Default NAT Table

[Denna]

With a default installation of Asuswrt-Merlin 380.65 beta, the following appears in the nat table.

*nat
: PREROUTING ACCEPT [357:18846]
:INPUT ACCEPT [329:17359]
:OUTPUT ACCEPT [81:6862]
: POSTROUTING ACCEPT [81:6862]
: DNSFILTER - [0:0]
:LOCALSRV - [0:0]
: PCREDIRECT - [0:0]
: PUPNP - [0:0]
:VSERVER - [0:0]
:VUPNP - [0:0]
-A PREROUTING -d 192.168.42.94/32 -j VSERVER
-A POSTROUTING ! -s 192.168.42.94/32 -o usb0 -j MASQUERADE
-A POSTROUTING -m mark --mark 0x8000/0x8000 -j MASQUERADE
-A VSERVER -j VUPNP​

What are the following chains for ?

: DNSFILTER - [0:0]
:LOCALSRV - [0:0]
: PCREDIRECT - [0:0]
: PUPNP - [0:0]
:VSERVER - [0:0]
:VUPNP - [0:0]​

What do each of the iptables rules accomplish ?

 

[ColinTaylor]

https://www.snbforums.com/threads/default-filter-table.37064/

 

[Denna]

If I don't need support for virtual servers can these rules be removed ?

-A PREROUTING -d 192.168.42.94/32 -j VSERVER
-A VSERVER -j VUPNP​

After reading up on the MASQUERADE target, it appears this is for DHCP connections. Is that the DHCP connection for the WAN port or the clients ?

What are these rules for ?

-A POSTROUTING ! -s 192.168.42.94/32 -o usb0 -j MASQUERADE
-A POSTROUTING -m mark --mark 0x8000/0x8000 -j MASQUERADE​

 

[Denna]

Unless I'm not understanding their purpose correctly, I don't think I'll be using VUPNP and VSERVER.

How do you remove the following rules from the NAT table ?

-A PREROUTING -d 192.168.42.94/32 -j VSERVER
-A VSERVER -j VUPNP
​

Less rules, less overhead, correct ?

 

[RMerlin]

Unless I'm not understanding their purpose correctly, I don't think I'll be using VUPNP and VSERVER.

How do you remove the following rules from the NAT table ?

-A PREROUTING -d 192.168.42.94/32 -j VSERVER
-A VSERVER -j VUPNP
​

Less rules, less overhead, correct ?

The time spent removing these rules would be higher than the microseconds saved by not having them present. And you're less likely to break things if you don't touch any chain that is expected by the OS to be in place.

 

[Denna]

RMerlin,

Whenever I've posted custom rules, the comments usually end up involving trimming unused rules. Since the overhead will be minimal, the rules stay.

Thanks for the response.​

 

[RMerlin]

RMerlin,

Whenever I've posted custom rules, the comments usually end up involving trimming unused rules. Since the overhead will be minimal, the rules stay.

Thanks for the response.​

When you are writing the rules and have full control over them, yes, it makes sense to optimize them. But when dealing with rules being automatically generated by a device, the risk of breaking something far outweighs any potential performance gain you might get.