Prihlásiť sa Odoslať Novinky :: FAQ :: Rozšírené vyhľadávanie :: Napísali o nás :: Ankety
Main Menu
· Home
· 
· FAQ
· 
· Diskusia
· 











Main Menu
· Domov

Moduly
· AvantGo
· Downloads
· FAQ
· News
· Recommend Us
· Reviews
· Search
· Sections
· Stats
· Topics
· Top List
· Web Links
· Forum

Jazyk
Výber jazykovej mutácie:



The time now is 29.03.2024 - 03:21


IPtables na DD-WRT

Post new topic Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
 
Author Message
bagocina
Post subject: IPtables na DD-WRT  PostPosted: 27.01.2015 - 09:13 #108255
Basic


Joined: Júl 25, 2011
Posts: 47
Location: Bratislava
Zdravím vospolok

Mám taký problémik s rozbehaním blokovania portov na TP-Linku WR741ND v4. Mám tam DD-WRT, no ako sa snažím tak sa snažím, porty neblokuje ani za svet. Potreboval aby som aby boli dostupné len porty 80 a 443. Pregooglil som dva dni skúšal aj z DD-WRT Wiki

Code: › iptables -I FORWARD 1 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I FORWARD 2 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I FORWARD 3 -j DROP


aj vygooglené
Code: ›
iptables -F
iptables -P INPUT DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -j DROP


no za živý svet. Stále mám všetko dostupné.

Vopred ďakujem z pomoc.


Last edited by bagocina on 27.01.2015 - 10:29; edited 1 time in total
 
 View user's profile Send private message Visit poster's website MSN Messenger ICQ Number 
Reply with quote Back to top
deadbiker
Post subject: IPtables na DD-WRT  PostPosted: 27.01.2015 - 09:37 #108256
Basic


Joined: Nov 11, 2009
Posts: 195

Asi najdolezitejsie je uviest aky build pouzivas. Je dost mozne ze ma nejaky problem. Ja si napriklad pamatam na situaciu ked nefungoval portfowarding.
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
bagocina
Post subject: RE: IPtables na DD-WRT  PostPosted: 27.01.2015 - 09:38 #108257
Basic


Joined: Júl 25, 2011
Posts: 47
Location: Bratislava
DD-WRT v24-sp2 (03/25/13) std
(SVN revision 21061)
 
 View user's profile Send private message Visit poster's website MSN Messenger ICQ Number 
Reply with quote Back to top
deadbiker
Post subject: RE: IPtables na DD-WRT  PostPosted: 27.01.2015 - 09:53 #108259
Basic


Joined: Nov 11, 2009
Posts: 195

Takze tam mas ten build co ponuka "ddwrt database" , ale uz ten 21061 je z 2013 roku. Ak mas cas skus uplne posledny co je na stiahnutie [url]http://dd-wrt.com/site/support/other-downloads?path=others%2Feko%2FBrainSlayer-V24-preSP2%2F
[/url] webflash image. Ja som "posledny 25697" nahral len do dir-600 a wrt54gl. Ci ma nejake muchy netusim.. ale zatial som na nic nenarazil kedze sluzia ako domaci router s portfowardingom. Skus.. Urob si backup konfiguracie predtym nez to reflashnes tou novou verziou. A este pri upgradu mozes nechat "After flashing, reset to" na "Dont reset" a ponecha ti to povodnu konfiguraciu (IP adresu, pravidla a ine...).

Ale ak mas cas mozes skusit googlovat ci ten starsi build nemal chybu vo firewalle.


Last edited by deadbiker on 27.01.2015 - 10:20; edited 1 time in total
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
bagocina
Post subject: RE: IPtables na DD-WRT  PostPosted: 27.01.2015 - 10:19 #108260
Basic


Joined: Júl 25, 2011
Posts: 47
Location: Bratislava
Spravil som upgrade, no bez výsledku. Stále rovnaké chovanie pri všetkých variantách.

Len čo ma zaujalo je z DD-WRT Wiki

Code: › iptables -I FORWARD 1 -p tcp -m multiport --dports 80,443 -j ACCEPT
iptables -I FORWARD 2 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I FORWARD 3 -j DROP


( http://www.dd-wrt.com/wiki/index.php/Iptables_command#Block_all_traffic_except_HTTP_HTTPS_and_FTP )

tak namiesto povolenia len 80 a 443 mi odpáli kompletne všetko.
 
 View user's profile Send private message Visit poster's website MSN Messenger ICQ Number 
Reply with quote Back to top
deadbiker
Post subject: RE: IPtables na DD-WRT  PostPosted: 27.01.2015 - 10:27 #108261
Basic


Joined: Nov 11, 2009
Posts: 195

Mam len otazku kam to vlastne zadavas?
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
bagocina
Post subject: RE: IPtables na DD-WRT  PostPosted: 27.01.2015 - 10:28 #108262
Basic


Joined: Júl 25, 2011
Posts: 47
Location: Bratislava
Do Command Shell a ukladám ako Firewall.
 
 View user's profile Send private message Visit poster's website MSN Messenger ICQ Number 
Reply with quote Back to top
JOFO
Post subject: RE: IPtables na DD-WRT  PostPosted: 27.01.2015 - 11:06 #108263
Majster


Joined: Jan 08, 2006
Posts: 2583

To bude tym, ze mas zle poradie pravidiel... Spravne by malo byt takto
Code: ›
iptables -I FORWARD 3 -j DROP
iptables -I FORWARD 2 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I FORWARD 1 -p tcp -m multiport --dports 80,443 -j ACCEPT

To co mas ty ako prve dropne vsetko, takze na dalsie dve pravidla sa uz nedostane Smile
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
deadbiker
Post subject: RE: IPtables na DD-WRT  PostPosted: 27.01.2015 - 11:10 #108264
Basic


Joined: Nov 11, 2009
Posts: 195

lepsie bolo vypisat celu tabulku ipables -L
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
bagocina
Post subject: RE: IPtables na DD-WRT  PostPosted: 27.01.2015 - 11:57 #108266
Basic


Joined: Júl 25, 2011
Posts: 47
Location: Bratislava
Jofo: Dal som to v opačnom poradí ako si písal, no efekt rovnaký, ako som to mal predtým. Všetko odreže od sveta.

deadbiker:

Code: › Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED
DROP       udp  --  anywhere             anywhere            udp dpt:route
DROP       udp  --  anywhere             anywhere            udp dpt:route
ACCEPT     udp  --  anywhere             anywhere            udp dpt:route
ACCEPT     0    --  anywhere             anywhere           
ACCEPT     tcp  --  anywhere             Zoska_018           tcp dpt:www
DROP       icmp --  anywhere             anywhere           
DROP       igmp --  anywhere             anywhere           
ACCEPT     0    --  anywhere             anywhere            state NEW
ACCEPT     0    --  anywhere             anywhere            state NEW
DROP       0    --  anywhere             anywhere           
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere            multiport dports www,https
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     gre  --  192.168.0.0/16       anywhere           
DROP       0    --  anywhere             anywhere           
ACCEPT     tcp  --  192.168.0.0/16       anywhere            tcp dpt:1723
lan2wan    0    --  anywhere             anywhere           
ACCEPT     0    --  anywhere             anywhere           
ACCEPT     0    --  anywhere             anywhere           
TRIGGER    0    --  anywhere             anywhere            TRIGGER type:in match:0 relate:0
trigger_out  0    --  anywhere             anywhere           
ACCEPT     0    --  anywhere             anywhere            state NEW
DROP       0    --  anywhere             anywhere           
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     0    --  anywhere             anywhere           
Chain advgrp_1 (0 references)
target     prot opt source               destination         
Chain advgrp_10 (0 references)
target     prot opt source               destination         
Chain advgrp_2 (0 references)
target     prot opt source               destination         
Chain advgrp_3 (0 references)
target     prot opt source               destination         
Chain advgrp_4 (0 references)
target     prot opt source               destination         
Chain advgrp_5 (0 references)
target     prot opt source               destination         
Chain advgrp_6 (0 references)
target     prot opt source               destination         
Chain advgrp_7 (0 references)
target     prot opt source               destination         
Chain advgrp_8 (0 references)
target     prot opt source               destination         
Chain advgrp_9 (0 references)
target     prot opt source               destination         
Chain grp_1 (1 references)
target     prot opt source               destination         
Chain grp_10 (0 references)
target     prot opt source               destination         
Chain grp_2 (0 references)
target     prot opt source               destination         
Chain grp_3 (0 references)
target     prot opt source               destination         
Chain grp_4 (0 references)
target     prot opt source               destination         
Chain grp_5 (0 references)
target     prot opt source               destination         
Chain grp_6 (0 references)
target     prot opt source               destination         
Chain grp_7 (0 references)
target     prot opt source               destination         
Chain grp_8 (0 references)
target     prot opt source               destination         
Chain grp_9 (0 references)
target     prot opt source               destination         
Chain lan2wan (1 references)
target     prot opt source               destination         
grp_1      0    --  anywhere             anywhere           
Chain logaccept (0 references)
target     prot opt source               destination         
LOG        0    --  anywhere             anywhere            state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `ACCEPT '
ACCEPT     0    --  anywhere             anywhere           
Chain logdrop (0 references)
target     prot opt source               destination         
LOG        0    --  anywhere             anywhere            state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `DROP '
LOG        0    --  anywhere             anywhere            state INVALID LOG level warning tcp-sequence tcp-options ip-options prefix `DROP '
DROP       0    --  anywhere             anywhere 
 
 View user's profile Send private message Visit poster's website MSN Messenger ICQ Number 
Reply with quote Back to top
Display posts from previous:     
All times are GMT
Post new topic Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
 
Jump to:  

Powered by PNphpBB2 © 2003-2005 The PNphpBB Group
Credits

(C) SKFree 2002-2010: Powered by POSTNUKE. Môžete prebera? naše správy vo formáte XML(RSS)