elyograg DD-WRT User
Joined: 11 Jul 2021 Posts: 56
|
Posted: Sun Jul 11, 2021 14:16 Post subject: Firewall config isn't shown in "iptables -nL" |
|
First I want to thank everyone here for providing information that I have found very useful during my dd-wrt journey. I've been saved countless hours of time by posts here, and there are some things I might never have figured out without this place.
Something I noticed is that when I view "iptables -nL" output, which on platforms like Ubuntu shows me a whole llot about the firewall config, there are things missing that I know I have configured.
In particular, I have a static route with the "NAT" box checked (so hosts on that network have Internet access). But I see nothing in "iptables -nL" that references that network.
So I'm wondering what I can look at that can show me the full firewall config, and whether any of the packet inspection and mangling is handled in real time by processes outside of iptables.
Apologies if this is a stupid question or if the info is already posted somewhere. I did try to find it, and usually I'm very good at wrangling Google to do my bidding. |
|
egc DD-WRT Guru
Joined: 18 Mar 2014 Posts: 12887 Location: Netherlands
|
Posted: Sun Jul 11, 2021 14:36 Post subject: |
|
It is always helpful if you state router model and build number, see the forum guidelines:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
To answer your question try:
iptables -vnL -t nat
To query the nat table _________________ Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087 |
|
Alozaros DD-WRT Guru
Joined: 16 Nov 2015 Posts: 6437 Location: UK, London, just across the river..
|
Posted: Sun Jul 11, 2021 19:04 Post subject: |
|
cat /tmp/.ipt - shows output of default DDWRT iptables rules loaded/created by developers, by default
iptables -t nat -vnL - shows nat table
iptables -t mangle -vnL - mangle table _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913 |
|