Firewall Shibby build 131

Forum » Discussions / Tomato USB Modifications » Firewall Shibby build 131

Started by:

eTaurus
Date: 19 Sep 2015 20:38
Number of posts: 1

RSS: New posts

Unfold All Fold All More Options

Fold

Firewall Shibby build 131

eTaurus 19 Sep 2015 20:38

Hi, this is my first post here.

I'm running Shibby 131 AIO on an ASUS RT-N16. It's running fine with OpenVPN.

I'm also running Entware because I want to set up a little Mumble server with umurmur. Umurmur is running, I can connect from inside my LAN but am unable to open the port in the firewall. DDNS is also working, I have an account at afraid.org.

I already know that port forwarding doesn't open ports to the Internet. I inserted these lines into Adminstration - Scripts - Firewall but they don't show up in my iptables.

iptables -A INPUT -p tcp --dport 64738 -j ACCEPT
iptables -A INPUT -p udp --dport 64738 -j ACCEPT

Here is my iptables

*mangle
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-I PREROUTING -i vlan2 -j DSCP --set-dscp 0
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:WANPREROUTING - [0:0]
-A PREROUTING -d 78.70.194.6 -j WANPREROUTING
-A PREROUTING -i vlan2 -d 192.168.1.1/255.255.255.0 -j DROP
-A WANPREROUTING -p icmp -j DNAT --to-destination 192.168.1.1
-A POSTROUTING  -o vlan2 -j MASQUERADE
-A POSTROUTING -o br0 -s 192.168.1.1/255.255.255.0 -d 192.168.1.1/255.255.255.0 -j SNAT --to-source 192.168.1.1
COMMIT
*filter
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
:logdrop - [0:0]
-A logdrop -m state --state NEW -m limit --limit 60/m -j LOG --log-prefix "DROP " --log-macdecode --log-tcp-sequence --log-tcp-options --log-ip-options
-A logdrop -j DROP
:logreject - [0:0]
-A logreject -m limit --limit 60/m -j LOG --log-prefix "REJECT " --log-macdecode --log-tcp-sequence --log-tcp-options --log-ip-options
-A logreject -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -m state --state INVALID -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-N shlimit
-A shlimit -m recent --set --name shlimit
-A shlimit -m recent --update --hitcount 4 --seconds 60 --name shlimit -j logdrop
-A INPUT -p tcp --dport 22 -m state --state NEW -j shlimit
-A INPUT -i lo -j ACCEPT
-A INPUT -i br0 -j ACCEPT
-A INPUT -p udp --sport 67 --dport 68 -j ACCEPT
-A INPUT -p tcp  --dport 22 -j ACCEPT
-A INPUT -j logdrop
:FORWARD DROP [0:0]
-A FORWARD -m account --aaddr 192.168.1.0/255.255.255.0 --aname lan
-A FORWARD -i br0 -o br0 -j ACCEPT
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
:wanin - [0:0]
:wanout - [0:0]
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i vlan2 -j wanin
-A FORWARD -o vlan2 -j wanout
-A FORWARD -i br0 -j ACCEPT
COMMIT

I already did a fresh install with thorough NVRAM erase and no restoring of my old configuration.

If I remember correctly I had it working with an older version of Tomato Shibby.

Any ideas?

Kind regards

Last edited on 19 Sep 2015 20:40 by eTaurus Show more

Options

Unfold Firewall Shibby build 131 by

eTaurus, 19 Sep 2015 20:38

New Post

TomatoUSB

Unleash your router