• SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. dacid44

    Routing packets through a wireguard client

    This might just be an iptables thing, but I can't figure it out. Short version: I'm trying to forward packets from a VPS to the router over wireguard (router is client) and forward them to the correct device on the LAN. I have a setup that I'm trying to carry over from my old DD-WRT router...
  2. J

    Allowing just one device to subnet (iptables or Network Services Filter?)

    Due to my ISP forcing me to use their router if I want to use their bundled VOIP service, since upgrading to FTTP I now have to have my ASUS sitting behind my ISP's router. Annoyingly they don't allow their router to run in a bridged mode. As much as I can I have tried to make it a native...
  3. lluke

    No internet on clients after firewall restart (WG, Unbound, YazFi)

    Hi all, on my 2 RT-AC86U whenever I face a connectivity re-connect (also done from the scmerlin add-on Internet Connection restart action) or a VPN change (e.g., updating and saving the IPSec VPN Server config) restart the firewall then every service on the router is properly working (Unbound...
  4. savage75

    Asuswrt official iptables-save not saving changes permanently

    Hi folks! Trying to set a rule on iptables for nat permanently but no luck ? iptables -t nat -A POSTROUTING -s -o br0 -j MASQUERADE I tried using iptables-save -t nat or just iptables-save but still no success and every changes will disappear after restarting ?? any ideas how I...
  5. W

    Restricting access to OpenVPN server via iptables

    Hi! I’m allowing access to my OpenVPN server only for predefined ipset via rewriting existing iptables rules using openvpn-event user script. What I’m currently doing: in openvpn-event I’m rewriting standard openvpn rule like: if iptables -C INPUT -p $proto -m $proto --dport $server_port -j...
  6. J

    Skynet Rule integrity violation & mounted files missing

    I’ve been having all sorts of issues with SkyNet lately — not sure what’s going on. Can someone assist me with the above error message? Please & thank you.
  7. dave14305

    Why does DNSFilter use the mangle table for IPv6?

    It looks like it's been this way forever, but why does DNSFilter use the mangle table to drop IPv6 traffic? Generally, the mangle table is only for mangling packet headers, not dropping them. Seems this would be better suited for the filter table. Probably a moot point with newer routers...
  8. J

    IPTables allow access to specific ports from tun21 to new bridge

    Hi, I have an Asus RT-AX58U with Merlin. Thanks to another post in this forum, I managed to create a new bridge (br100), and isolate it from my LAN (br0). I managed to allow only specific traffic from br0 to br100. It works fine. But, yesterday, I realized that while I'm connected through VPN...
  9. J

    iptables - grant access to a specific IP only to one user

    Hi! I'm new here, I just installed Asuswrt-merlin on my RT-AX58U. I've configured OpenVPN and everything is working fine, I created multiple users and assigned static IPs using this guide. Now, I would like to configure some rules using iptables to achieve this: - Only two users can access the...
  10. Phantomski

    Port Forwarding and Skynet firewall ruleset

    Hi everyone, playing a bit with log management / analysis and potential feedback loop to live firewall rules. Call it a poor man tinkerer IDS/IPS :D I have a fairly simple setup with RT-AC88U (with Skynet) using port forwarding rules on ports 80 and 443, redirecting to a Docker-ised rPi4...
  11. adri

    YazFi YazFi - Combining guest networks/subnets

    Hi, so this came up in my other thread, but I wanted to start a new one since it's a separate issue and I like separation of concerns :) . I want to make it so that, for one of my guest networks, the 2.4GHz segment (.14 subnet) can talk to the 5GHz segment (.15 subnet) and vice-versa, without...
  12. gspannu

    [Help] DNS Forwarding, User scripts, Launching at startup

    Some help needed in creating scripts and firewall rules… Requirement: R1) I wish to run my own dnsproxy server at port 53535 (installed at /jiffs/dnsproxy/dnsproxy). This is a opensource software available on Gthub known as dnsproxy. I have tested this on the Asus Router and it has been running...
  13. C

    Firewall Rules - Block all connections except VPN

    I am currently using an ASUS router (RT-AC68U with Merlin firmware - 386.4). I want to connect a single client to an OpenVPN server with no traffic other than the VPN allowed. I don't want to use the OpenVPN client in the router as speeds are low when using the VPN, so I'm looking to use an...
  14. B

    How to restrict guest network intranet to SSH & http only?

    So some background first on what I'm doing. I have an Asus AC66U running ASUSWRT-merlin (380.70). My main home network is running on 192.168.1.xxx/24 I'm planning to engage a freelance dev on fiverr to do some dev work for me, to interface with an industrial device using my raspberry pi. To...
  15. garycnew

    Solved [SOLUTION] Asuswrt-Merlin 384.19 PortForwarding Not Working To Private Gateway Address

    All: I've run into an issue on Asuswrt-Merlin 384.19 where creating a PortForward through Advance Settings > WAN > Virtual Server/PortForwarding creates the following iptables (but are not working): iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT iptables -A VSERVER -p tcp -m tcp...
  16. R

    How to setup VPN client routes via SSH

    My end goal is to route all traffic hitting a specific media service through my VPN client. I've got a list of IPs that is dynamically updated using this service's various URLs. I'd like to force any traffic coming from any device on my network that is destined for one of these IPs, to go over...
  17. A

    Custom IPTables Rules for DNS Redirect

    I want to add some rules into iptables so that my Google/Nest smart devices stop calling Google DNS directly, and the Google DNS calls they do are redirected to my AdGuard Home DNS server which will reply with the appropriate DNS records. I know I can probably use DNSFiltering, but want to...
  18. jenny5353

    RT-AC66U B1 Hacked - Suspicious Entries in iptables

    My router was recently hacked and I was locked out. I've done several factory resets, 2 hard factory resets, put the router and rescue mode and flashed the latest beta firmware about 8 times. Could anyone please tell me if the following entries are supposed to be in iptables? I've flushed the...
  19. H

    R7800 openfortivpn & Iptables , how do i make it work ?

    Hello. I have an R7800 with Router Firmware Version V1.0.2.83SF and i installed openfortivpn - 1.15.0-1 which is creating interface PPP1. I can connect to the VPN at work, but from the LAN i can not acces the servers at work. Everything is done from the router, via SSH. Ping-ing a server...
  20. A

    DNS-over-TLS - disable possibility for regular DNS requests from asus router

    Hi, Long time reader of these forums and grateful for all the advice. Running RT-AC86U smoothly. Configured DNS-over-TLS with all DNS traffic from LAN intercepted and answered by Router. This works flawlessly. (Got answer back for a "dig nas.lan @ that only exists on my lan and couldn't...