Thank you RMerlin!Asus broke it in 374_4887. They changed the ebtables command getting applied, and the new one results in an error due to a missing parameter:
Code:admin@stargate4:/tmp/home/root# ebtables -t broute -A BROUTING -i wl0.1 --ip-dst 192.168.1.0/24 --ip-proto tcp -j DROP For IP filtering the protocol must be specified as IPv4.
I see similar changes to various other BROUTING entries, so I suspect this was a bad search/replace job that ended up modifying that rule when it shouldn't have been.
Thank you RMerlin!
Just curious...does this error or similar ones go to any log file?
Didn't see it on the System Log at least.
Quick question...
If the problem was introduced by Asus in 374_4887, would there be a previous version of your FW that I could use until you release the fix?
Or would that be a bad idea (due to some other known issues)?
When you test you have to logout your wifi client every change you do.
A guest isn't logged in to intranet first and after get blocked from it.
Testing this rule, first put it in firewall-start then you hit apply.
Firewall restart and wifi client gets disconnected and connect again. logout/login therefor it also working.
Code:ebtables -t broute -A BROUTING -p IPv4 -i wl0.1 --ip-dst 192.168.1.0/24 --ip-proto tcp -j DROP
ebtables -t broute -A BROUTING -p IPv4 -i wl0.1 --ip-dst 10.0.0.0/24 --ip-proto tcp -j DROP
Just add the rule manually with a script as posted in a previous message.
Is there a tutorial somewhere? I briefly had an RT-N66W a couple of months ago and I remember your firmware had a command line tab, can I enter and apply the rules from there?
#!/bin/sh
chmod a+rx /jffs/scripts/*
#!/bin/sh
ebtables -t broute -A BROUTING -p IPv4 -i wl0.1 --ip-dst [my router's IP address] --ip-proto udp --ip-dport 67 -j ACCEPT
ebtables -t broute -A BROUTING -p IPv4 -i wl0.1 --ip-dst [my router's IP address] --ip-proto udp --ip-dport 53 -j ACCEPT
ebtables -t broute -A BROUTING -p IPv4 -i wl0.1 --ip-dst [my router's IP address] --ip-proto tcp --ip-dport 53 -j ACCEPT
ebtables -t broute -A BROUTING -p IPv4 -i wl0.1 --ip-dst [my /24 subnet] -j DROP
#!/bin/sh
ebtables -t broute -F
ebtables -t broute -A BROUTING -p IPv4 -i wl0.1 --ip-dst `nvram get lan_ipaddr`/32 --ip-proto udp --ip-dport 67 -j ACCEPT
ebtables -t broute -A BROUTING -p IPv4 -i wl0.1 --ip-dst `nvram get lan_ipaddr`/32 --ip-proto udp --ip-dport 53 -j ACCEPT
ebtables -t broute -A BROUTING -p IPv4 -i wl0.1 --ip-dst `nvram get lan_ipaddr`/32 --ip-proto tcp --ip-dport 53 -j ACCEPT
ebtables -t broute -A BROUTING -p IPv4 -i wl0.1 --ip-dst `nvram get lan_ipaddr`/24 -j DROP
The preceding rules allow DNS lookups. If I just add the last rule, how will the Guest clients resolve hostnames since DHPC is assigning them a namserver host address of the router?
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!