Access restrictions not working

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
pipopoil
DD-WRT Novice


Joined: 13 Jul 2016
Posts: 5

PostPosted: Wed Jul 13, 2016 5:09    Post subject: Access restrictions not working Reply with quote
My attempts to restrict access to a web site for all devices on the network failed. Attached the screenshot from web UI and the iptable output.

Tried rebooting router, disabling SPI firewall, selecting all days instead of "Everyday", etc.

Firmware: DD-WRT v3.0-r30020M kongac (06/26/16)
Device: R7000

Any ideas?

Thanks in advance Smile
Sponsor
Mile-Lile
DD-WRT Guru


Joined: 24 Feb 2013
Posts: 1634
Location: Belgrade

PostPosted: Wed Jul 13, 2016 7:52    Post subject: Reply with quote
Code:
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           WEBSTR match host agar.io<&nbsp;> reject-with tcp-reset
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           WEBSTR match url agar.io<&nbsp;> reject-with tcp-reset


Code:
  5  4005 advgrp_1   0    --  *      *       192.168.1.64/26      0.0.0.0/0
    5  2230 advgrp_1   0    --  *      *       0.0.0.0/0            192.168.1.64/26
 2347  497K advgrp_1   0    --  *      *       192.168.1.128/26     0.0.0.0/0
 2263 1580K advgrp_1   0    --  *      *       0.0.0.0/0            192.168.1.128/26




can you post output of:

Quote:
cat /tmp/.ipt


hide your public IP with x.x.x.x
pipopoil
DD-WRT Novice


Joined: 13 Jul 2016
Posts: 5

PostPosted: Wed Jul 13, 2016 15:55    Post subject: Reply with quote
Mile-Lile wrote:


can you post output of:

Quote:
cat /tmp/.ipt


hide your public IP with x.x.x.x


Attached.
Mile-Lile
DD-WRT Guru


Joined: 24 Feb 2013
Posts: 1634
Location: Belgrade

PostPosted: Thu Jul 14, 2016 18:51    Post subject: Reply with quote
you didn't cleared cache from browser or something... it is working very good for me...

Code:
root@Mickey:~# iptables -vnL advgrp_1
Chain advgrp_1 (4 references)
 pkts bytes target     prot opt in     out     source               destination
   24 15198 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           WEBSTR match host blic.rs<&nbsp;>agar.io<&nbsp;> reject-with tcp-reset
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           WEBSTR match url blic.rs<&nbsp;>agar.io<&nbsp;> reject-with tcp-reset


I tested blic.rs and agar.io... both blocked...



my Firefox says:

Quote:
The connection was reset
pipopoil
DD-WRT Novice


Joined: 13 Jul 2016
Posts: 5

PostPosted: Fri Jul 15, 2016 5:53    Post subject: Reply with quote
Mile-Lile wrote:
you didn't cleared cache from browser or something... it is working very good for me...


Tried from Chrome and IE (Windows), Safari (Mac) and Firefox (Linux). With cleared caches and forced refresh (Ctrl-F5). In all cases the page and its assets download fine.

Attached:
1- fiddler screenshot and traces from windows that show that requests go through (http status code 200).
2- session from Linux where I connect to the router, run "iptables -vnL advgrp_1", log off back to the Linux box and successfully wget agar.io
pipopoil
DD-WRT Novice


Joined: 13 Jul 2016
Posts: 5

PostPosted: Sun Jul 17, 2016 18:33    Post subject: Reply with quote
So, what are the next steps to figure out what's going on?
pipopoil
DD-WRT Novice


Joined: 13 Jul 2016
Posts: 5

PostPosted: Tue Jul 26, 2016 4:27    Post subject: Reply with quote
anyone?
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum