firewall rule to reach guest inc an interface

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
foz111
DD-WRT Guru


Joined: 01 Oct 2017
Posts: 830
Location: Earth
PostPosted: Thu Feb 13, 2025 9:12    Post subject: firewall rule to reach guest inc an interface Reply with quote
Hi guys

I currently use eibgrad firewall rules to reach bridged guest networks, works great. However I have created a none bridged vlan on eth2 unbridged from br0, isolated, for running a pi with nginx and couple containers on same device, but because its not bridged I need to amend the rule so I can reach the pi from my LAN is this possible?

iptables -I FORWARD -i br0 -o br+ -j ACCEPT # optional
iptables -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

Can this rule be amended to include an interface like eth2
iptables -I FORWARD -i br0 -o br+ -j ACCEPT

Thanks
_________________
Main Router: Dynalink WRX36, PPPoE, Gateway Mode, Network IPV4 - Isolated Vlan's. Unifi AC-Pro x 3 AP's, Router Wi-Fi Disabled. Paid Commercial Wireguard Client's & WG server, DNSMasq, Static Leases with Quad9 SmartDNS, DNSMasq Adblocking thanks to egc script.

No one can build you the bridge on which you, and only you, must cross the river of life!
Back to top View user's profile Send private message
Sponsor
ho1Aetoo
DD-WRT Guru


Joined: 19 Feb 2019
Posts: 3908
Location: Germany
PostPosted: Thu Feb 13, 2025 9:30    Post subject: Reply with quote
For the sake of simplicity, you can also bridge the interface...
and then work as usual with your manual firewall rules for bridges.

otherwise

iptables -I FORWARD -i br0 -o eth2 -j ACCEPT
_________________
Quickstart guides:

use Pi-Hole as simple DNS-Server with DD-WRT

Routers
Marvell OCTEON TX2 - QHora-322 - OpenWrt 25.12.2 - Gateway
Qualcomm IPQ8065 - R7800 - dd-wrt r53562 - WAP
Back to top View user's profile Send private message
foz111
DD-WRT Guru


Joined: 01 Oct 2017
Posts: 830
Location: Earth
PostPosted: Thu Feb 13, 2025 10:00    Post subject: Reply with quote
Thank you ho1Aetoo that's working Very Happy
_________________
Main Router: Dynalink WRX36, PPPoE, Gateway Mode, Network IPV4 - Isolated Vlan's. Unifi AC-Pro x 3 AP's, Router Wi-Fi Disabled. Paid Commercial Wireguard Client's & WG server, DNSMasq, Static Leases with Quad9 SmartDNS, DNSMasq Adblocking thanks to egc script.

No one can build you the bridge on which you, and only you, must cross the river of life!
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum