VLAN outgoing connection

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
grorico
DD-WRT Novice


Joined: 30 Aug 2024
Posts: 5
PostPosted: Mon Jul 28, 2025 13:57    Post subject: VLAN outgoing connection Reply with quote
Hello,

I'm having trouble resolving this issue.
On my wrt3200ACM router, I've configured a VLAN grouping Ethernet ports 3 and 4, and I've isolated this network using the "net isolation" option of the bridge associated with the VLAN.
Since I want to enable communication between the main network and this VLAN via SSH, I forwarded ports 22 (from the main network (192.168.1.0/24) and from the VLAN (192.168.2.0/24) to specific machines.
FROM 192.168.1.0/24 -> TO 192.168.2.99
FROM 192.168.2.0/24 -> TO 192.168.1.2
The first rule works perfectly, and I can connect via SSH to machine 192.168.2.2 (hosted on the VLAN).
But I can't connect from the VLAN to machine 192.168.1.2!

Thanks in advance for your help.
Eric.

Firmware: DD-WRT v3.0-r58389 std (09/20/24)
Linksys 3200 ACM
Operating mode : Gateaway
Wireless mode : AP

Commands
iptables -vnL
Output
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2445 343K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
20 2582 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
7 442 DROP icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 DROP 2 -- eth0 * 0.0.0.0/0 0.0.0.0/0
2 120 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 state NEW
847 66085 ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 ACCEPT all -- vlan3 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- br1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
22 1700 ACCEPT udp -- br1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- br1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
17 2202 DROP all -- br1 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 ACCEPT all -- br1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- br2 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- br1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- br2 * 0.0.0.0/0 0.0.0.0/0
327 22214 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- br1 * 0.0.0.0/0 192.168.1.0/24 state NEW
67211 48M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
36 1860 DROP tcp -- * eth0 !78.195.140.152 0.0.0.0/0 state INVALID
567 186K upnp all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 lan2wan all -- vlan3 * 0.0.0.0/0 0.0.0.0/0
17 1092 lan2wan all -- br1 * 0.0.0.0/0 0.0.0.0/0
0 0 lan2wan all -- br2 * 0.0.0.0/0 0.0.0.0/0
567 186K lan2wan all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- br0 br0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * eth0 192.168.1.0/24 0.0.0.0/0 tcp dpt:1723
0 0 ACCEPT 47 -- * eth0 192.168.1.0/24 0.0.0.0/0
7 388 ACCEPT tcp -- eth0 * 0.0.0.0/0 192.168.2.3 tcp dpt:80
8 436 ACCEPT tcp -- eth0 * 0.0.0.0/0 192.168.2.3 tcp dpt:443
0 0 ACCEPT tcp -- * * 192.168.1.0/24 192.168.2.3 tcp dpt:80
9 540 ACCEPT tcp -- * * 192.168.1.0/24 192.168.2.3 tcp dpt:443
0 0 ACCEPT tcp -- * * 192.168.1.0/24 192.168.2.2 tcp dpt:3389
1 200 ACCEPT tcp -- * * 192.168.1.0/24 192.168.2.99 tcp dpt:22
0 0 ACCEPT tcp -- * * 192.168.2.0/24 192.168.1.2 tcp dpt:22
0 0 TRIGGER all -- eth0 br0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
525 183K trigger_out all -- br0 * 0.0.0.0/0 0.0.0.0/0
0 0 TRIGGER all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- eth0 vlan1 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- vlan1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- vlan1 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- eth0 vlan3 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- vlan3 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- vlan3 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- eth0 wlan0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- wlan0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- wlan0 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- eth0 wlan0.1 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- wlan0.1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- wlan0.1 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- eth0 wlan1 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- wlan1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- wlan1 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- eth0 wlan1.1 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- wlan1.1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- wlan1.1 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 DROP all -- br0 br1 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- eth0 br1 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
17 1092 trigger_out all -- br1 * 0.0.0.0/0 0.0.0.0/0
17 1092 ACCEPT all -- br1 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- eth0 br2 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- br2 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- br2 * 0.0.0.0/0 0.0.0.0/0 state NEW
525 183K ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 ACCEPT all -- br0 eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- br1 eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- br2 eth0 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 402 packets, 30523 bytes)
pkts bytes target prot opt in out source destination
3201 2403K ACCEPT all -- * br0 0.0.0.0/0 0.0.0.0/0
22 5124 ACCEPT all -- * br1 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * br2 0.0.0.0/0 0.0.0.0/0

Chain advgrp_1 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_10 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_11 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_12 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_13 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_14 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_15 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_16 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_17 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_18 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_19 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_2 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_20 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_3 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_4 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_5 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_6 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_7 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_8 (0 references)
pkts bytes target prot opt in out source destination

Chain advgrp_9 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_1 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_10 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_11 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_12 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_13 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_14 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_15 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_16 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_17 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_18 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_19 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_2 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_20 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_3 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_4 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_5 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_6 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_7 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_8 (0 references)
pkts bytes target prot opt in out source destination

Chain grp_9 (0 references)
pkts bytes target prot opt in out source destination

Chain lan2wan (4 references)
pkts bytes target prot opt in out source destination

Chain trigger_out (10 references)
pkts bytes target prot opt in out source destination

Chain upnp (1 references)
pkts bytes target prot opt in out source destination

#####################################################################################

Commands
iptables -t nat -vnL
Output
Chain PREROUTING (policy ACCEPT 2725 packets, 393K bytes)
pkts bytes target prot opt in out source destination
8 498 DNAT icmp -- * * 0.0.0.0/0 78.195.140.152 to:192.168.1.1
10 564 DNAT tcp -- * * 0.0.0.0/0 78.195.140.152 tcp dpt:80 to:192.168.2.3:80
23 1328 DNAT tcp -- * * 0.0.0.0/0 78.195.140.152 tcp dpt:443 to:192.168.2.3:443
0 0 DNAT tcp -- * * 192.168.1.0/24 78.195.140.152 tcp dpt:80 to:192.168.2.3:80
0 0 DNAT tcp -- * * 192.168.1.0/24 78.195.140.152 tcp dpt:443 to:192.168.2.3:443
0 0 DNAT tcp -- * * 192.168.1.0/24 78.195.140.152 tcp dpt:3389 to:192.168.2.2:3389
0 0 DNAT tcp -- * * 192.168.1.0/24 78.195.140.152 tcp dpt:22 to:192.168.2.99:22
0 0 DNAT tcp -- * * 192.168.2.0/24 78.195.140.152 tcp dpt:22 to:192.168.1.2:22
368 24505 TRIGGER all -- * * 0.0.0.0/0 78.195.140.152 TRIGGER type:dnat match:0 relate:0

Chain INPUT (policy ACCEPT 918 packets, 70529 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 398 packets, 30277 bytes)
pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 35 packets, 2156 bytes)
pkts bytes target prot opt in out source destination
465 108K SNAT all -- * eth0 192.168.1.0/24 0.0.0.0/0 to:78.195.140.152
414 30792 SNAT all -- * eth0 0.0.0.0/0 0.0.0.0/0 to:78.195.140.152
0 0 SNAT all -- * eth0 192.168.2.0/24 0.0.0.0/0 to:78.195.140.152
0 0 SNAT all -- * eth0 192.168.3.0/24 0.0.0.0/0 to:78.195.140.152
0 0 RETURN all -- * vlan3 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast
0 0 MASQUERADE all -- * vlan3 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * br1 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast
0 0 MASQUERADE all -- * br1 192.168.2.0/24 192.168.2.0/24
0 0 RETURN all -- * br2 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast
0 0 MASQUERADE all -- * br2 192.168.3.0/24 192.168.3.0/24
0 0 RETURN all -- * br0 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast
3 705 MASQUERADE all -- * br0 192.168.1.0/24 192.168.1.0/24

#####################################################################################

Commands
iptables -t mangle -vnL
Output

Chain PREROUTING (policy ACCEPT 81220 packets, 54M bytes)
pkts bytes target prot opt in out source destination

Chain INPUT (policy ACCEPT 4226 packets, 508K bytes)
pkts bytes target prot opt in out source destination
4227 509K RRDIPT_INPUT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 76022 packets, 54M bytes)
pkts bytes target prot opt in out source destination
76027 54M RRDIPT_FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0
782 46548 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU

Chain OUTPUT (policy ACCEPT 4160 packets, 2632K bytes)
pkts bytes target prot opt in out source destination
4160 2632K RRDIPT_OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 80146 packets, 56M bytes)
pkts bytes target prot opt in out source destination

Chain RRDIPT_FORWARD (1 references)
pkts bytes target prot opt in out source destination
141 12636 RETURN all -- * * 192.168.2.12 0.0.0.0/0
139 54217 RETURN all -- * * 0.0.0.0/0 192.168.2.12
0 0 RETURN all -- * * 192.168.1.71 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 192.168.1.71
0 0 RETURN all -- * * 192.168.1.201 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 192.168.1.201
31 17731 RETURN all -- * * 192.168.1.113 0.0.0.0/0
26 17394 RETURN all -- * * 0.0.0.0/0 192.168.1.113
2886 896K RETURN all -- * * 192.168.1.202 0.0.0.0/0
2756 1247K RETURN all -- * * 0.0.0.0/0 192.168.1.202
2763 589K RETURN all -- * * 192.168.1.74 0.0.0.0/0
3962 4774K RETURN all -- * * 0.0.0.0/0 192.168.1.74
6 416 RETURN all -- * * 192.168.1.133 0.0.0.0/0
26 1456 RETURN all -- * * 0.0.0.0/0 192.168.1.133
0 0 RETURN all -- * * 192.168.1.214 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 192.168.1.214
0 0 RETURN all -- * * 192.168.1.127 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 192.168.1.127
26262 16M RETURN all -- * * 192.168.1.146 0.0.0.0/0
33122 28M RETURN all -- * * 0.0.0.0/0 192.168.1.146
226 24390 RETURN all -- * * 192.168.1.2 0.0.0.0/0
336 308K RETURN all -- * * 0.0.0.0/0 192.168.1.2
31 2188 RETURN all -- * * 192.168.2.2 0.0.0.0/0
24 2418 RETURN all -- * * 0.0.0.0/0 192.168.2.2
0 0 RETURN all -- * * 192.168.1.166 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 192.168.1.166
0 0 RETURN all -- * * 169.254.9.255 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 169.254.9.255
379 254K RETURN all -- * * 192.168.2.3 0.0.0.0/0
374 52832 RETURN all -- * * 0.0.0.0/0 192.168.2.3
1 76 RETURN all -- * * 192.168.2.5 0.0.0.0/0
1 76 RETURN all -- * * 0.0.0.0/0 192.168.2.5
1 76 RETURN all -- * * 192.168.2.99 0.0.0.0/0
1 76 RETURN all -- * * 0.0.0.0/0 192.168.2.99
0 0 RETURN all -- * * 169.254.7.231 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 169.254.7.231
0 0 RETURN all -- * * 78.195.141.254 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 78.195.141.254

Chain RRDIPT_INPUT (1 references)
pkts bytes target prot opt in out source destination
802 93915 RETURN all -- eth0 * 0.0.0.0/0 0.0.0.0/0

Chain RRDIPT_OUTPUT (1 references)
pkts bytes target prot opt in out source destination
418 31669 RETURN all -- * eth0 0.0.0.0/0 0.0.0.0/0

#####################################################################################

Commands
cat /tmp/.ipt
Output
*mangle
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -p icmp -d 78.195.140.152 -j DNAT --to-destination 192.168.1.1
-A PREROUTING -p tcp -m tcp -d 78.195.140.152 --dport 80 -j DNAT --to-destination 192.168.2.3:80
-A PREROUTING -p tcp -m tcp -d 78.195.140.152 --dport 443 -j DNAT --to-destination 192.168.2.3:443
-A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 -d 78.195.140.152 --dport 80 -j DNAT --to-destination 192.168.2.3:80
-A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 -d 78.195.140.152 --dport 443 -j DNAT --to-destination 192.168.2.3:443
-A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 -d 78.195.140.152 --dport 3389 -j DNAT --to-destination 192.168.2.2:3389
-A PREROUTING -p tcp -m tcp -s 192.168.1.0/24 -d 78.195.140.152 --dport 22 -j DNAT --to-destination 192.168.2.99:22
-A PREROUTING -p tcp -m tcp -s 192.168.2.0/24 -d 78.195.140.152 --dport 22 -j DNAT --to-destination 192.168.1.2:22
-A PREROUTING -d 78.195.140.152 -j TRIGGER --trigger-type dnat
-A POSTROUTING -s 192.168.1.1/24 -o eth0 -j SNAT --to-source 78.195.140.152
-A POSTROUTING -s 0.0.0.0/0 -o eth0 -j SNAT --to-source 78.195.140.152
-A POSTROUTING -s 192.168.2.1/24 -o eth0 -j SNAT --to-source 78.195.140.152
-A POSTROUTING -s 192.168.3.1/24 -o eth0 -j SNAT --to-source 78.195.140.152
-A POSTROUTING -o vlan3 -m pkttype --pkt-type broadcast -j RETURN
-A POSTROUTING -o vlan3 -s 0.0.0.0/0 -d 0.0.0.0/0 -j MASQUERADE
-A POSTROUTING -o br1 -m pkttype --pkt-type broadcast -j RETURN
-A POSTROUTING -o br1 -s 192.168.2.1/24 -d 192.168.2.1/24 -j MASQUERADE
-A POSTROUTING -o br2 -m pkttype --pkt-type broadcast -j RETURN
-A POSTROUTING -o br2 -s 192.168.3.1/24 -d 192.168.3.1/24 -j MASQUERADE
-A POSTROUTING -o br0 -m pkttype --pkt-type broadcast -j RETURN
-A POSTROUTING -o br0 -s 192.168.1.1/24 -d 192.168.1.1/24 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]

:trigger_out - [0:0]
:upnp - [0:0]
:lan2wan - [0:0]
:grp_1 - [0:0]
:advgrp_1 - [0:0]
:grp_2 - [0:0]
:advgrp_2 - [0:0]
:grp_3 - [0:0]
:advgrp_3 - [0:0]
:grp_4 - [0:0]
:advgrp_4 - [0:0]
:grp_5 - [0:0]
:advgrp_5 - [0:0]
:grp_6 - [0:0]
:advgrp_6 - [0:0]
:grp_7 - [0:0]
:advgrp_7 - [0:0]
:grp_8 - [0:0]
:advgrp_8 - [0:0]
:grp_9 - [0:0]
:advgrp_9 - [0:0]
:grp_10 - [0:0]
:advgrp_10 - [0:0]
:grp_11 - [0:0]
:advgrp_11 - [0:0]
:grp_12 - [0:0]
:advgrp_12 - [0:0]
:grp_13 - [0:0]
:advgrp_13 - [0:0]
:grp_14 - [0:0]
:advgrp_14 - [0:0]
:grp_15 - [0:0]
:advgrp_15 - [0:0]
:grp_16 - [0:0]
:advgrp_16 - [0:0]
:grp_17 - [0:0]
:advgrp_17 - [0:0]
:grp_18 - [0:0]
:advgrp_18 - [0:0]
:grp_19 - [0:0]
:advgrp_19 - [0:0]
:grp_20 - [0:0]
:advgrp_20 - [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state INVALID -j DROP
-A INPUT -i eth0 -p udp --sport 67 --dport 68 -j ACCEPT
-A INPUT -i eth0 -p icmp -j DROP
-A INPUT -i eth0 -p igmp -j DROP
-A INPUT -i lo -m state --state NEW -j ACCEPT
-A INPUT -i br0 -m state --state NEW -j ACCEPT
-A INPUT -i vlan3 -j ACCEPT
-A INPUT -i br1 -p udp --dport 67 -j ACCEPT
-A INPUT -i br1 -p udp --dport 53 -j ACCEPT
-A INPUT -i br1 -p tcp --dport 53 -j ACCEPT
-A INPUT -i br1 -m state --state NEW -j DROP
-A INPUT -i br1 -j ACCEPT
-A INPUT -i br2 -j ACCEPT
-A INPUT -i br0 -j ACCEPT
-A INPUT -i br1 -j ACCEPT
-A INPUT -i br2 -j ACCEPT
-A INPUT -j DROP
-A OUTPUT -o br0 -j ACCEPT
-A OUTPUT -o br1 -j ACCEPT
-A OUTPUT -o br2 -j ACCEPT
-A FORWARD -i br1 -d 192.168.1.1/255.255.255.0 -m state --state NEW -j DROP
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD ! -s 78.195.140.152 -o eth0 -p tcp -m state --state INVALID -j DROP
-A FORWARD -j upnp
-A FORWARD -i vlan3 -j lan2wan
-A FORWARD -i br1 -j lan2wan
-A FORWARD -i br2 -j lan2wan
-A FORWARD -j lan2wan
-A FORWARD -i br0 -o br0 -j ACCEPT
-A FORWARD -o eth0 -s 192.168.1.1/24 -p tcp --dport 1723 -j ACCEPT
-A FORWARD -o eth0 -s 192.168.1.1/24 -p gre -j ACCEPT
-A FORWARD -i eth0 -p tcp -m tcp -d 192.168.2.3 --dport 80 -j ACCEPT
-A FORWARD -i eth0 -p tcp -m tcp -d 192.168.2.3 --dport 443 -j ACCEPT
-A FORWARD -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.2.3 --dport 80 -j ACCEPT
-A FORWARD -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.2.3 --dport 443 -j ACCEPT
-A FORWARD -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.2.2 --dport 3389 -j ACCEPT
-A FORWARD -p tcp -m tcp -s 192.168.1.0/24 -d 192.168.2.99 --dport 22 -j ACCEPT
-A FORWARD -p tcp -m tcp -s 192.168.2.0/24 -d 192.168.1.2 --dport 22 -j ACCEPT

-A FORWARD -i eth0 -o br0 -j TRIGGER --trigger-type in
-A FORWARD -i br0 -j trigger_out
-A FORWARD -i eth0 -o eth1 -j TRIGGER --trigger-type in
-A FORWARD -i eth1 -j trigger_out
-A FORWARD -i eth1 -m state --state NEW -j ACCEPT
-A FORWARD -i eth0 -o vlan1 -j TRIGGER --trigger-type in
-A FORWARD -i vlan1 -j trigger_out
-A FORWARD -i vlan1 -m state --state NEW -j ACCEPT
-A FORWARD -i eth0 -o vlan3 -j TRIGGER --trigger-type in
-A FORWARD -i vlan3 -j trigger_out
-A FORWARD -i vlan3 -m state --state NEW -j ACCEPT
-A FORWARD -i eth0 -o wlan0 -j TRIGGER --trigger-type in
-A FORWARD -i wlan0 -j trigger_out
-A FORWARD -i wlan0 -m state --state NEW -j ACCEPT
-A FORWARD -i eth0 -o wlan0.1 -j TRIGGER --trigger-type in
-A FORWARD -i wlan0.1 -j trigger_out
-A FORWARD -i wlan0.1 -m state --state NEW -j ACCEPT
-A FORWARD -i eth0 -o wlan1 -j TRIGGER --trigger-type in
-A FORWARD -i wlan1 -j trigger_out
-A FORWARD -i wlan1 -m state --state NEW -j ACCEPT
-A FORWARD -i eth0 -o wlan1.1 -j TRIGGER --trigger-type in
-A FORWARD -i wlan1.1 -j trigger_out
-A FORWARD -i wlan1.1 -m state --state NEW -j ACCEPT
-A FORWARD -i br0 -o br1 -m state --state NEW -j DROP
-A FORWARD -i eth0 -o br1 -j TRIGGER --trigger-type in
-A FORWARD -i br1 -j trigger_out
-A FORWARD -i br1 -m state --state NEW -j ACCEPT
-A FORWARD -i eth0 -o br2 -j TRIGGER --trigger-type in
-A FORWARD -i br2 -j trigger_out
-A FORWARD -i br2 -m state --state NEW -j ACCEPT
-A FORWARD -i br0 -m state --state NEW -j ACCEPT
-A FORWARD -i br0 -o eth0 -j ACCEPT
-A FORWARD -i br1 -o eth0 -j ACCEPT
-A FORWARD -i br2 -o eth0 -j ACCEPT
-A FORWARD -j DROP
COMMIT
Back to top View user's profile Send private message
Sponsor
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum