Hi all,
I'm trying to block (ssh) connections from one LAN IP: 192.168.2.6 to another LAN IP: 192.168.2.50 using iptables or ebtables, but so far no luck.
Here's what I tried so far:
I tried all other chains as well (INPUT, OUTPUT, FORWARD, etc.), same result - I can still connect.
Then I did the same with the iptables - same result.
Then I enabled logging on every chain and I noticed that in the dmesg output, the destination IP is always the IP of the bridge, not the 192.168.2.50 ip address as I was expecting.
Example:
So in the dmesg output I can see the communication between 192.168.2.6 and 192.168.2.1 and also between 192.168.2.1 and 192.168.2.50, but there is no log entry such as SRC=192.168.2.6 DST=192.168.2.50.
How can I block the connections? Is it even possible using the bridge?
My device is RT-AC66U.
My operation mode is Wireless router.
I'm running the latest firmware: 380.67
Router LAN IP (br0): 192.168.2.1
Router WAN IP (eth0): 192.168.1.2
Thanks.
I'm trying to block (ssh) connections from one LAN IP: 192.168.2.6 to another LAN IP: 192.168.2.50 using iptables or ebtables, but so far no luck.
Here's what I tried so far:
Code:
ebtables -t broute -I BROUTING -p IPv4 --ip-proto tcp --ip-src 192.168
.2.6 --ip-dport 22 --ip-dst 192.168.2.50 -j DROP
Then I did the same with the iptables - same result.
Then I enabled logging on every chain and I noticed that in the dmesg output, the destination IP is always the IP of the bridge, not the 192.168.2.50 ip address as I was expecting.
Example:
Code:
FWLOG IN= OUT=vlan1 MAC source = 08:62:66:8d:22:20 MAC dest = 00:09:34:2c:46:7f proto = 0x0800 IP SRC=192.168.2.1 IP DST=192.168.2.50, IP tos=0x00, IP proto=17 SPT=53 DPT=1203
So in the dmesg output I can see the communication between 192.168.2.6 and 192.168.2.1 and also between 192.168.2.1 and 192.168.2.50, but there is no log entry such as SRC=192.168.2.6 DST=192.168.2.50.
How can I block the connections? Is it even possible using the bridge?
My device is RT-AC66U.
My operation mode is Wireless router.
I'm running the latest firmware: 380.67
Router LAN IP (br0): 192.168.2.1
Router WAN IP (eth0): 192.168.1.2
Thanks.