[quote="dd-wrtscreener]Do i just paste this into the firewall box and it will block it? I dont know how to customize it to my router, i have the same dd-wrt everyone else has its just that its setup as a repeater so apparently that changes everything.[/quote]
so from what I am reading this is what your trying to say
Quote:
so do i paste this into the firewall box? I dont know how to set it on my router, i have the same version of dd-wrt everyone else has, its just that its setup as a repeater so I guess that changes everything
-anyway-
think before you speak. your mouth is speaking ahead of your brain. I took a look at your posts and what you said and I could barely read through it because of how it painfully reminds me of my OLD self. i don't know what exactly changed me, but it sure felt profoundly painful. took a few weeks to a few months to get over.
i want you to re-read this entire thread. if it feels painful, then go work on yourself. if your angry, confused, and/or unable to figure it out, say it. but don't throw urine and vinegar at us just because its not working out for you. btw, would you like to know how much time and effort it takes from the devs to make this FREE firmware? do you know how much it costs them?
let me give you an idea. say they were giving away free bratwursts...with any soft drink you wanted. they love making bratwursts and work very hard to make the best bratwursts that satisfies most of the people they serve them to along with a free soda. sometimes they are under cooked, sometimes they are burnt, but at least most of the time they taste mostly good. same for the soda as long as its cooled well and still has its carbon.
but when you become unfortunate and get a great tasting bratwurst but a flat soda, you flip out over the soda! and you throw it at the cooks who served it to you for free! do you really NEED the soda that much? or did you really WANT it?
if you were angry (but kept it under control) or sad about that flat soda but didn't throw it at us but instead asked us to resolve your soda issue, then we would have said "that poor guy. lets give him another one!" or "lets re-carbonize his soda"
in case NO ONE gets where im coming from. the bratwurst represents the dd-wrt build and the soda represents the dd-wrt builds features.
if the bratwurst (dd-wrt build) tasted bad, we are willing to give you another one to try. if the soda (dd-wrt features) didn't work out so great, we can exchange or re-carbonize your soda.
What you want is a firewall configuration that only routes through the TUN i/f except for VPN ports/protocols required. Please take some time to analyze and understand Capslock118 and other's proposed iptables configs, then ask for specific help/ideas. DD-WRT is GREAT for solving your issue (if understood correctly) but your IPTABLES config will be specific based on your setup.
Posted: Thu Apr 24, 2014 7:18 Post subject: GUI: FirewallBuilder
BTW if you'd like a UI to configure iptables, firewall Builder (fwbuilder) can provide this. They even provide a Windows version if You're so inclined.
he cannot 'configure' it. or wait, 'customize' it... there we go...
that is fine. no one is forcing him to "eat" it. if he wants, he can go back to eating tomatoes or just go home. _________________ For people who are new to the dd-wrt forums >> http://www.catb.org/~esr/faqs/smart-questions.html#rtfm
barryware wrote:
It takes a "community" to raise a router..
Internet Connection 1
Some Techicolor modem > Linksys WRT3200ACM
Internet connection 2
Ubiquiti Powerbeam Gen 2 > Netgear R9000
Official (but not really) dd-wrt General Discussion element/matrix chat
Joined: 07 Aug 2007 Posts: 19 Location: New Haven, CT
Posted: Thu Apr 24, 2014 19:56 Post subject:
dd-wrtscreener wrote:
Do i just paste this into the firewall box and it will block it? I dont know how to customize it to my router, i have the same dd-wrt everyone else has its just that its setup as a repeater so apparently that changes everything.
I would not recommend that. As Newbrain implied, I provided that code for you to review and manipulate for your particular needs. As I said, this code is running on one of my servers, not on one of my routers. It might work as described if you just throw it on your router without any adjustments but I think that would be assuming a lot and you might end up having to reset your router after doing so. Here are a couple of reasons:
First, you should note the ip address for local traffic, is 192.168.1.0/24 your local address? Likely, but not certain.
Second, you should note the port for the initial VPN connection. Again, likely correct but not certain.
Third, you should note the TUN connection and if that is an appropriate naming convention for your environment (it might be called something else on your router? i don't know.)
Fourth, and I think this is most important, going back to local traffic, I'm not sure if the rules I provided are sufficient at the router level. It works on my server because all my server needs is to connect out to the VPN and allow local traffic to connect in; I'm not sure if routers need more rules to allow local devices to communicate with each other, to communicate with themselves, to communicate to/from the WAN, etc.
...and that's just the start. If I were redoing my home network I would consider a second wireless AP and a few hard lines that is dedicated for just VPN internet traffic on a separate VLAN, but I think you already have enough on your plate to think about before considering this route.
