iptables and DD wrt on R7000

[tamitos 0]

Currently, I divide my wireless SSID into two sets. I bridge WAN, LAN1, LAN2, LAN3, eth1 and eth2 as br0. br1 is set as wl1.1 and vlan3.

 

If I want to force br0 to use OpenVPN, br1 uses outside tunnel network, how can I set it up?

 

Right now I write iptables as following.

 

#Enable NAT on the WAN (Correct a BUG)
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`

#Restrict br1 from accessing br0
iptables -I FORWARD -i br1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j logdrop
iptables -I FORWARD -i br1 -o br0 -m state --state NEW -j logdrop

#Restrict br1 from accessing tun1
iptables -I FORWARD -i br1 -o tun1 -m state --state NEW -j logdrop

#Restrict br1 from accessing the router
#iptables -I INPUT -i br1 -m state --state NEW -j DROP

#Allow br1 to access DHCP on the router
iptables -I INPUT -i br1 -p udp --dport 67 -j ACCEPT

#Allow br1 to access DNS on the router
iptables -I INPUT -i br1 -p udp --dport 53 -j ACCEPT
iptables -I INPUT -i br1 -p tcp --dport 53 -j ACCEPT

#Allow br0 to access DNS on the router
iptables -I INPUT -i br0 -p udp --dport 53 -j ACCEPT
iptables -I INPUT -i br0 -p tcp --dport 53 -j ACCEPT

 

 

Device : R7000 using Firmware: DD-WRT v3.0-r29440M kongac (04/19/16) with YAMON

[cm0s 118]

i like having the routers just route traffic and handle the firewall from the boxes

[tamitos 0]

My solution right now is using Asus merlin fw. It provides routing policy gui.

[cm0s 118]

WWGD ?