Ryfujk

How can I be pwned if I'm not registered on the compromised site?

Is it possible to make a clamp function shorter than a ternary in JS?

Book about a time-travel war fought by computers

Where is the line between being obedient and getting bullied by a boss?

Is there a legal poaching?

Plagiarism of code by other PhD student

Is it possible to convert a suspension fork to rigid by drilling it?

Graphing random points on the XY-plane

Is divide-by-zero a security vulnerability?

What are the issues with an additional (limited) concentration slot instead of Bladesong?

For a 1-action spell, do I need to take a turn to ready the spell before I can cast it, or can I cast it immediately?

Called into a meeting and told we are being made redundant (laid off) and "not to share outside". Can I tell my partner?

How to mitigate "bandwagon attacking" from players?

How to substitute values from a list into a function?

How do you say "powers of ten"?

Is the withholding of funding notice allowed?

What happened to QGIS 2.x LTR?

Why doesn't Object.keys return a keyof type in TypeScript?

School performs periodic password audits. Is my password compromised?

Canadian citizen, on US no-fly list. What can I do in order to be allowed on flights which go through US airspace?

Roots of 6th chords on the guitar for different inversions/voicings

How to lift/raise/repair a segment of concrete slab?

Are there any other Chaos-worshipping races?

Inverse of the covariance matrix of a multivariate normal distribution

block access to wrt from vlan using iptables dd-wrt

iptables rules to block ssh remote forwarded portsForward port ip on seprate vlan dd-wrtiptables rule to block incoming/outgoing traffic to a Xen containerHow do I configure iptables in DD-WRT to block Skype on br1 only?Iptables port forwarding for specific host dd-wrt/tomatoIPtables on Linux for mysql server private interfaceConfiguring iptables on dd-wrt routerCentos 7 , Master-slave replication iptables?blocked ips not showing up in iptables chainsIptables domain access

0

I set up multiple isolated vlans in dd-wrt. Now I need to forward a port to vlan2.

I isolated the vlans using:

iptables -I FORWARD -i br0 -o vlan2 -j DROP

iptables -I FORWARD -i br0 -o vlan3 -j DROP

iptables -I FORWARD -i br0 -o vlan4 -j DROP

Now I need to block a clients on each vlan from accessing the router.

This doesn't work:

iptables -I INPUT -i br0 -o vlan2 --dport telnet -j REJECT --reject-with tcp-reset

I'm new it iptables... am I missing something?

iptables router

share|improve this question

asked Apr 20 '11 at 13:11

NitroxDMNitroxDM

40511026

bumped to the homepage by Community♦ 11 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

add a comment | 

0

I set up multiple isolated vlans in dd-wrt. Now I need to forward a port to vlan2.

I isolated the vlans using:

iptables -I FORWARD -i br0 -o vlan2 -j DROP

iptables -I FORWARD -i br0 -o vlan3 -j DROP

iptables -I FORWARD -i br0 -o vlan4 -j DROP

Now I need to block a clients on each vlan from accessing the router.

This doesn't work:

iptables -I INPUT -i br0 -o vlan2 --dport telnet -j REJECT --reject-with tcp-reset

I'm new it iptables... am I missing something?

iptables router

share|improve this question

asked Apr 20 '11 at 13:11

NitroxDMNitroxDM

40511026

bumped to the homepage by Community♦ 11 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

add a comment | 

I set up multiple isolated vlans in dd-wrt. Now I need to forward a port to vlan2.

I isolated the vlans using:

iptables -I FORWARD -i br0 -o vlan2 -j DROP

iptables -I FORWARD -i br0 -o vlan3 -j DROP

iptables -I FORWARD -i br0 -o vlan4 -j DROP

Now I need to block a clients on each vlan from accessing the router.

This doesn't work:

iptables -I INPUT -i br0 -o vlan2 --dport telnet -j REJECT --reject-with tcp-reset

I'm new it iptables... am I missing something?

iptables router

share|improve this question

asked Apr 20 '11 at 13:11

NitroxDMNitroxDM

40511026

iptables -I FORWARD -i br0 -o vlan2 -j DROP

iptables -I FORWARD -i br0 -o vlan3 -j DROP

iptables -I FORWARD -i br0 -o vlan4 -j DROP

iptables -I INPUT -i br0 -o vlan2 --dport telnet -j REJECT --reject-with tcp-reset

share|improve this question

asked Apr 20 '11 at 13:11

NitroxDMNitroxDM

40511026

share|improve this question

asked Apr 20 '11 at 13:11

NitroxDMNitroxDM

40511026

asked Apr 20 '11 at 13:11

NitroxDMNitroxDM

40511026

asked Apr 20 '11 at 13:11

NitroxDMNitroxDM

40511026

1 Answer
1

active

oldest

votes

0

If you want the client to not access the router, you can't use -o. In addition, if you want to use --dport, you must specify the protocol. So, do it like this:

iptables -I INPUT -i br0 -p tcp --dport telnet -j REJECT --reject-with tcp-reset

-o is used only if you want to apply the rule to a packet passing the router.

share|improve this answer

answered Apr 21 '11 at 2:34

pepoluanpepoluan

3,98523259

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  How do I specify vlan2 with out using -0?
  
  – NitroxDM
  May 17 '11 at 15:31
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @NitroxDM have you tried iptables -I INPUT -i vlan2 __rest_of_rule__ ?
  
  – pepoluan
  May 18 '11 at 5:19
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f261720%2fblock-access-to-wrt-from-vlan-using-iptables-dd-wrt%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

0

If you want the client to not access the router, you can't use -o. In addition, if you want to use --dport, you must specify the protocol. So, do it like this:

iptables -I INPUT -i br0 -p tcp --dport telnet -j REJECT --reject-with tcp-reset

-o is used only if you want to apply the rule to a packet passing the router.

share|improve this answer

answered Apr 21 '11 at 2:34

pepoluanpepoluan

3,98523259

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  How do I specify vlan2 with out using -0?
  
  – NitroxDM
  May 17 '11 at 15:31
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @NitroxDM have you tried iptables -I INPUT -i vlan2 __rest_of_rule__ ?
  
  – pepoluan
  May 18 '11 at 5:19
  

  
  
  
  

add a comment | 

0

If you want the client to not access the router, you can't use -o. In addition, if you want to use --dport, you must specify the protocol. So, do it like this:

iptables -I INPUT -i br0 -p tcp --dport telnet -j REJECT --reject-with tcp-reset

-o is used only if you want to apply the rule to a packet passing the router.

share|improve this answer

answered Apr 21 '11 at 2:34

pepoluanpepoluan

3,98523259

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  How do I specify vlan2 with out using -0?
  
  – NitroxDM
  May 17 '11 at 15:31
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @NitroxDM have you tried iptables -I INPUT -i vlan2 __rest_of_rule__ ?
  
  – pepoluan
  May 18 '11 at 5:19
  

  
  
  
  

add a comment | 

If you want the client to not access the router, you can't use -o. In addition, if you want to use --dport, you must specify the protocol. So, do it like this:

iptables -I INPUT -i br0 -p tcp --dport telnet -j REJECT --reject-with tcp-reset

-o is used only if you want to apply the rule to a packet passing the router.

share|improve this answer

answered Apr 21 '11 at 2:34

pepoluanpepoluan

3,98523259

iptables -I INPUT -i br0 -p tcp --dport telnet -j REJECT --reject-with tcp-reset

share|improve this answer

answered Apr 21 '11 at 2:34

pepoluanpepoluan

3,98523259

answered Apr 21 '11 at 2:34

pepoluanpepoluan

3,98523259

answered Apr 21 '11 at 2:34

pepoluanpepoluan

3,98523259