Posted: Fri Dec 17, 2010 5:40 Post subject: iptables via command shell in DD-WRT v24-sp2
Hello,
I was wondering if using the command shell under Administration -> Commands to enter iptable information works or not. I entered the following from following this guide http://www.dd-wrt.com/wiki/index.php/Iptables#Allow_HTTP_traffic_only_to_specific_domain.28s.29 to try and allow traffic from 192.168.1.254 to be able to access 10.0.0.2 and deny hosts 192.168.1.0 through 192.168.1.252. However, it isn't working and I'm not sure if it is a mistake I made in the iptables command or the way I'm trying to implement it.
The syntax is correctm but you have to do 2 things different.
1. If you insert rules in the chain, the rules will end up in reverse order. So, you have to start with the DROP rule and then the ACCEPT.
2. You should put them in 'Save Firewall'. This way they will survive a reload of the firewall which happens often. _________________ Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge
I have also Saved Firewall but I can still get through. I have a Cisco Catalyst 2950 in between the computers on 10.0.0.x and the computers on the router at 192.168.1.x. I have a trunk setup to allow VLAN 2 (the VLAN the 10.0.0.xs are on) to communicate with VLAN 1. On the other side (10.0.0.x), I can only ping 192.168.1.254 but nothing else. I want to make both sides not be able to talk to each other and only see the router.
This is not correct syntax, -s and -d require an IP or IP/netmask. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
This is not correct syntax, -s and -d require an IP or IP/netmask.
I originally had 192.168.1.0-192.168.1.252/255.255.255.0. and it did not work. Are you saying that you cannot do an IP range in the command and only one IP address?
I did a very quick and dirty check this morning before going to work, but Phuzion's correct.
Somehow the rule was inserted, but it got malformed.
That range was replaced by my WAN-IP (how strange?)
_________________ Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge