Menu
What's new
By:
Filters Better Search

I need advice for firewall rule?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

B

bayern1975

Very Senior Member
hello, i am trying to create firewall rule but can`t get to work. my router lan IP address is 192.168.15.1, IPTV is set on PC with IP 192.168.15.100. so this rule is working if IPTV set on router and not working when is IPTV set on PC....
Code: 
iptables -I INPUT -p tcp -s 213.229.192.0/18 --dport 81 -j DROP
how to make a working rule for my case?
 
Rules intended for a device on your LAN must go in the FORWARD chain. The INPUT chain is only for traffic aimed at the router itself.
 
RMerlin said:
Rules intended for a device on your LAN must go in the FORWARD chain. The INPUT chain is only for traffic aimed at the router itself.
Click to expand...
do you have an example of rule or someone else?

sent from Kodi 17 Krypton
 
is this working rule?
Code: 
iptables -t nat -I VSERVER 3 -p tcp -m tcp -s
213.229.192.0/18 --dport 81 -j DNAT --to 192.168.15.1
 
What are you trying to do exactly? Your first rule was about dropping traffic, and now you posted a rule that's about NATing. That's two totally different things.
 
RMerlin said:
What are you trying to do exactly? Your first rule was about dropping traffic, and now you posted a rule that's about NATing. That's two totally different things.
Click to expand...
I know, second rule found on internet and ask here if is good or no....so i need rule to drop some IP from outside to my IPTV on PC....PC have 192.168.15.100 and router have 192.168.15.1....

sent from Kodi 17 Krypton
 
I think you may be better served by first stepping back and describing what problem you are trying to solve without assuming the form of the solution.

I have IPTV service and I need to......

without using any ip addresses or potential iptables rules.
 
john9527 said:
I think you may be better served by first stepping back and describing what problem you are trying to solve without assuming the form of the solution.

I have IPTV service and I need to......

without using any ip addresses or potential iptables rules.
Click to expand...

i have IPTV set on PC but now all IP from outside my network may access to it but i would like to access just three different IP from outside....all others have to drop or reject....IPTV runing on PC with LAN 192.168.15.100, routers LAN is 192.168.15.1......so i have no idea what rule should be used....
 
I'm surprised that it's accessible from outside of your LAN by default. Are you sure that the router firewall is enabled?
 
ColinTaylor said:
Then your PC should not be accessible from the internet unless you have some sort of port forwarding happening.
Click to expand...
i have PC lan address insert in DMZ....so all network have access to my IPTV but i need just three address to access my PC lan address....
 
If you use DMZ to your PC then firewalls rule never works. Must is to have firewall turned on (no DMZ) to get it to work.

DMZ = Initialize all the chains by removing all the rules tied to them
 
Last edited:
octopus said:
If you use DMZ to your PC then firewalls rule never works. Must is to have firewall turned on (no DMZ) to get it to work.

DMZ = Initialize all the chains by removing all the rules tied to them
Click to expand...
if i remove my IP for PC from DMZ, is there any other method to create firewall rule for my case?
 
If you remove DMZ from your PC you don't need any block rule firewall take care of it then.
 
This would block 213.229.192.0/18 (213.229.192.1 to 213.229.255.254) with DMZ off!!!
Code: 
iptables -I FORWARD -s 213.229.192.0/18 -j REJECT
 
Last edited:
i tested all this yours suggestions but not working.....problem is probably different LAN addresses, router IP is 192.168.15.1 and PC IP (IPTV) 192.168.15.100....i have no idea....
 
octopus said:
This would block 213.229.192.0/18 (213.229.192.1 to 213.229.255.254) with DMZ off!!!
Code: 
iptables -I FORWARD -s 213.229.192.0/18 -j REJECT
Click to expand...
I think you meant to say "firewall off"?

(But turning the firewall off is a really bad idea.)
 
You must log in or register to reply here.

Similar threads

T
Internet connection via ISP despite existing VPN connection in the Asus RT-AC 86U
Replies
5
Views
383
tom
T
adri
Firewall, Port Forwarding, and DoS Question
Replies
5
Views
233
adri
adri
GShlomi
Sharing my DualWan with port forwarding and DDNS experience
Replies
0
Views
438
GShlomi
GShlomi
PaulA
Port isolation on RT-AX88U-Pro (router) w/ Merlin w/ Tagged internet ISP
Replies
2
Views
1K
dacotmeister
D
H
Solved Beginners firewall question.
Replies
6
Views
1K
Henk-J
H
Similar threads
Thread starter Title Forum Replies Date
W Support ending Dec 2024 for AC3100 - Need hardware buying advice? Asuswrt-Merlin 12
staralfur12 Need help with Namecheap -> Router -> Caddy Asuswrt-Merlin 10
C Need info on bringing AC86U back to life as AIMesh unit Asuswrt-Merlin 3
P Asus aimesh node disconnects frequently, corresponding log entries recorded. Need help understanding the log. Asuswrt-Merlin 5
StrikerXXX Need help configuring NextDNS Asuswrt-Merlin 14
W Need help to resolve VPN Director issue Asuswrt-Merlin 27
F Solved Need Clarification Asuswrt-Merlin 30
D Need help Asuswrt-Merlin 1
M Need help troubleshooting on FTP Asuswrt-Merlin 0
R Need help setting up DLNA server Asuswrt-Merlin 8

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 895 (members: 28, guests: 867)
Top