Make WAN address always respond as such (iptables rules?)

Andrew Jorgensen andrew.jorgensen at gmail.com
Tue Jan 23 08:35:24 MST 2007


On 1/22/07, Shane Hathaway <shane at hathawaymix.org> wrote:
> What does iptables -L tell you?  Do the forwarding rules specify an
> --in-interface (-i)?  Maybe you can just eliminate that part of the
> conditions.

This is pretty much the default state on OpenWRT with a couple of
ports accepted and a couple forwarded:

# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere            state INVALID
ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED
DROP       tcp  --  anywhere             anywhere            tcp
option=!2 flags:SYN/SYN
input_rule  all  --  anywhere             anywhere
LAN_ACCEPT  all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     gre  --  anywhere             anywhere
REJECT     tcp  --  anywhere             anywhere
reject-with tcp-reset
REJECT     all  --  anywhere             anywhere
reject-with icmp-port-unreachable

Chain FORWARD (policy DROP)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere            state INVALID
TCPMSS     tcp  --  anywhere             anywhere            tcp
flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED
forwarding_rule  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain LAN_ACCEPT (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy DROP)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere            state INVALID
ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED
output_rule  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     tcp  --  anywhere             anywhere
reject-with tcp-reset
REJECT     all  --  anywhere             anywhere
reject-with icmp-port-unreachable

Chain forward_vlan1 (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             joshua

Chain forwarding_rule (1 references)
target     prot opt source               destination
forward_vlan1  all  --  anywhere             anywhere

Chain input_rule (1 references)
target     prot opt source               destination
input_vlan1  all  --  anywhere             anywhere

Chain input_vlan1 (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            multiport
dports 80,5010

Chain output_rule (1 references)
target     prot opt source               destination



More information about the PLUG mailing list