-specification Basic Usage iptables - chain rule-specification 9 Firewall blocks DHCP renewal responses.6.11 Reject clients from accessing the router's configuration.6.10 Block all traffic except HTTP HTTPS and FTP.6.9 Allow HTTP traffic only to specific domain(s).6.8 Block outgoing SMTP traffic except from specified hosts.6.7 Block SMTP traffic except to specified hosts.6.6 Deny access to a specific Outbound IP address with logging. 6.5 Deny access to a specific IP address range with Logging.6.3 Deny access to a specific IP address.6.2 Port Forwarding to a specific LAN IP.It's my first time using iptables and all the information I see online seems to indicate i'm doing it correctly. Unfortunatly, everytime I reach "iptables -A INPUT -j DROP" i lose my telnet connection to the router like all teh rules i've set before where being ignored. Iptables -A INPUT -p tcp -s 10.80.91.2 -sport 80 -m state -state ESTABLISHED -j ACCEPT Iptables -A OUTPUT -p tcp -d 10.80.91.2 -dport 80 -m state -state NEW,ESTABLISHED -j ACCEPT Iptables -A INPUT -p tcp -s 10.80.91.2 -sport 53 -m state -state ESTABLISHED -j ACCEPT Iptables -A OUTPUT -p tcp -d 10.80.91.2 -dport 53 -m state -state NEW,ESTABLISHED -j ACCEPT Iptables -A INPUT -p udp -s 10.80.91.2 -sport 53 -m state -state ESTABLISHED -j ACCEPT Iptables -A OUTPUT -p udp -d 10.80.91.2 -dport 53 -m state -state NEW,ESTABLISHED -j ACCEPT Iptables -A INPUT -p udp -sport 123 -m state -state ESTABLISHED -j ACCEPT Iptables -A OUTPUT -p udp -dport 123 -m state -state NEW,ESTABLISHED -j ACCEPT Iptables -A INPUT -p icmp -m state -state ESTABLISHED,RELATED -j ACCEPT Iptables -A OUTPUT -p icmp -m state -state NEW,ESTABLISHED,RELATED -j ACCEPT Iptables -A OUTPUT -d 127.0.0.1 -j ACCEPT The idea is having the routers LAN/WIFI being open to the arduino devices and only allowing trafic to leave the WAN port to the company LAN if it's for the controlling server. I'm trying to setup a dd-wrt router to serve as a subnetwork for some custom built arduino devices.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |