Results 1 to 5 of 5

Thread: How to block webinterface of my asus with iptables

  1. #1

    How to block webinterface of my asus with iptables

    Hi
    My post-firewall file is simple so far


    Code:
    #!/bin/sh
    iptables -D INPUT -j DROP
    iptables -A INPUT -p udp --dport 21    -j ACCEPT
    iptables -A INPUT -p tcp --dport 80    -j ACCEPT
    iptables -A INPUT -p tcp --dport 81    -j ACCEPT
    iptables -A INPUT -p tcp --dport 12000 -j ACCEPT
    iptables -A INPUT -p tcp --dport 6112 -j ACCEPT
    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to-destination
    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 6112 -j DNAT --to-destinati
    iptables -A INPUT -j DROP
    could anyone help me add a line which blocks webinterface from wireless clinets and only webinterface

  2. #2
    Join Date
    Dec 2007
    Location
    The Netherlands - Eindhoven
    Posts
    1,767
    You used the command already once: "DROP"
    usually port 80 is the webinterface... not sure what you have

    anyway, just put "DROP" instead of "ACCEPT" and you have the code:
    iptables -A INPUT -p tcp --dport 80 -j DROP
    easy

    your iptables look good btw
    however, these portforwards:
    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to-destination
    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 6112 -j DNAT --to-destinati
    are usually not needed when the service already runs on the ip-adress needed

  3. #3
    You missunderstood me

    Code:
    iptables -A INPUT -p tcp --dport 12000 -j ACCEPT
    ssh dropbear

    Code:
    iptables -A INPUT -p tcp --dport 81    -j ACCEPT
    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.1:81
    this should allow access from wan to my webserwer placed on asus apache

    Code:
    iptables -A INPUT -p tcp --dport 6112 -j ACCEPT
    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 6112 -j DNAT --to-destination 192.168.1.2:6112
    Warcraft part

    Now i need to drop connections made from WLAN to webinterface of asus (still on port 80) but ofc i want to allow surfing web on those ones

    Putting

    iptables -A INPUT -p tcp -i eth2 --doprt 80 -d 192.168.1.1 -j DROP

    doesnt change anything
    Last edited by wmzyk; 01-09-2009 at 15:45.

  4. #4
    Really no one can help me ?

  5. #5
    Join Date
    Dec 2007
    Location
    The Netherlands - Eindhoven
    Posts
    1,767
    Quote Originally Posted by wmzyk View Post
    Really no one can help me ?
    Basicly what you want is that people on the wireless lan can't connect to the webinterface?
    I'm still a bit unsure if that's possible, I need to overthink this

Similar Threads

  1. [HowTo] Install and configure Oleg's firmware
    By wengi in forum WL-500gP Tutorials
    Replies: 957
    Last Post: 22-02-2013, 23:24
  2. Шейпер с приоретизацией по портам
    By indlg0 in forum Russian Discussion - РУССКИЙ (RU)
    Replies: 65
    Last Post: 18-01-2010, 12:35
  3. wl-700ge + kamikaze/x-wrt: wie ports fьr emule/bittorrent freigeben
    By nice in forum German Discussion - Deutsch (DE)
    Replies: 2
    Last Post: 31-05-2009, 13:24
  4. MSN blocking
    By sonice in forum WL-500gP Q&A
    Replies: 5
    Last Post: 16-01-2009, 18:37

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •