Author
Message
pipopoil DD-WRT Novice Joined: 13 Jul 2016 Posts: 5
Posted: Wed Jul 13, 2016 5:09 Post subject: Access restrictions not working
My attempts to restrict access to a web site for all devices on the network failed. Attached the screenshot from web UI and the iptable output.
Tried rebooting router, disabling SPI firewall, selecting all days instead of "Everyday", etc.
Firmware: DD-WRT v3.0-r30020M kongac (06/26/16)
Device: R7000
Any ideas?
Thanks in advance
Back to top
Sponsor
Mile-Lile DD-WRT Guru Joined: 24 Feb 2013 Posts: 1634 Location: Belgrade
Posted: Wed Jul 13, 2016 7:52 Post subject:
Code: 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 WEBSTR match host agar.io< > reject-with tcp-reset
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 WEBSTR match url agar.io< > reject-with tcp-reset
Code: 5 4005 advgrp_1 0 -- * * 192.168.1.64/26 0.0.0.0/0
5 2230 advgrp_1 0 -- * * 0.0.0.0/0 192.168.1.64/26
2347 497K advgrp_1 0 -- * * 192.168.1.128/26 0.0.0.0/0
2263 1580K advgrp_1 0 -- * * 0.0.0.0/0 192.168.1.128/26
can you post output of:
hide your public IP with x.x.x.x
Back to top
pipopoil DD-WRT Novice Joined: 13 Jul 2016 Posts: 5
Posted: Wed Jul 13, 2016 15:55 Post subject:
Mile-Lile wrote:
can you post output of:
hide your public IP with x.x.x.x
Attached.
Back to top
Mile-Lile DD-WRT Guru Joined: 24 Feb 2013 Posts: 1634 Location: Belgrade
Posted: Thu Jul 14, 2016 18:51 Post subject:
you didn't cleared cache from browser or something... it is working very good for me...
Code: root@Mickey:~# iptables -vnL advgrp_1
Chain advgrp_1 (4 references)
pkts bytes target prot opt in out source destination
24 15198 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 WEBSTR match host blic.rs< >agar.io< > reject-with tcp-reset
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 WEBSTR match url blic.rs< >agar.io< > reject-with tcp-reset
I tested blic.rs and agar.io... both blocked...
my Firefox says:
Quote: The connection was reset
Back to top
pipopoil DD-WRT Novice Joined: 13 Jul 2016 Posts: 5
Posted: Fri Jul 15, 2016 5:53 Post subject:
Mile-Lile wrote: you didn't cleared cache from browser or something... it is working very good for me...
Tried from Chrome and IE (Windows), Safari (Mac) and Firefox (Linux). With cleared caches and forced refresh (Ctrl-F5). In all cases the page and its assets download fine.
Attached:
1- fiddler screenshot and traces from windows that show that requests go through (http status code 200).
2- session from Linux where I connect to the router, run "iptables -vnL advgrp_1", log off back to the Linux box and successfully wget agar.io
Back to top
pipopoil DD-WRT Novice Joined: 13 Jul 2016 Posts: 5
Posted: Sun Jul 17, 2016 18:33 Post subject:
So, what are the next steps to figure out what's going on?
Back to top
pipopoil DD-WRT Novice Joined: 13 Jul 2016 Posts: 5
Posted: Tue Jul 26, 2016 4:27 Post subject:
anyone?
Back to top