Port Forwarding with IP Blocking?

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
sumguy
DD-WRT Novice


Joined: 07 Sep 2013
Posts: 11

PostPosted: Sat Oct 03, 2015 22:58    Post subject: Port Forwarding with IP Blocking? Reply with quote
Any router will allow me to forward incoming port-25 traffing to a specific LAN IP - something that I do now for my email server.

Can DD-WRT go one step further, and allow me to add IP blocking rules to my port-forwarding setting? Where the blocking would only apply to incoming traffic on port-by-port basis?

Regarding plain vanilla port-forwarding, how many entries does DD-WRT allow?
Sponsor
mwbuss8
DD-WRT Guru


Joined: 23 Feb 2015
Posts: 751

PostPosted: Sun Oct 04, 2015 3:50    Post subject: Reply with quote
http://www.dd-wrt.com/wiki/index.php/Port_Forwarding

Scroll down to "port forwarding using the console". I believe you could do something like:

iptables -t nat -I PREROUTING -p tcp --dport <EXTERNAL_PORT> -j DNAT --to <INTERNAL_IP>:<INTERNAL_PORT>
iptables -I FORWARD -p tcp -d <INTERNAL_IP> --dport <INTERNAL_PORT> -j ACCEPT
iptables -I FORWARD -p tcp -d <INTERNAL_IP> --dport <INTERNAL_PORT> -j REJECT -s <EXTERNAL_IP>

Just repeat the last rule and change the external IP if you want to block multiple IPs. Save as firewall.
sumguy
DD-WRT Novice


Joined: 07 Sep 2013
Posts: 11

PostPosted: Sun Oct 04, 2015 15:29    Post subject: Reply with quote
So the DD-WRT web interface does not give you the ability to create / edit a table of IP addresses (either individually or in CIDR notation) that represent a white or black list of external hosts to which a specific port-forward rule applies to. Yes?

The blocking list my mail server uses has almost 10,000 entries that cover over 75% of IPv4 address space, causing my server to issue SMTP "connection refused" errors to the remote host. Of those many thousands of entries, about 50 of them are entire /8 "A" classes which would be useful to offload the blocking to the router instead of the mail server.

Getting back to DD-WRT's web interface for NAT configuration, does either the web interface (or DD-WRT in general) have an upper limit as to the number of port-forward rules you can have?
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum