Kill switch blocking access to NAS

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
simi22
DD-WRT Novice


Joined: 07 Apr 2018
Posts: 10

PostPosted: Sun Jan 03, 2021 11:21    Post subject: Kill switch blocking access to NAS Reply with quote
Hello all, hoping someone can help me with this.

I have a NAS running on 192.168.1.10 and VPN router with an IP 192.168.3.0.

When I add the following kill switch script to my DD WRT VPN router I am no longer able to access my NAS shared folders which are connected to a different router on the network. I am able to access them without the kill switch firewall script.

Firewall Kill switch:

iptables -I FORWARD -s 192.168.0.1/24 -j ACCEPT

WAN_IF=`nvram get wan_iface`
iptables -I FORWARD -i br0 -o $WAN_IF -j REJECT --reject-with icmp-host-prohibited
iptables -I FORWARD -i br0 -p tcp -o $WAN_IF -j REJECT --reject-with tcp-reset
iptables -I FORWARD -i br0 -p udp -o $WAN_IF -j REJECT --reject-with udp-reset

Any ideas why the VPN kill switch script is stoping LAN access to the NAS?

Thanks
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 7532
Location: Netherlands

PostPosted: Sun Jan 03, 2021 12:20    Post subject: Reply with quote
if the router/NAS you want to reach is upstream i.e. connected to your WAN port than it is explainable.

The WAN is blocked Smile

You can add a rule to allow that subnet e.g.:
Code:
iptables -I FORWARD -d 192.168.1.0/24 -j ACCEPT

This rule has to come last

_________________
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
WireGuard Documents & Guides:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327397
OpenVPN Documents & Guides: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398
IPSET: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327261
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
simi22
DD-WRT Novice


Joined: 07 Apr 2018
Posts: 10

PostPosted: Sun Jan 03, 2021 12:47    Post subject: Reply with quote
Legend! It worked.

Do you know/mind explaining the difference between the "-I br0" and "-d" part of the code?

thank you
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 7532
Location: Netherlands

PostPosted: Sun Jan 03, 2021 12:56    Post subject: Reply with quote
Our wiki explains it much better than I can:
https://wiki.dd-wrt.com/wiki/index.php/Iptables_command

Have fun Smile

_________________
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
WireGuard Documents & Guides:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327397
OpenVPN Documents & Guides: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398
IPSET: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327261
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum