"Bug in builds over 17000"

Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware
Author Message
Pattagghiu
DD-WRT User


Joined: 06 Apr 2014
Posts: 75

PostPosted: Fri Jan 16, 2015 19:02    Post subject: "Bug in builds over 17000" Reply with quote
Hello all.
since it's been a while since my last 30/30/30 - even if i updated firmware some times.. - i was checking my commands and found in the firewall section this one

Code:
#Enable NAT on the WAN port to correct a bug in builds over 17000
iptables -t nat -I POSTROUTING -o `get_wanface` -j SNAT --to `nvram get wan_ipaddr`


So i was wondering if this is yet a command needed or i can remove it Smile

then i have all commands regarding the guest network, and i do not think something changed in new builds to avoid these

Code:

#Allow br1 access to br0, the WAN, and any other subnets (required if SPI firewall is on)
iptables -I FORWARD -i br1 -m state --state NEW -j ACCEPT
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

#Restrict br1 from accessing br0 (do not use on WAP's)
iptables -I FORWARD -i br1 -o br0 -m state --state NEW -j DROP

#Restrict br1 from accessing the WAN subnet (still has internet, do not use on WAP's)
iptables -I FORWARD -i br1 -d `nvram get wan_ipaddr`/`nvram get wan_netmask` -m state --state NEW -j DROP

#Restrict br1 from accessing the router's local sockets (software running on the router)
iptables -I INPUT -i br1 -m state --state NEW -j DROP

#Allow br1 to access DHCP on the router
iptables -I INPUT -i br1 -p udp --dport 67 -j ACCEPT

#Allow br1 to access DNS on the router
iptables -I INPUT -i br1 -p udp --dport 53 -j ACCEPT
iptables -I INPUT -i br1 -p tcp --dport 53 -j ACCEPT


Thanks!
Sponsor
Pattagghiu
DD-WRT User


Joined: 06 Apr 2014
Posts: 75

PostPosted: Fri Jan 16, 2015 19:06    Post subject: Reply with quote
so maybe i'm wrong regarding guest network?

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=277811

no more br1 needed? no more iptables commands to lock wrong access?

_________________
--
Netgear WNDR3700 v.2 - 26081
Tp-Link TL-WR841N v.9.2- 25934
tatsuya46
DD-WRT Guru


Joined: 03 Jan 2010
Posts: 7568
Location: YWG, Canada

PostPosted: Fri Jan 16, 2015 19:19    Post subject: Reply with quote
dont need iptables or br1
_________________
LATEST FIRMWARE(S)

BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers

[x86_64] Haswell i3-4150/QCA9984/QCA9882 ------> r55488 std
[QUALCOMM] DIR-862L --------------------------------> r55460 std
▲ ACTIVE / INACTIVE ▼
[QUALCOMM] WNDR4300 v1 --------------------------> r50485 std
[BROADCOM] DIR-860L A1 ----------------------------> r50485 std


Sigh.. why do i exist anyway.. | I love you Anthony.. never forget that.. my other 99% that ill never see again..

Pattagghiu
DD-WRT User


Joined: 06 Apr 2014
Posts: 75

PostPosted: Fri Jan 16, 2015 19:20    Post subject: Reply with quote
very good, so it's time to start again from a brand new nvram Smile
_________________
--
Netgear WNDR3700 v.2 - 26081
Tp-Link TL-WR841N v.9.2- 25934
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum