service fixtables start
Start service "fixtables" (/opt/etc/init.d/S94fixtables)
service: Start service: "fixtables" (/opt/etc/init.d/S94fixtables)
S94fixtables: creating firewall fix in /tmp/etc/config using the file fixtables.wanup
/opt/etc/init.d/S94fixtables: line 149: /opt/usr/sbin/iptables-save: not found
service fixtables start
Start service "fixtables" (/opt/etc/init.d/S94fixtables)
service: Start service: "fixtables" (/opt/etc/init.d/S94fixtables)
S94fixtables: creating firewall fix in /tmp/etc/config using the file fixtables.wanup
/opt/etc/init.d/S94fixtables: line 149: /opt/usr/sbin/iptables-save: not found
'iptables-save' should be there....
Check it please before you download it again....
It's only a symlink to 'iptables'.
I modified the fixtables script a bit, so it will create the symlink if it is missing.
redownload that script and try again... _________________ Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge
_________________ Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge
I have 3 branches and 3 subnets on a wrt54-tm on my gateway.
br3 is reserved for vlan3 when I need it, but its not being used.
Let me know if you need more detail on the configuration of my router. I am using build DD-WRT v24-sp2 (08/12/10) std-nokaid
(SVN revision 14929) _________________ WRT54G-TM (Gateway) std-nokaid-build 14929
WRT54G-TM (Repeater) mini-nokaid-build 13525
WRT54G v4 (Client Bridge) mini-nokaid-build 13525
nvram show 2>/dev/null | grep 'br[0123]'
nvram show 2>/dev/null | grep '192\.168\.[1234]\.' | grep -vE '(forward|static|lease)'
nvram get rc_firewall
and any info you think I may need..
I assume the system creates these rules and IP's for your firewall or are they created with the CLI?? _________________ Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge
The firewall rules are applied in the gui using phuzi0n guide.
The gateway is connected to a adsl bridged modem with the dd-wrt gateway doing the pppoe.
I clean a lot of pc's with viruses. That is why i have the firewall rules setup the way they are so my home network is safe when I work on infected pc's.
MOD EDIT: FIRST PICTURE DELETED. See forum rules on picture sizes. Picts this size f up the entire thread and make it unreadable.
Ok, thanks....
I thought I needed to do some special handling, but it now seems DD-WRT itself isn't doing anything there and you already need to do it all by hand. _________________ Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge
Frater, each interface has a "Masquerade / NAT" option (nvram show | grep _nat) associated with it that controls loopback but the nvram variables for these options are still set even when the interfaces are added to bridges. Bridges themselves don't have this option and don't seem to get masquerade rules but some people do want it. ie. Good luck trying to figure out the mess of nvram variables...
I suggest cutting the interface names out of the packet type = broadcast rules that are created for every interface that might need masquerading and then adding a masquerade rule. You might want to go a step further and check the [cut interface name]_nat nvram variable to decide whether to masquerade or not.
-A POSTROUTING -o vlan5 -m pkttype --pkt-type broadcast -j RETURN _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
'iptables-save' should be there....
Check it please before you download it again....
It's only a symlink to 'iptables'.
I modified the fixtables script a bit, so it will create the symlink if it is missing.
redownload that script and try again...
I did and it works now. iptables-save did not exist however before running the new script
I think I'm going to leave it like this.
Only if my current script would do things wrong in a multiple bridge, I would have done something with it...
I prefer to have no 'fixtables' and let DD-WRT handle all.
Every time I propose a better webif for NAT / firewalling there's a wiseguy saying we have iptables for this. I guess they think it makes them feel better somehow. I can probably do more with a CLI then they ever will.
Juniper makes professional routers that can be managed with a well designed webif. The DD-WRT interface is becoming embarrassing. I'm talking about the part that controls port forwarding.
You can't even make a simple SMTP-block for outgoing traffic. _________________ Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge
Posted: Sat Dec 04, 2010 20:51 Post subject: Can anyone confirm...
Can anyone confirm than the DNS rebind protection is broken in this build?
Thanks! _________________ NETGEAR R9000 DD-WRT v3.0-r45192 std (12/29/20) (ROUTER)
NETGEAR ORBI Stock FW V2.7.2.102 (MESH)
WRT3200ACM (BS Build Usually) (BACKUP)
