What's new

Asus Merlin - iptables command (not working?)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

SkierInAvon

Occasional Visitor
Trying to use Asus-Merlin on my RT-AX56U and IPTABLES to block all traffic from a specific public IP address.
First, SSH into Asus Merlin as admin from the LAN interface.

Issue Command: iptables -A INPUT -s 209.193.73.210 -j DROP

Command seems to execute (no errors reported) yet I can still PING and Telnet to port 110 (209.193.73.210) after issuing the simple command.

HUH? What am I missing?

Thanks,

-pete
 
You should use -I instead of -A

Bear in mind this only blocks traffic destined for the router itself. It has no effect on traffic forwarded to the LAN.
 
You should use -I instead of -A

Bear in mind this only blocks traffic destined for the router itself. It has no effect on traffic forwarded to the LAN.
Thanks. However I do want to block (some) traffic from the public internet, that tries to reach my LAN, specifically TCP Port 25 inbound traffic that the Asus is set to forward to my email server on the LAN...

Do you know the specific IPTABLES syntax that will block that TCP Port 25 traffic from a specific public IP address?

-Thanks

-pete
 
Then you would use the FORWARD chain rather than INPUT. Try this:
Code:
iptables -I FORWARD -s 209.193.73.210 -d 192.168.50.10 -p tcp --dport 25 -j DROP

Change the destination address to that of your mail server.
 
Last edited:
Then you would use the FORWARD chain rather than INPUT. Try this:
Code:
iptables -I FORWARD -s 209.193.73.210 -d 192.168.50.10 -p tcp --dport 25 -j DROP

Change the destination address to that of your mail server.
Thanks Colin! I followed your syntax to the letter - changed 192.168.50.10 to my email server 10.0.253.4 and tried it...
No Joy...I think what I (maybe?) learning is that...when you use AsusMerlin Browser Interface and Port Forward TCP/25 to 10.0.253.4...that (web browser Asus forwarding) takes precedent over any additional IP Tables "commands" you might want to setup...
I remoted into my email server 10.0.254.4 and opened a Telnet session (port 25) to 209.193.73.210 and it still connected. Seems like once you configure your WAN Interface to forward TCP port 25...it's (game over??) after that point. Thanks again for taking the time to reply.
-pete
 
I remoted into my email server 10.0.254.4 and opened a Telnet session (port 25) to 209.193.73.210 and it still connected. Seems like once you configure your WAN Interface to forward TCP port 25...it's (game over??) after that point.
Sorry, I thought you wanted to do this the other way around?

You said you wanted to block connections (from the internet) coming into your router and being forwarded to a mail server on your LAN (10.0.254.4).

Now you're saying that you're trying to block outgoing connections from 10.0.254.4 to 209.193.73.210. I'm confused.
 
Thanks Colin! I followed your syntax to the letter - changed 192.168.50.10 to my email server 10.0.253.4 and tried it...
No Joy...I think what I (maybe?) learning is that...when you use AsusMerlin Browser Interface and Port Forward TCP/25 to 10.0.253.4...that (web browser Asus forwarding) takes precedent over any additional IP Tables "commands" you might want to setup...
I remoted into my email server 10.0.254.4 and opened a Telnet session (port 25) to 209.193.73.210 and it still connected. Seems like once you configure your WAN Interface to forward TCP port 25...it's (game over??) after that point. Thanks again for taking the time to reply.
-pete
 
FIXED! and Working! Asus Merlin now "protecting my email server" Example below.

Example is from my: /jffs/scripts/firewall-start

Subnet 101.53.144.0 is located in Noida (Bakhtāwarpur), India
I have no interest in allowing (any) connections to my email server - from anywhere inside of India.

EXAMPLE: iptables -I FORWARD -s 101.53.144.0/24 -j DROP

Thanks again!!!
 
FIXED! and Working! Asus Merlin now "protecting my email server" Example below.

Example is from my: /jffs/scripts/firewall-start

Subnet 101.53.144.0 is located in Noida (Bakhtāwarpur), India
I have no interest in allowing (any) connections to my email server - from anywhere inside of India.

EXAMPLE: iptables -I FORWARD -s 101.53.144.0/24 -j DROP

Thanks again!!!
Yes, A reply and a thank you!
-pete
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top