Blocking all traffic except certain websites and FTP

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
gps_dave
DD-WRT Novice


Joined: 05 Nov 2009
Posts: 11

PostPosted: Sat Apr 06, 2013 20:07    Post subject: Blocking all traffic except certain websites and FTP Reply with quote
I run 1/2 dozen laptops (wired & wireless) off my iPhone tethered to my WRT54GS.
Everything works great but I would like to block everything (all ports and websites) except specific websites and our FTP.
I created some firewall rules but the FTP will not connect. It will resolve the DNS.

Can someone see what I'm missing or have done wrong please and thanks.

I use Filezilla server and client.
FTP is connecting to "ftp.xxxxxxx.org"
Our site is "www.xxxxxxx.org"

Code:
iptables -I FORWARD 1 -p tcp -d sportsonephoto.com --dport 80 -j ACCEPT
iptables -I FORWARD 2 -p tcp -d xxxxxxx.org multiport --dport 21,80 -j ACCEPT
iptables -I FORWARD 3 -p tcp -d google.ca --dport 80 -j ACCEPT
iptables -I FORWARD 4 -p tcp -d msicanada.net --dport 80 -j ACCEPT
iptables -I FORWARD 5 -p tcp -d dd-wrt.com --dport 80 -j ACCEPT
iptables -I FORWARD 6 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I FORWARD 7 -j DROP
Sponsor
gps_dave
DD-WRT Novice


Joined: 05 Nov 2009
Posts: 11

PostPosted: Sun Apr 07, 2013 21:44    Post subject: Reply with quote
Just posting my findings so if anyone else runs into this it might help.

After a good nights sleep, it dawned on my to get rid of the -dport on the domains. This was it allows all ports specified on that domain including the random passive ports for the FTP.
I also allowed port 53 so any systems could go directly to the DNS servers specified in the various computers.

Code:
iptables -I FORWARD 1 -p tcp --dport 53 -j ACCEPT
iptables -I FORWARD 2 -p tcp -d sportsonephoto.com -j ACCEPT
iptables -I FORWARD 3 -p tcp -d xxxxxxx.org -j ACCEPT
iptables -I FORWARD 4 -p tcp -d google.ca -j ACCEPT
iptables -I FORWARD 5 -p tcp -d msicanada.net -j ACCEPT
iptables -I FORWARD 6 -p tcp -d dd-wrt.com -j ACCEPT
iptables -I FORWARD 7 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I FORWARD 8 -j DROP
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum