![]() ![]() ![]() Vlan1 is the WAN port (K24 Only) or the 4 LAN ports (K26 and K3.x) (ppp0 is the WAN interface when PPPoE is used)īr0 is a bridge connecting the 4 LAN and the WIFI together When using the -i or -o to define the physical interfaces, remember that by default: set-counters PKTS BYTES set the counter during insert/append modprobe= try to insert modules using this command fragment -f match second or further fragments only exact -x expand numbers (display exact values) line-numbers print line numbers when listing table -t table table to manipulate (default: `filter') numeric -n numeric output of addresses and ports Match when the TCP flags are as specified: Target for rule (may load target extension) Source port (use `:' when specifying range) A "!" argument before the address specification inverts the Specifying the number of 1's at the left side of the network mask. Note: ppp0 is the WAN interface when PPPoE is used. This information is from IPv6 page and quoted here: "The detailed configuration steps are targeted toward users with a basic DHCP connection for the WAN part. So, if using PPPoE will require replacing vlan1 with ppp0 in each instance. Tip: To list the network interfaces on the router use 'ifconfig' on the command line. The main tables we are concerned with are the "filter" table and the "nat" table. The filter table is default and this includes chains like INPUT, OUTPUT, and FORWARD. The nat table is for Network Address Translation and it includes the PREROUTING and POSTROUTING chains. INPUT is for packets destined to or entering the router's local sockets. OUTPUT is for packets sourced from or leaving the router's local sockets.įORWARD is for packets being forwarded through the router (e.g. packets not necessarily destined for local sockets). Logdrop - packets are dropped and logged to /tmp/var/log/messages Logaccept - packets are accepted and logged to /tmp/var/log/messages REJECT - packets are rejected/denied (Router DOES send a response back) POSTROUTING is for manipulating packets after they are routed.ĭROP - packets are dropped/denied (Router does NOT send a response back) PREROUTING is for manipulating packets before they are routed. Logreject - packets are rejected and logged to /tmp/var/log/messagesĭNAT is for altering packet's destination address. ![]() trigger-relate ] (a port or range of ports to open on the inbound side) trigger-match ] (a port or a range of ports which the outbound connection uses) trigger-proto (if this option is not specificed the default is all) The trigger target has additional options which must appear immediately after it on the command line TRIGGER - dynamically redirect input ports based on output traffic (aka port triggering) SNAT is for altering packet's source address. (Take note, chains are to be typed in caps as shown!)įirst I want to view the rules on my INPUT chain, this is the first chain I think examples are the best way to demonstrate the use of iptables. You will find that it is really slow to list all many rules after you enter the above iptables command since it is doing reverse DNS lookups to convert IP addresses to host names. You can add -n option to only see numerical addresses. To get a more detailed list with actual IP numbers and packet counts for each rule do this. ![]()
0 Comments
Leave a Reply. |