Author |
Message |
|
Post subject: IPtables na DD-WRT
Posted: 27.01.2015 - 09:13 #108255
|
|
Basic
Joined: Júl 25, 2011
Posts: 47
Location: Bratislava
|
|
Zdravím vospolok
Mám taký problémik s rozbehaním blokovania portov na TP-Linku WR741ND v4. Mám tam DD-WRT, no ako sa snažím tak sa snažím, porty neblokuje ani za svet. Potreboval aby som aby boli dostupné len porty 80 a 443. Pregooglil som dva dni skúšal aj z DD-WRT Wiki
Code: › iptables -I FORWARD 1 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I FORWARD 2 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I FORWARD 3 -j DROP
aj vygooglené
Code: ›
iptables -F
iptables -P INPUT DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -j DROP
no za živý svet. Stále mám všetko dostupné.
Vopred ďakujem z pomoc. |
Last edited by bagocina on 27.01.2015 - 10:29; edited 1 time in total
|
|
|
|
|
|
Post subject: IPtables na DD-WRT
Posted: 27.01.2015 - 09:37 #108256
|
|
Basic
Joined: Nov 11, 2009
Posts: 195
|
|
Asi najdolezitejsie je uviest aky build pouzivas. Je dost mozne ze ma nejaky problem. Ja si napriklad pamatam na situaciu ked nefungoval portfowarding. |
|
|
|
|
|
|
Post subject: RE: IPtables na DD-WRT
Posted: 27.01.2015 - 09:38 #108257
|
|
Basic
Joined: Júl 25, 2011
Posts: 47
Location: Bratislava
|
|
DD-WRT v24-sp2 (03/25/13) std
(SVN revision 21061) |
|
|
|
|
|
|
Post subject: RE: IPtables na DD-WRT
Posted: 27.01.2015 - 09:53 #108259
|
|
Basic
Joined: Nov 11, 2009
Posts: 195
|
|
Takze tam mas ten build co ponuka "ddwrt database" , ale uz ten 21061 je z 2013 roku. Ak mas cas skus uplne posledny co je na stiahnutie [url]http://dd-wrt.com/site/support/other-downloads?path=others%2Feko%2FBrainSlayer-V24-preSP2%2F
[/url] webflash image. Ja som "posledny 25697" nahral len do dir-600 a wrt54gl. Ci ma nejake muchy netusim.. ale zatial som na nic nenarazil kedze sluzia ako domaci router s portfowardingom. Skus.. Urob si backup konfiguracie predtym nez to reflashnes tou novou verziou. A este pri upgradu mozes nechat "After flashing, reset to" na "Dont reset" a ponecha ti to povodnu konfiguraciu (IP adresu, pravidla a ine...).
Ale ak mas cas mozes skusit googlovat ci ten starsi build nemal chybu vo firewalle. |
Last edited by deadbiker on 27.01.2015 - 10:20; edited 1 time in total
|
|
|
|
|
|
Post subject: RE: IPtables na DD-WRT
Posted: 27.01.2015 - 10:19 #108260
|
|
Basic
Joined: Júl 25, 2011
Posts: 47
Location: Bratislava
|
|
|
|
|
|
Post subject: RE: IPtables na DD-WRT
Posted: 27.01.2015 - 10:27 #108261
|
|
Basic
Joined: Nov 11, 2009
Posts: 195
|
|
Mam len otazku kam to vlastne zadavas? |
|
|
|
|
|
|
Post subject: RE: IPtables na DD-WRT
Posted: 27.01.2015 - 10:28 #108262
|
|
Basic
Joined: Júl 25, 2011
Posts: 47
Location: Bratislava
|
|
Do Command Shell a ukladám ako Firewall. |
|
|
|
|
|
|
Post subject: RE: IPtables na DD-WRT
Posted: 27.01.2015 - 11:06 #108263
|
|
Majster
Joined: Jan 08, 2006
Posts: 2584
|
|
To bude tym, ze mas zle poradie pravidiel... Spravne by malo byt takto Code: ›
iptables -I FORWARD 3 -j DROP
iptables -I FORWARD 2 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I FORWARD 1 -p tcp -m multiport --dports 80,443 -j ACCEPT
To co mas ty ako prve dropne vsetko, takze na dalsie dve pravidla sa uz nedostane |
|
|
|
|
|
|
Post subject: RE: IPtables na DD-WRT
Posted: 27.01.2015 - 11:10 #108264
|
|
Basic
Joined: Nov 11, 2009
Posts: 195
|
|
lepsie bolo vypisat celu tabulku ipables -L |
|
|
|
|
|
|
Post subject: RE: IPtables na DD-WRT
Posted: 27.01.2015 - 11:57 #108266
|
|
Basic
Joined: Júl 25, 2011
Posts: 47
Location: Bratislava
|
|
Jofo: Dal som to v opačnom poradí ako si písal, no efekt rovnaký, ako som to mal predtým. Všetko odreže od sveta.
deadbiker:
Code: › Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
DROP udp -- anywhere anywhere udp dpt:route
DROP udp -- anywhere anywhere udp dpt:route
ACCEPT udp -- anywhere anywhere udp dpt:route
ACCEPT 0 -- anywhere anywhere
ACCEPT tcp -- anywhere Zoska_018 tcp dpt:www
DROP icmp -- anywhere anywhere
DROP igmp -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere state NEW
ACCEPT 0 -- anywhere anywhere state NEW
DROP 0 -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere multiport dports www,https
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT gre -- 192.168.0.0/16 anywhere
DROP 0 -- anywhere anywhere
ACCEPT tcp -- 192.168.0.0/16 anywhere tcp dpt:1723
lan2wan 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere
TRIGGER 0 -- anywhere anywhere TRIGGER type:in match:0 relate:0
trigger_out 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere state NEW
DROP 0 -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
Chain advgrp_1 (0 references)
target prot opt source destination
Chain advgrp_10 (0 references)
target prot opt source destination
Chain advgrp_2 (0 references)
target prot opt source destination
Chain advgrp_3 (0 references)
target prot opt source destination
Chain advgrp_4 (0 references)
target prot opt source destination
Chain advgrp_5 (0 references)
target prot opt source destination
Chain advgrp_6 (0 references)
target prot opt source destination
Chain advgrp_7 (0 references)
target prot opt source destination
Chain advgrp_8 (0 references)
target prot opt source destination
Chain advgrp_9 (0 references)
target prot opt source destination
Chain grp_1 (1 references)
target prot opt source destination
Chain grp_10 (0 references)
target prot opt source destination
Chain grp_2 (0 references)
target prot opt source destination
Chain grp_3 (0 references)
target prot opt source destination
Chain grp_4 (0 references)
target prot opt source destination
Chain grp_5 (0 references)
target prot opt source destination
Chain grp_6 (0 references)
target prot opt source destination
Chain grp_7 (0 references)
target prot opt source destination
Chain grp_8 (0 references)
target prot opt source destination
Chain grp_9 (0 references)
target prot opt source destination
Chain lan2wan (1 references)
target prot opt source destination
grp_1 0 -- anywhere anywhere
Chain logaccept (0 references)
target prot opt source destination
LOG 0 -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `ACCEPT '
ACCEPT 0 -- anywhere anywhere
Chain logdrop (0 references)
target prot opt source destination
LOG 0 -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `DROP '
LOG 0 -- anywhere anywhere state INVALID LOG level warning tcp-sequence tcp-options ip-options prefix `DROP '
DROP 0 -- anywhere anywhere |
|
|
|
|
|
|
Powered by PNphpBB2 © 2003-2005 The PNphpBB Group Credits |