Re: Make WAN address always respond as such (iptables rules?)

Andrew Jorgensen Tue, 23 Jan 2007 07:35:36 -0800

On 1/22/07, Shane Hathaway <[EMAIL PROTECTED]> wrote:

What does iptables -L tell you?  Do the forwarding rules specify an
--in-interface (-i)?  Maybe you can just eliminate that part of the
conditions.


This is pretty much the default state on OpenWRT with a couple of
ports accepted and a couple forwarded:

# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere            state INVALID
ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED
DROP       tcp  --  anywhere             anywhere            tcp
option=!2 flags:SYN/SYN
input_rule  all  --  anywhere             anywhere
LAN_ACCEPT  all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     gre  --  anywhere             anywhere
REJECT     tcp  --  anywhere             anywhere
reject-with tcp-reset
REJECT     all  --  anywhere             anywhere
reject-with icmp-port-unreachable

Chain FORWARD (policy DROP)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere            state INVALID
TCPMSS     tcp  --  anywhere             anywhere            tcp
flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED
forwarding_rule  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain LAN_ACCEPT (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy DROP)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere            state INVALID
ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED
output_rule  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     tcp  --  anywhere             anywhere
reject-with tcp-reset
REJECT     all  --  anywhere             anywhere
reject-with icmp-port-unreachable

Chain forward_vlan1 (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             joshua

Chain forwarding_rule (1 references)
target     prot opt source               destination
forward_vlan1  all  --  anywhere             anywhere

Chain input_rule (1 references)
target     prot opt source               destination
input_vlan1  all  --  anywhere             anywhere

Chain input_vlan1 (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            multiport
dports 80,5010

Chain output_rule (1 references)
target     prot opt source               destination

/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/

Re: Make WAN address always respond as such (iptables rules?)

Reply via email to