Firewall Shibby build 131
Hi, this is my first post here.
I'm running Shibby 131 AIO on an ASUS RT-N16. It's running fine with OpenVPN.
I'm also running Entware because I want to set up a little Mumble server with umurmur. Umurmur is running, I can connect from inside my LAN but am unable to open the port in the firewall. DDNS is also working, I have an account at afraid.org.
I already know that port forwarding doesn't open ports to the Internet. I inserted these lines into Adminstration - Scripts - Firewall but they don't show up in my iptables.
iptables -A INPUT -p tcp --dport 64738 -j ACCEPT
iptables -A INPUT -p udp --dport 64738 -j ACCEPT
Here is my iptables
*mangle
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-I PREROUTING -i vlan2 -j DSCP --set-dscp 0
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:WANPREROUTING - [0:0]
-A PREROUTING -d 78.70.194.6 -j WANPREROUTING
-A PREROUTING -i vlan2 -d 192.168.1.1/255.255.255.0 -j DROP
-A WANPREROUTING -p icmp -j DNAT --to-destination 192.168.1.1
-A POSTROUTING -o vlan2 -j MASQUERADE
-A POSTROUTING -o br0 -s 192.168.1.1/255.255.255.0 -d 192.168.1.1/255.255.255.0 -j SNAT --to-source 192.168.1.1
COMMIT
*filter
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
:logdrop - [0:0]
-A logdrop -m state --state NEW -m limit --limit 60/m -j LOG --log-prefix "DROP " --log-macdecode --log-tcp-sequence --log-tcp-options --log-ip-options
-A logdrop -j DROP
:logreject - [0:0]
-A logreject -m limit --limit 60/m -j LOG --log-prefix "REJECT " --log-macdecode --log-tcp-sequence --log-tcp-options --log-ip-options
-A logreject -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -m state --state INVALID -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-N shlimit
-A shlimit -m recent --set --name shlimit
-A shlimit -m recent --update --hitcount 4 --seconds 60 --name shlimit -j logdrop
-A INPUT -p tcp --dport 22 -m state --state NEW -j shlimit
-A INPUT -i lo -j ACCEPT
-A INPUT -i br0 -j ACCEPT
-A INPUT -p udp --sport 67 --dport 68 -j ACCEPT
-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -j logdrop
:FORWARD DROP [0:0]
-A FORWARD -m account --aaddr 192.168.1.0/255.255.255.0 --aname lan
-A FORWARD -i br0 -o br0 -j ACCEPT
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
:wanin - [0:0]
:wanout - [0:0]
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i vlan2 -j wanin
-A FORWARD -o vlan2 -j wanout
-A FORWARD -i br0 -j ACCEPT
COMMIT
I already did a fresh install with thorough NVRAM erase and no restoring of my old configuration.
If I remember correctly I had it working with an older version of Tomato Shibby.
Any ideas?
Kind regards