I manually changed my anyways, as we are in the same region
Firewall -Network Services Filter
- Thread starter sammyano
- Start date
I manually changed my anyways, as we are in the same region
ColinTaylor
Part of the Furniture
I've just tried it again here and it works fine. Can you post the complete output of this command on your router please.
Code:
iptables-save | grep FORWARDHello ColinTaylor, see the output below
ASUSWRT-Merlin RT-AC66U_3.0.0.4 Sun Aug 17 20:10:42 UTC 2014
admin@RT-AC66U:/tmp/home/root# iptables-save | grep FORWARD
:FORWARD ACCEPT [37042385:23151706064]
:FORWARD DROP [0:0]
-A FORWARD -i br0 -m time --timestart 07:00 --timestop 23:00 --days Sun -m mac --mac-source B0:14:75:E1:2C:12 -j PControls
-A FORWARD -i br0 -m time --timestart 07:00 --timestop 23:00 --days Mon -m mac --mac-source B0:14:75:E1:2C:12 -j PControls
-A FORWARD -i br0 -m time --timestart 07:00 --timestop 23:00 --days Tue -m mac --mac-source B0:14:75:E1:2C:12 -j PControls
-A FORWARD -i br0 -m time --timestart 07:00 --timestop 23:00 --days Wed -m mac --mac-source B0:14:75:E1:2C:12 -j PControls
-A FORWARD -i br0 -m time --timestart 07:00 --timestop 23:00 --days Thu -m mac --mac-source B0:14:75:E1:2C:12 -j PControls
-A FORWARD -i br0 -m time --timestart 07:00 --timestop 23:00 --days Fri -m mac --mac-source B0:14:75:E1:2C:12 -j PControls
-A FORWARD -i br0 -m time --timestart 07:00 --timestop 23:00 --days Sat -m mac --mac-source B0:14:75:E1:2C:12 -j PControls
-A FORWARD -i br0 -m mac --mac-source B0:14:75:E1:2C:12 -j DROP
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i ! br0 -o eth0 -j DROP
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD -i br0 -o br0 -j ACCEPT
-A FORWARD -i eth0 -p icmp -j DROP
-A FORWARD -m conntrack --ctstate DNAT -j ACCEPT
-A FORWARD -i br0 -j ACCEPT
admin@RT-AC66U:/tmp/home/root#
cheers mate
ColinTaylor
Part of the Furniture
That output shows that you are using Parental Control! This discussion is about Network Services Filter.
UPDATE: OK It looks like you can't have Parental Control and Network Services Filter both active at the same time.
UPDATE: OK It looks like you can't have Parental Control and Network Services Filter both active at the same time.
Last edited:
Sorry mate - I forgot to that I remove the Network Service Filter last night - please see output -
RT-AC66U login: Admin
Password:
ASUSWRT-Merlin RT-AC66U_3.0.0.4 Sun Aug 17 20:10:42 UTC 2014
admin@RT-AC66U:/tmp/home/root# iptables-save | grep FORWARD
:FORWARD ACCEPT [37482672:23572138956]
:FORWARD DROP [0:0]
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i ! br0 -o eth0 -j DROP
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD -i br0 -o br0 -j ACCEPT
-A FORWARD -i eth0 -p icmp -j DROP
-A FORWARD -s 192.168.1.102 -i br0 -o eth0 -p tcp -m time --timestop 06:59 --days Sun -j DROP
-A FORWARD -s 192.168.1.102 -i br0 -o eth0 -p tcp -m time --timestart 23:00 --days Sun -j DROP
-A FORWARD -s 192.168.1.102 -i br0 -o eth0 -p tcp -m time --timestop 06:59 --days Mon -j DROP
-A FORWARD -s 192.168.1.102 -i br0 -o eth0 -p tcp -m time --timestart 22:30 --days Mon -j DROP
-A FORWARD -s 192.168.1.102 -i br0 -o eth0 -p tcp -m time --timestop 06:59 --days Tue -j DROP
-A FORWARD -s 192.168.1.102 -i br0 -o eth0 -p tcp -m time --timestart 22:30 --days Tue -j DROP
-A FORWARD -s 192.168.1.102 -i br0 -o eth0 -p tcp -m time --timestop 06:59 --days Wed -j DROP
-A FORWARD -s 192.168.1.102 -i br0 -o eth0 -p tcp -m time --timestart 22:30 --days Wed -j DROP
-A FORWARD -s 192.168.1.102 -i br0 -o eth0 -p tcp -m time --timestop 06:59 --days Thu -j DROP
-A FORWARD -s 192.168.1.102 -i br0 -o eth0 -p tcp -m time --timestart 22:30 --days Thu -j DROP
-A FORWARD -s 192.168.1.102 -i br0 -o eth0 -p tcp -m time --timestop 06:59 --days Fri -j DROP
-A FORWARD -s 192.168.1.102 -i br0 -o eth0 -p tcp -m time --timestart 22:30 --days Fri -j DROP
-A FORWARD -s 192.168.1.102 -i br0 -o eth0 -p tcp -m time --timestop 06:59 --days Sat -j DROP
-A FORWARD -s 192.168.1.102 -i br0 -o eth0 -p tcp -m time --timestart 23:00 --days Sat -j DROP
-A FORWARD -s 192.168.1.103 -i br0 -o eth0 -p tcp -m time --timestop 06:59 --days Sun -j DROP
-A FORWARD -s 192.168.1.103 -i br0 -o eth0 -p tcp -m time --timestart 23:00 --days Sun -j DROP
-A FORWARD -s 192.168.1.103 -i br0 -o eth0 -p tcp -m time --timestop 06:59 --days Mon -j DROP
-A FORWARD -s 192.168.1.103 -i br0 -o eth0 -p tcp -m time --timestart 22:30 --days Mon -j DROP
-A FORWARD -s 192.168.1.103 -i br0 -o eth0 -p tcp -m time --timestop 06:59 --days Tue -j DROP
-A FORWARD -s 192.168.1.103 -i br0 -o eth0 -p tcp -m time --timestart 22:30 --days Tue -j DROP
-A FORWARD -s 192.168.1.103 -i br0 -o eth0 -p tcp -m time --timestop 06:59 --days Wed -j DROP
-A FORWARD -s 192.168.1.103 -i br0 -o eth0 -p tcp -m time --timestart 22:30 --days Wed -j DROP
-A FORWARD -s 192.168.1.103 -i br0 -o eth0 -p tcp -m time --timestop 06:59 --days Thu -j DROP
-A FORWARD -s 192.168.1.103 -i br0 -o eth0 -p tcp -m time --timestart 22:30 --days Thu -j DROP
-A FORWARD -s 192.168.1.103 -i br0 -o eth0 -p tcp -m time --timestop 06:59 --days Fri -j DROP
-A FORWARD -s 192.168.1.103 -i br0 -o eth0 -p tcp -m time --timestart 22:30 --days Fri -j DROP
-A FORWARD -s 192.168.1.103 -i br0 -o eth0 -p tcp -m time --timestop 06:59 --days Sat -j DROP
-A FORWARD -s 192.168.1.103 -i br0 -o eth0 -p tcp -m time --timestart 23:00 --days Sat -j DROP
-A FORWARD -i br0 -o eth0 -j ACCEPT
-A FORWARD -m conntrack --ctstate DNAT -j ACCEPT
-A FORWARD -i br0 -j ACCEPT
admin@RT-AC66U:/tmp/home/root#
ColinTaylor
Part of the Furniture
Well those settings are identical to mine and it works for me.
So unless you had accidentally left Parental Control turned on I can't see why it isn't working.
The only possible causes I can think of:
1) You're WAN interface isn't eth0 (i.e. you're using a VPN or 3G modem to connect to the internet)
2) The client IP addresses are not 192.168.1.102 and 192.168.1.103 (a mistake in DHCP or perhaps because you're using a wireless repeater)
3) The clients are on a guest wireless network (just a guess)
4) There's a bug in the iptables version on the AC66U that isn't on the N66U version.
5) something else....
So unless you had accidentally left Parental Control turned on I can't see why it isn't working.
The only possible causes I can think of:
1) You're WAN interface isn't eth0 (i.e. you're using a VPN or 3G modem to connect to the internet)
2) The client IP addresses are not 192.168.1.102 and 192.168.1.103 (a mistake in DHCP or perhaps because you're using a wireless repeater)
3) The clients are on a guest wireless network (just a guess)
4) There's a bug in the iptables version on the AC66U that isn't on the N66U version.
5) something else....
I'd say this -"So unless you had accidentally left Parental Control turned on I can't see why it isn't working." - which I have removed now and will report back later based my my selected times
ColinTaylor
Part of the Furniture
You're welcome.
I don't know whether that behaviour is a bug or by design. Maybe RMerlin can tell us?
If it's meant to be like that then I think there should be a warning somewhere in the GUI, because it's not obvious.
Looking for closure
Did we get definitive answer yet?
//been grateful for Merlin efforts, all around//
Parental:
I want to block a printer from ET-phoning-home on cartridges so I use parental controls for broad time based access (deny all)
NSF:
I NEVER want my devices using goog-8.8.8.8/4.4/etc, so I want to use specific destination filtering.
Now I'm reading that:
* NAT H/W Accel cannot be leveraged with one or both of these other services?
* Parental interferes with NSF?
STATIC:
I've also seen workarounds for static routes back to LAN IP w/ metric of 2 which returns unreachable response...
Can I use NSF for all above and not have to disable H/W accel? (would be nice to have all offered services work in harmony?)
Grazie/ciao,
Enzo
Did we get definitive answer yet?
//been grateful for Merlin efforts, all around//
Parental:
I want to block a printer from ET-phoning-home on cartridges so I use parental controls for broad time based access (deny all)
NSF:
I NEVER want my devices using goog-8.8.8.8/4.4/etc, so I want to use specific destination filtering.
Now I'm reading that:
* NAT H/W Accel cannot be leveraged with one or both of these other services?
* Parental interferes with NSF?
STATIC:
I've also seen workarounds for static routes back to LAN IP w/ metric of 2 which returns unreachable response...
Can I use NSF for all above and not have to disable H/W accel? (would be nice to have all offered services work in harmony?)
Grazie/ciao,
Enzo
ColinTaylor
Part of the Furniture
ColinTaylor
Part of the Furniture
Similar threads
Similar threads
Similar threads
-
Unable to edit Firewall - Network Services Filter Table on RT-AX88U Pro (fw. 388.3)
- Started by tdrbox
- Replies: 30
-
-
-
-
How to open ipv6 firewall to a port on the router?
- Started by John Tetreault
- Replies: 4
-
Port Forwarding and Firewall - not working as I expect
- Started by chrisisbd
- Replies: 4
-
IPv4 Firewall/Port-Forwarding - Appear to be the same thing on Asuswrt
- Started by chrisisbd
- Replies: 4
-
-
-
Cannot ping/skynet will not work while Firewall is Enabled.
- Started by spinfuzer
- Replies: 2
Latest threads
-
-
How to use the XT8 logs to troubleshoot?
- Started by rudedog71
- Replies: 0
-
-
-
ASUS AX-11000 Pro - 5GB Fiber
- Started by Tricky111
- Replies: 1
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!