User:Fnord42
From DD-WRT Wiki
| Revision as of 23:19, 21 January 2011 (edit) Fnord42 (Talk | contribs) (setup userpage with some info on firewall and bittorrent on the router itself) ← Previous diff |
Revision as of 23:30, 21 January 2011 (edit) (undo) Fnord42 (Talk | contribs) (add note about isakmp block in the forward table) Next diff → |
||
| Line 7: | Line 7: | ||
| iptables -I INPUT 2 -i ppp0 -p tcp --dport 6881:6999 -j ACCEPT | iptables -I INPUT 2 -i ppp0 -p tcp --dport 6881:6999 -j ACCEPT | ||
| iptables -I INPUT 3 -i ppp0 -p udp --dport 6881:6999 -j ACCEPT | iptables -I INPUT 3 -i ppp0 -p udp --dport 6881:6999 -j ACCEPT | ||
| + | |||
| + | === ISAKMP/UDP 500 blocked - or why your VPN endpoint doesn't respond === | ||
| + | The build-in default firewall has a special block for UDP traffic on port 500 in the FORWARD table. This port is used for ISAKMP (key exchange for your VPN connection) and required to build up VPN connections with e.g. vpnc. So if your VPN client, in may case vpnc, bitches about an endpoint not responding you should check and maybe remove the blocking rule. | ||
| + | # Remove ISAKMP ban | ||
| + | iptables -D FORWARD -o ppp0 -p udp --dport 500 -j DROP | ||
Revision as of 23:30, 21 January 2011
Random encounters with DD-WRT v24-sp2 mega/big r14929
Here are some notes, about issue, where I consider the solution to be a bit hackish and not ready for consumption by everyone. So be aware that you should know what you're doing. FYI I'm running this on an Asus RT-N16.
Running bittorrent on the router
I'm running bittorrent directly on the router with screen + rtorrent (and libs) picked from OpenWRTs Kamikaze release. Unfortunately DD-WRTs build-in default firewall setup blocks the incoming traffic (INPUT table) in the port range 6881-6999. I consider it to be save to allow incoming traffic in that port range and would be more concerned about security issue with the torrent client and libs. So I've added two rules very much at the top of the INPUT table to allow UDP and TCP traffic on those ports comming in on the ppp0 device:
# Allow bittorrent peers iptables -I INPUT 2 -i ppp0 -p tcp --dport 6881:6999 -j ACCEPT iptables -I INPUT 3 -i ppp0 -p udp --dport 6881:6999 -j ACCEPT
ISAKMP/UDP 500 blocked - or why your VPN endpoint doesn't respond
The build-in default firewall has a special block for UDP traffic on port 500 in the FORWARD table. This port is used for ISAKMP (key exchange for your VPN connection) and required to build up VPN connections with e.g. vpnc. So if your VPN client, in may case vpnc, bitches about an endpoint not responding you should check and maybe remove the blocking rule.
# Remove ISAKMP ban iptables -D FORWARD -o ppp0 -p udp --dport 500 -j DROP