iptables

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. P

    Why my iptables LOG rule doesn't get applied for local traffic?

    I have the following rule to log traffic (for wake on LAN purposes) iptables -I FORWARD -d 192.168.1.X -p tcp --dport 7000:8332 -m state --state NEW -j LOG --log-prefix "[2WAKE] XX:XX:XX:XX:XX:XX" which does work for traffic from WAN that gets to my local network (through opened ports) but...
  2. N

    [SOLVED] Doubt about custom iptables script

    Greetings, My problem: i have a chromecast and recently some people found a way to abuse them since they open several ports to the outside. Google's answer to that was "the chromecast is working correctly, the problem is that your router is misconfigured, you need to disable upnp and the...
  3. P

    OpenVPN automatic firewall rules (iptables)

    After upgrading to 384.10_2 recently, I took a look at the automatic firewall rules created for OpenVPN server. The short script on my router looks like this. #!/bin/sh iptables -t nat -I PREROUTING -p udp --dport 1194 -j ACCEPT iptables -I INPUT -p udp --dport 1194 -j ACCEPT iptables -I OVPN...
  4. M

    Reroute dropped packets

    Packets to be dropped seem to end in filter INPUT to be discarded by the default drop rule, how to redirect them to a LAN ip to act as a catchall? Could save some trouble every time a service changes ports, it's an outwards facing box anyway so receiving unwanted traffic is no problem, or to run...
  5. T

    Allow LAN IP Through WAN

    I have the RT-AC88 running 384.7_2 with Skynet 6.6.4 in the following configuration; ISP Modem --> ASA5506W --> (WAN)ASUS ASA - Using WiFi for some nodes including TV's to bypass ASUS when I'm testing new settings ASUS - Used for OpenVPN, Network Printers, PLEX and NAS with Transmission...
  6. GHammer

    (Solved) iptables Entry Not Applied 86U 384.8

    I am trying to get traffic from one device to be available at a second device so I can sniff for certain packets. The traffic from the first device still needs to continue, not just be forwarded to the second device. I believe these are the iptables entries I need to do this. However, entering...
  7. W

    route certain domains through client vpn

    Is there a way to route certain domains through a client vpn? I have been using Asus Merlin's build for a few months now. I moved from TomatoUSB to here. There is no going back. The only thing missing is to route domain names. With the use of cloudflare and others you can't rely and ip...
  8. D

    Packet Duplication

    I have the latest version (v384.5) of the Merlin firmware running on a ASUS RT-AC5300 router. I want to setup some type of "port mirroring" or iptables rules that copy packets from one device on my network and send them to another. I've tried the two rules below, but it seems those rules are...
  9. A

    Help with an IPTables rule to suppress TV ARP broadcasts on WiFi

    Using the latest asus-merlin release on an AC-3100 router. Works great - rock solid, nice and stable. Here is the situation I want to address, something I think could be doable with an IPTables rule. - I have samsung smarttv, connected directly via ethernet (cable) that is arp'ing the router...
  10. A

    libiptc and libxtables

    Hello all, I am trying to develop a remote firewall server that will run on my ac3200. Currently, I am running iptables commands by hand. I would like to use python-iptables rather than my hand-rolled command parsing. However, python-iptables depends on libiptc which does not seem to available...
  11. johhnyu

    Control LAN Access via iptables

    Is it possible to control LAN access via iptables? I have a bunch of IOT devices that I want to access the internet and (and this is the kicker) accept incoming connections from specific hosts inside my LAN, but not create their own connections to hosts in my LAN. It looks like iptables rules...
  12. Technolink

    [Answered] Question with iptables FORWARD log

    Hey everyone, I followed this guide to setup WOL for a Plex server using iptables to log when a certain port is forwarded to, then a while loop in wan-start that picks up on the log and does a WOL for the Plex server. This worked great for the last year, but I noticed a few weeks ago it...
  13. R

    Routing between Ubuntu OpenVPN and MikroTik

    My goal is to be able to connect to private LAN (192.168.1.0/24) via Ubuntu VPS. For example I want this forwarding: http://{Ubuntu WAN IP}:443 --> http://{Private LAN IP}:443 Please take a look at attached screenshots. As I understand the problem is in inability to communicate between two...
  14. C

    traffic across vlans for ip cams and iot devices

    Hi Guys, I'm a regular visitor on this forum and user of Merlin for a few years now, i usually poke around untill i get it right but i'm stuck with this for so long (2 months) i decided to ask for your much needed help. Router: AC88U My goal, is to have 4 VLAN's as such; 1 - private -...
  15. C

    change SSH Brute Force Protection

    I use my router as SSH proxy with up to 15 connections from the same IP at a time. That triggers a bruteforce protection hitcount. I don't want to disable a bruteforce protection completely. What would be the best way to increase hitcount number?
  16. Maverickcdn

    Log specific IPTABLE rule (DROP)

    Hello everyone... My googlefu has grown weak and I can't find the answer Im looking for :( Running 380.69_2 on a RT-N66U. Have 'iptables -I FORWARD -s x.x.x.x -j DROP' saved in firewall-start and shows as a valid rule running iptables -L Question is. Is there a way to log every time this IP...
  17. G

    ASUS RT-AC68U syslog connections

    Hi, I am running ASUS Firmware 3.0.0.4.384_20308 I am using "iptables -I FORWARD 8 -i br0 -j logaccept" as suggested in this discussion. It logs all the outgoing connections. Ex. Feb 10 17:01:49 kernel: ACCEPT IN=br0 OUT=eth0 SRC=192.168.2.243 DST=208.67.222.222 LEN=57 TOS=0x00 PREC=0x00...
  18. G

    Using iptables with static IP OpenVPN clients.

    I have setup an OpenVPN server on my RT-AC66U_B1 running Asuswrt-Merlin v380.69. Thanks in part to the script found here https://www.snbforums.com/threads/how-to-set-a-static-ip-to-openvpn-tun-clients.37983/#post-315194 I have the clients working with static IP's when they connect. My next...
  19. BryanLee

    Only allow OpenVPN connections to the outside (iptables)

    I have a computer on my local LAN that I wish to only be able to make DNS queries and OpenVPN connections to the outside world, everything else should be dropped. In other words, if it's VPN connection goes down, I want it cut off. But I'm not sure how to do this... I thought this would work...
  20. K

    Request for Help: Introduction to Firewall (iptables) config to increase 32 rule limit

    Hi All, RE: Could someone please explain the specific steps, and what code i need to add/change in asuswrt-merlin, in order to use iptables or another approach to increase my stock firewall 32 rule limit. I am a newbie regarding the use of asuswrt-merlin. I have the stock asuswrt firmware...
Top