Menu
What's new
By:
Filters Better Search

Tricky iptables question

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

M

Maude

Occasional Visitor
Hello,

I have these lines in my firewall script that permits some ip's to get to the website but denies others based on countries and such (ipset sets)...

Code: 
in the nat table: 
-A PREROUTING -d xxx.15.207.xxx/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.25:80

in the filter table:
-A FORWARD -m conntrack --ctstate DNAT -m set --match-set BlockedCountries src -j DROP

Would using matchset DIRECTLY on the PREROUTING chain work ?

It would give something like this:
Code: 
-A PREROUTING -d xxx.15.207.xxx/32 -p tcp -m tcp --dport 80 -m set --match-set BlockedCountries src -j DNAT --to-destination www,xxx,yyy,zzz:80
-A PREROUTING -d xxx.15.207.xxx/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.0.25:80
 
I just answered my own question ! I works !

Code: 
iptables -t nat -I PREROUTING -d `nvram get wan0_ipaddr`/32 -p tcp -m tcp --dport 80 -m set --match-set Whitelist src -j DNAT  --to-destination 184.150.153.221:80

With this, I get redirected to Google homepage because I'm in the Whitelist !

YAY Maude !
 
You must log in or register to reply here.

Similar threads

G
VPN Client with Public IP, split tunnel web server over VPN and other traffic not on the VPN
Replies
4
Views
808
Grefyne
G
H
Port Forwarding Over WireGuard Connection?
2
Replies
22
Views
3K
houmi
houmi
GShlomi
Sharing my DualWan with port forwarding and DDNS experience
Replies
0
Views
435
GShlomi
GShlomi
H
WireGuard DNS Traffic From All Clients Sent Over First WireGuard Client Connection
Replies
7
Views
2K
HarryMuscle
H
Acru
Bug Report: nvram chilli_enable=1 when guest network is removed causes no routing to occur
Replies
2
Views
1K
Acru
Acru
Similar threads
Thread starter Title Forum Replies Date
r000t Hardcoded Google DNS IPTABLES rule Asuswrt-Merlin 6
F Understanding IPTABLES - asus ROG ax6000 Asuswrt-Merlin 17
SkierInAvon Asus Merlin - iptables command (not working?) Asuswrt-Merlin 8
v.y.k iptables pkts & bytes numbers are too low on Merlin 3004.388 Asuswrt-Merlin 13
M iptables module rateest - loadbalancing split over Asuswrt-Merlin 0
A Entware iptables no chain/target/match and tcpdump problems Asuswrt-Merlin 3
P Basic question on usericon files Asuswrt-Merlin 0
E Question about DDNS forced update interval RT-AX86U Asuswrt-Merlin 3
octopus Wireguard question Asuswrt-Merlin 6
O service-event-end question Asuswrt-Merlin 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 750 (members: 28, guests: 722)
Top