Iptables command ignored without error message

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
Valchris
DD-WRT Novice


Joined: 28 Aug 2020
Posts: 2
PostPosted: Fri Aug 28, 2020 22:51    Post subject: Iptables command ignored without error message Reply with quote
Hello, I am running an iptables command from telnet to my router, each time I run the command it seems to have no effect and I can't see it listed in the list of rules.

Code:
root@DD-WRT:~# iptables -t mangle -I POSTROUTING -o `get_wanface` -j TTL --ttl-set 65 -v


Returns the following output:
Code:
TTL  0 opt -- in * out vlan2  0.0.0.0/0  -> 0.0.0.0/0  TTL set to 65


As far as I can tell, this looks correct. So I tried to check the tables to ensure the rule is listed:

Code:
root@DD-WRT:~# iptables -t mangle -vnL POSTROUTING


And the response I get appears to be blank:

Code:
Chain POSTROUTING (policy ACCEPT 108K packets, 60M bytes)                                                                                                                                    pkts bytes target     prot opt in     out     source               destination 


Please help me understand where I am going wrong.


Relevant router specs:
    DD-WRT v3.0-r42729 std (c) 2020 NewMedia-NET GmbH
    Release: 03/18/20
    Board: TP-Link ARCHER-A7 v5
Back to top View user's profile Send private message
Sponsor
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9157
PostPosted: Sat Aug 29, 2020 0:03    Post subject: Reply with quote
On dd-wrt, the fact it reports adding the rule doesn't necessarily mean it did (yeah, weird). For space saving reasons, dd-wrt removes many error messages from the system (these days, w/ the amount of flash typically available, that shouldn't be necessary, but given the continued need to support legacy routers, it just is).

If I run that command on tomato (which I know doesn't support it unless the TTL module is loaded), I get the following:

Code:
root@tomato-lab2:/tmp/home/root# iptables -t mangle -I POSTROUTING -o vlan2 -j TTL --ttl-set 65 -v
TTL  all opt -- in * out vlan2  0.0.0.0/0  -> 0.0.0.0/0   TTL set to 65
iptables: No chain/target/match by that name.


Notice I get the same output as you, *plus* an error message. See what I mean?

At least on tomato, I need to explicitly load the TTL module first, then it works.

Code:
insmod xt_HL


I always thought dd-wrt loaded this automatically, or it was in the firmware by default, but maybe there are exceptions. I can't guarantee that xt_HL is the module you need on dd-wrt. I'm only saying it works here for tomato.
_________________
ddwrt-ovpn-split-basic.sh (UPDATED!) * ddwrt-ovpn-split-advanced.sh (UPDATED!) * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-remote-access.sh * ddwrt-ovpn-client-backup.sh * ddwrt-mount-usb-drives.sh * ddwrt-blacklist-domains.sh * ddwrt-wol-port-forward.sh * ddwrt-dns-monitor.sh (NEW!)
Back to top View user's profile Send private message
Valchris
DD-WRT Novice


Joined: 28 Aug 2020
Posts: 2
PostPosted: Sat Aug 29, 2020 0:48    Post subject: Reply with quote
Wow! Thank you Eibgrad, that did the trick. Really appreciate the fast response!

eibgrad wrote:
On dd-wrt, the fact it reports adding the rule doesn't necessarily mean it did (yeah, weird). For space saving reasons, dd-wrt removes many error messages from the system (these days, w/ the amount of flash typically available, that shouldn't be necessary, but given the continued need to support legacy routers, it just is).

If I run that command on tomato (which I know doesn't support it unless the TTL module is loaded), I get the following:

Code:
root@tomato-lab2:/tmp/home/root# iptables -t mangle -I POSTROUTING -o vlan2 -j TTL --ttl-set 65 -v
TTL  all opt -- in * out vlan2  0.0.0.0/0  -> 0.0.0.0/0   TTL set to 65
iptables: No chain/target/match by that name.


Notice I get the same output as you, *plus* an error message. See what I mean?

At least on tomato, I need to explicitly load the TTL module first, then it works.

Code:
insmod xt_HL


I always thought dd-wrt loaded this automatically, or it was in the firmware by default, but maybe there are exceptions. I can't guarantee that xt_HL is the module you need on dd-wrt. I'm only saying it works here for tomato.
Back to top View user's profile Send private message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12917
Location: Netherlands
PostPosted: Sat Aug 29, 2020 8:15    Post subject: Reply with quote
On devices with 64 MB and higher flash ram it is loaded automatically,
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum