Firewall config isn't shown in "iptables -nL"

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
elyograg
DD-WRT User


Joined: 11 Jul 2021
Posts: 56
PostPosted: Sun Jul 11, 2021 14:16    Post subject: Firewall config isn't shown in "iptables -nL" Reply with quote
First I want to thank everyone here for providing information that I have found very useful during my dd-wrt journey. I've been saved countless hours of time by posts here, and there are some things I might never have figured out without this place.

Something I noticed is that when I view "iptables -nL" output, which on platforms like Ubuntu shows me a whole llot about the firewall config, there are things missing that I know I have configured.

In particular, I have a static route with the "NAT" box checked (so hosts on that network have Internet access). But I see nothing in "iptables -nL" that references that network.

So I'm wondering what I can look at that can show me the full firewall config, and whether any of the packet inspection and mangling is handled in real time by processes outside of iptables.

Apologies if this is a stupid question or if the info is already posted somewhere. I did try to find it, and usually I'm very good at wrangling Google to do my bidding.
Back to top View user's profile Send private message
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12877
Location: Netherlands
PostPosted: Sun Jul 11, 2021 14:36    Post subject: Reply with quote
It is always helpful if you state router model and build number, see the forum guidelines:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

To answer your question try:
iptables -vnL -t nat

To query the nat table
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
elyograg
DD-WRT User


Joined: 11 Jul 2021
Posts: 56
PostPosted: Sun Jul 11, 2021 14:56    Post subject: Reply with quote
Apologies for not following rules.

Netgear R9000 is the hardware.

Firmware: DD-WRT v3.0-r47000 std (06/28/21)
Back to top View user's profile Send private message
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6435
Location: UK, London, just across the river..
PostPosted: Sun Jul 11, 2021 19:04    Post subject: Reply with quote
cat /tmp/.ipt - shows output of default DDWRT iptables rules loaded/created by developers, by default

iptables -t nat -vnL - shows nat table

iptables -t mangle -vnL - mangle table
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55779 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum