iptables

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. r000t

    Hardcoded Google DNS IPTABLES rule

    hi, I have GT-AXE16000 with Merlin's 3004.388.8_2 FW, and recently I figured out that Netflix app on my LG smart TV doesnt want to use my Adguard DNS and sends DNS requests directly to 8.8.8.8. Somehow DNS Director works bad with my setup, so I blocked 8.8.8.8 using Network Services Filter...
  2. T

    Internet connection via ISP despite existing VPN connection in the Asus RT-AC 86U

    Hello At the moment I occasionally have the problem with the Asus RT-AC 86U (Merlin 386.14) that although the ovpn connection is running in the router, the ISP IP is displayed on the PC (Linux Mint 21.3) during the IP check (https://www.dein-ip-check.de). If I then restart the connection in the...
  3. M

    AdGuardHome IPTables blocking TLS port 853 from other hosts

    While testing out an AdGuard Home instance on a Docker container, it failed to reach upstream TLS servers. Upon closer inspection, I traced the packets back to the AX86U router IPTables. There is a chain called "DNSFILTER_DOT" that is blocking any packet on port 853 that is not destined for...
  4. U

    IPtable entries not saving?

    to expand on the title, I keep making rules however when I go to check them they arent there. Are they being overwritten by AMTM scripts? I can list what I have installed if this is a possibility
  5. Z

    wgclient-start with iptables nat rules after router reboot

    I have a wgclient-start (and its wgclient-stop counterpart) with some iptables rules to modify a nat. It works as expected when enabling/disabling wg client. However, after router (RT-AX86U with 388.2_2) reboot, all iptables rules set by the script are missing though the script has been...
  6. dacid44

    Routing packets through a wireguard client

    This might just be an iptables thing, but I can't figure it out. Short version: I'm trying to forward packets from a VPS to the router over wireguard (router is client) and forward them to the correct device on the LAN. I have a setup that I'm trying to carry over from my old DD-WRT router...
  7. J

    Allowing just one device to subnet (iptables or Network Services Filter?)

    Due to my ISP forcing me to use their router if I want to use their bundled VOIP service, since upgrading to FTTP I now have to have my ASUS sitting behind my ISP's router. Annoyingly they don't allow their router to run in a bridged mode. As much as I can I have tried to make it a native...
  8. lluke

    No internet on clients after firewall restart (WG, Unbound, YazFi)

    Hi all, on my 2 RT-AC86U whenever I face a connectivity re-connect (also done from the scmerlin add-on Internet Connection restart action) or a VPN change (e.g., updating and saving the IPSec VPN Server config) restart the firewall then every service on the router is properly working (Unbound...
  9. savage75

    Asuswrt official iptables-save not saving changes permanently

    Hi folks! Trying to set a rule on iptables for nat permanently but no luck ? iptables -t nat -A POSTROUTING -s 10.2.0.0/24 -o br0 -j MASQUERADE I tried using iptables-save -t nat or just iptables-save but still no success and every changes will disappear after restarting ?? any ideas how I...
  10. W

    Restricting access to OpenVPN server via iptables

    Hi! I’m allowing access to my OpenVPN server only for predefined ipset via rewriting existing iptables rules using openvpn-event user script. What I’m currently doing: in openvpn-event I’m rewriting standard openvpn rule like: if iptables -C INPUT -p $proto -m $proto --dport $server_port -j...
  11. J

    Skynet Rule integrity violation & mounted files missing

    I’ve been having all sorts of issues with SkyNet lately — not sure what’s going on. Can someone assist me with the above error message? Please & thank you.
  12. D

    Why does DNSFilter use the mangle table for IPv6?

    It looks like it's been this way forever, but why does DNSFilter use the mangle table to drop IPv6 traffic? Generally, the mangle table is only for mangling packet headers, not dropping them. Seems this would be better suited for the filter table. Probably a moot point with newer routers...
  13. J

    IPTables allow access to specific ports from tun21 to new bridge

    Hi, I have an Asus RT-AX58U with Merlin. Thanks to another post in this forum, I managed to create a new bridge (br100), and isolate it from my LAN (br0). I managed to allow only specific traffic from br0 to br100. It works fine. But, yesterday, I realized that while I'm connected through VPN...
  14. J

    iptables - grant access to a specific IP only to one user

    Hi! I'm new here, I just installed Asuswrt-merlin on my RT-AX58U. I've configured OpenVPN and everything is working fine, I created multiple users and assigned static IPs using this guide. Now, I would like to configure some rules using iptables to achieve this: - Only two users can access the...
  15. Phantomski

    Port Forwarding and Skynet firewall ruleset

    Hi everyone, playing a bit with log management / analysis and potential feedback loop to live firewall rules. Call it a poor man tinkerer IDS/IPS :D I have a fairly simple setup with RT-AC88U (with Skynet) using port forwarding rules on ports 80 and 443, redirecting to a Docker-ised rPi4...
  16. adri

    YazFi YazFi - Combining guest networks/subnets

    Hi, so this came up in my other thread, but I wanted to start a new one since it's a separate issue and I like separation of concerns :) . I want to make it so that, for one of my guest networks, the 2.4GHz segment (.14 subnet) can talk to the 5GHz segment (.15 subnet) and vice-versa, without...
  17. gspannu

    [Help] DNS Forwarding, User scripts, Launching at startup

    Some help needed in creating scripts and firewall rules… Requirement: R1) I wish to run my own dnsproxy server at port 53535 (installed at /jiffs/dnsproxy/dnsproxy). This is a opensource software available on Gthub known as dnsproxy. I have tested this on the Asus Router and it has been running...
  18. C

    Firewall Rules - Block all connections except VPN

    I am currently using an ASUS router (RT-AC68U with Merlin firmware - 386.4). I want to connect a single client to an OpenVPN server with no traffic other than the VPN allowed. I don't want to use the OpenVPN client in the router as speeds are low when using the VPN, so I'm looking to use an...
  19. B

    How to restrict guest network intranet to SSH & http only?

    So some background first on what I'm doing. I have an Asus AC66U running ASUSWRT-merlin (380.70). My main home network is running on 192.168.1.xxx/24 I'm planning to engage a freelance dev on fiverr to do some dev work for me, to interface with an industrial device using my raspberry pi. To...
  20. garycnew

    Solved [SOLUTION] Asuswrt-Merlin 384.19 PortForwarding Not Working To Private Gateway Address

    All: I've run into an issue on Asuswrt-Merlin 384.19 where creating a PortForward through Advance Settings > WAN > Virtual Server/PortForwarding creates the following iptables (but are not working): iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT iptables -A VSERVER -p tcp -m tcp...
Top