I'm using tomato shibby 1.2.8 on an ASUS RT-N10U. Everything works good so far but now and I'm trying to set some specific rules using iptables to set the following:
I have a server, which runs on 192.168.1.2 (LAN) port 2232. Everybody from the LAN can access it. I want to make sure the server is accessible port 2232 ONLY by 192.168.1.3
I've set this rules in Administration->Scripts->Firewall:
iptables -A INPUT -p tcp —dport 2232 -s 192.168.1.3 -d 192.168.1.2 -j ACCEPT
iptables -A INPUT -p tcp —dport 2232 -d 192.168.1.2 -j DROP
The first rule should accept my client IP: 192.168.1.3 to access the server running on 192.168.1.2 port 2232, and the second rule should drop the packets that are sent by other IPs.
I've rebooted the router after I've set the changed, and I can still access my server, from other IPs. I've checked via ssh if the iptables were actually set by the web gui, and they did.
The Access Restriction does a good job in creating rules, but it looks like they are applied only to what goes through WAN. It doesn't work with restrictions inside the LAN.
Rules, shown by iptables -L
ACCEPT tcp — 192.168.1.3 192.168.1.2 tcp dpt:2232
DROP tcp — anywhere 192.168.1.2 tcp dpt:2232
I'm looking at an alternative now, like using a VLAN.
Any suggestions are appreciated.