"Bug in builds over 17000"

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Atheros WiSOC based Hardware
Author Message
Pattagghiu
DD-WRT User


Joined: 06 Apr 2014
Posts: 50

PostPosted: Fri Jan 16, 2015 19:02    Post subject: "Bug in builds over 17000" Reply with quote
Hello all.
since it's been a while since my last 30/30/30 - even if i updated firmware some times.. - i was checking my commands and found in the firewall section this one

Code:
#Enable NAT on the WAN port to correct a bug in builds over 17000
iptables -t nat -I POSTROUTING -o `get_wanface` -j SNAT --to `nvram get wan_ipaddr`


So i was wondering if this is yet a command needed or i can remove it Smile

then i have all commands regarding the guest network, and i do not think something changed in new builds to avoid these

Code:

#Allow br1 access to br0, the WAN, and any other subnets (required if SPI firewall is on)
iptables -I FORWARD -i br1 -m state --state NEW -j ACCEPT
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

#Restrict br1 from accessing br0 (do not use on WAP's)
iptables -I FORWARD -i br1 -o br0 -m state --state NEW -j DROP

#Restrict br1 from accessing the WAN subnet (still has internet, do not use on WAP's)
iptables -I FORWARD -i br1 -d `nvram get wan_ipaddr`/`nvram get wan_netmask` -m state --state NEW -j DROP

#Restrict br1 from accessing the router's local sockets (software running on the router)
iptables -I INPUT -i br1 -m state --state NEW -j DROP

#Allow br1 to access DHCP on the router
iptables -I INPUT -i br1 -p udp --dport 67 -j ACCEPT

#Allow br1 to access DNS on the router
iptables -I INPUT -i br1 -p udp --dport 53 -j ACCEPT
iptables -I INPUT -i br1 -p tcp --dport 53 -j ACCEPT


Thanks!
Sponsor
Pattagghiu
DD-WRT User


Joined: 06 Apr 2014
Posts: 50

PostPosted: Fri Jan 16, 2015 19:06    Post subject: Reply with quote
so maybe i'm wrong regarding guest network?

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=277811

no more br1 needed? no more iptables commands to lock wrong access?

_________________
--
Netgear WNDR3700 v.2 - 26081
Tp-Link TL-WR841N v.9.2- 25934
tatsuya46
DD-WRT Guru


Joined: 03 Jan 2010
Posts: 3424
Location: Winnipeg, Canada

PostPosted: Fri Jan 16, 2015 19:19    Post subject: Reply with quote
dont need iptables or br1
_________________
LATEST FIRMWARE(S) || Qualcomm Atheros Wi-Fi Settings || Qualcomm Atheros Repeating

[QUALCOMM ATHEROS] TL-WDR4900 v1.3 --> DD-WRT v3.0-r27543 (07/27/15) std (private test)
[QUALCOMM ATHEROS] DIR-862L A1 --------> DD-WRT v3.0-r27543 (07/27/15) std (private test)
[QUALCOMM ATHEROS] WNDR4300 v1 ------> DD-WRT v3.0-r27543 (07/27/15) std (private test)
▲ ACTIVE / INACTIVE ▼
[QUALCOMM ATHEROS] WNDR3700 v1 ------> DD-WRT v3.0-r27506 (07/09/15) std
[QUALCOMM ATHEROS] DIR-825 B1 ---------> DD-WRT v3.0-r27506 (07/09/15) std

BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
Pattagghiu
DD-WRT User


Joined: 06 Apr 2014
Posts: 50

PostPosted: Fri Jan 16, 2015 19:20    Post subject: Reply with quote
very good, so it's time to start again from a brand new nvram Smile
_________________
--
Netgear WNDR3700 v.2 - 26081
Tp-Link TL-WR841N v.9.2- 25934
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum