Jump to content
Not connected, Your IP: 54.234.184.8
tamitos

iptables and DD wrt on R7000

Recommended Posts

Currently, I divide my wireless SSID into two sets. I bridge WAN, LAN1, LAN2, LAN3, eth1 and eth2 as br0. br1 is set as wl1.1 and vlan3.

 

If I want to force br0 to use OpenVPN, br1 uses outside tunnel network, how can I set it up?

 

Right now I write iptables as following.

 

#Enable NAT on the WAN (Correct a BUG)
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`

#Restrict br1 from accessing br0
iptables -I FORWARD -i br1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j logdrop
iptables -I FORWARD -i br1 -o br0 -m state --state NEW -j logdrop

#Restrict br1 from accessing tun1
iptables -I FORWARD -i br1 -o tun1 -m state --state NEW -j logdrop

#Restrict br1 from accessing the router
#iptables -I INPUT -i br1 -m state --state NEW -j DROP

#Allow br1 to access DHCP on the router
iptables -I INPUT -i br1 -p udp --dport 67 -j ACCEPT

#Allow br1 to access DNS on the router
iptables -I INPUT -i br1 -p udp --dport 53 -j ACCEPT
iptables -I INPUT -i br1 -p tcp --dport 53 -j ACCEPT

#Allow br0 to access DNS on the router
iptables -I INPUT -i br0 -p udp --dport 53 -j ACCEPT
iptables -I INPUT -i br0 -p tcp --dport 53 -j ACCEPT

 

 

Device : R7000 using Firmware: DD-WRT v3.0-r29440M kongac (04/19/16) with YAMON

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...