DD-WRT :: View topic - block my main router's config page using Iptables

block my main router's config page using Iptables

DD-WRT Forum Index -> Advanced Networking

View previous topic :: View next topic

Author

Message

mrtest
DD-WRT Novice

Joined: 16 Jan 2011
Posts: 3

Posted: Sun Jan 16, 2011 15:37 Post subject: block my main router's config page using Iptables

Hello,

I tried and failed to get access restriction working using the guide, and I'm trying to block access to my main router's config page, so i am trying to resort to IP tables.

Here is my current setup

And here are my ip rules

Code:

iptables -I INPUT -i br0 -p tcp --dport telnet -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br0 -p tcp --dport ssh -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br0 -p tcp --dport www -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br0 -p tcp --dport https -j REJECT --reject-with tcp-reset

iptables -A INPUT -s 192.168.20.1 -p tcp --destination-port 80 -j DROP

iptables -I FORWARD 1 -p tcp -m multiport --dports 21,80,443 -j ACCEPT
iptables -I FORWARD 2 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I FORWARD 3 -j DROP

The first paragraph is to deny access to ddwrt's webmanagement/ssh/telnet - works great

The second paragraph is to block my router's config page, which is not working

The last paragraph is to only allow http/ftp access - works great.

How can I disable port 80 access to site 192.168.20.1 using IP tables since access restriction fails to work on any address i throw at it?

My router specs:

Router Name
DD-WRT
Router Model
Netgear WNDR3300
Firmware Version
DD-WRT v24-sp2 (01/16/10) std - build 13637

Sponsor

muxx
DD-WRT Novice

Joined: 14 Jan 2011
Posts: 8

Posted: Sun Jan 16, 2011 16:27 Post subject:
Couldn't you just use Access Restrictions to filter/block the web management URL for the specific the specific IP (Under list of clients)?

mrtest
DD-WRT Novice

Joined: 16 Jan 2011
Posts: 3

Posted: Sun Jan 16, 2011 16:55 Post subject:

muxx wrote:

Couldn't you just use Access Restrictions to filter/block the web management URL for the specific the specific IP (Under list of clients)?

As stated in my op that didnt work, but here is what i tried that failed:

Pressed save, apply close on the page to chose clients, did a save and apply on the Access Restriction page and then power cycle. Still didnt work.

muxx
DD-WRT Novice

Joined: 14 Jan 2011
Posts: 8

Posted: Sun Jan 16, 2011 18:52 Post subject:
I'm sorry. I completely misinterpreted your original image. I understand your topology now. The Web GUI's Access Restriction will not work for that from what I understand. It looks like you need to implement your rules in a PREROUTING chain to deal with the 192.168.20.0 subnet.

mrtest
DD-WRT Novice

Joined: 16 Jan 2011
Posts: 3

Posted: Sun Jan 16, 2011 19:33 Post subject:
Thanks muxx, but i'm completely clueless as how to do that, what line would i have to add/edit to do that?

phuzi0n
DD-WRT Guru

Joined: 10 Oct 2006
Posts: 10141

Posted: Tue Jan 18, 2011 1:18 Post subject: Re: block my main router's config page using Iptables

mrtest wrote:

iptables -A INPUT -s 192.168.20.1 -p tcp --destination-port 80 -j DROP

Use -I to insert to the top instead of -A which appends to the bottom.
_________________
Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)

Display posts from previous:

Page 1 of 1

DD-WRT Forum Index -> Advanced Networking

All times are GMT

Navigation

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

Log in

block my main router's config page using Iptables

Quick Links

Log in