1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Forbid access to lan to wireless clients

Discussion in 'Networking Issues' started by Mr_X, Aug 13, 2005.

  1. Mr_X

    Mr_X Network Guru Member

    I'm trying to make an iptable rule to forbid access to local network to wireless clients:

    /usr/sbin/iptables -I FORWARD 4 -i eth1 -d -j DROP
    (For info, i'm using latest beta of hyperwrt: 2.1b1, my wireless interface is eth1 and my network begin with 192.168.x.x)

    This was done via telnet.
    It doesn't work. Can someone correct this command? (It was correctly added [iptables -L] but has no effect)

    edit: should I put a rule before to accept forwarding to my router (my ethernet modem is connected is connected to the linksys but not on wan port. Modem IP is
    /usr/bin/iptables -I FORWARD 3 -d -i eth1 -j ACCEPT

    No one is able to answer me? too difficult? where could I ask such things?
  2. 4Access

    4Access Network Guru Member

    What does ifconfig show? Just a guess but I have a feeling the problem might be that by the time the FORWARD table gets the packets the input interface is seen as br0 instead of eth1. I'd be willing to bet that if you changed the rule to use br0 instead of eth1 it would work. Of course that would also prevent any of your LAN clients from communicating with each other... still the results of using br0 would be useful for reference. Maybe you could try it and post the results?

    :???: Definitely an interesting question! I might try to dig up some more info on this.

    Let us know if you make any progress.

Share This Page