Creating VLAN and IPTABLES questions...

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page Previous  1, 2
Author Message
ampapa
DD-WRT User


Joined: 25 Nov 2011
Posts: 102

PostPosted: Mon May 10, 2021 19:16    Post subject: Reply with quote
Sorry SIW.. I most definitely was not trying to over complicate things, and bog users down, just trying to learn a bit about iptables and the configuration of dd-wrt, I appreciate your input.

My overall goal here is to isolate the br1 network from the br0 network. I need to allow the br0 complete access to br1 but I do not want br1 access to br0, br1 should have access to the WAN/internet.

"Net Isolation", I assume that will that totally isolate communication between br0 and br1? I think I get that. I'm assuming that would allow communication on both networks to the WAN/internet but no communication between the 2 networks.

Is there a GUI for viewing the default firewall settings?
Sponsor
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1445
Location: Appalachian mountains, USA

PostPosted: Mon May 10, 2021 19:59    Post subject: Reply with quote
Ah... I had lost that you wanted to limit br1's access to br0 but without full Net Isolation (about which you are correct). Seems to me that would be

iptables -I FORWARD -i br1 -o br0 -m state --state NEW -j REJECT --reject-with icmp-host-prohibited

I'm not at all an iptables/firewall expert though, so perhaps someone else will chime in if I've missed the boat.

There is nothing in the GUI for seeing the default firewall, but you can see it in the CLI with iptables -vnL or you can focus in on a part of it with things like iptables -vnL FORWARD

iptables -t nat -vnL POSTROUTING

(And sorry about getting a bit crabby. Usually a sign I'm trying to squeeze too much into too little day!)

_________________
2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Goto page Previous  1, 2 Display posts from previous:    Page 2 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum