1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IPTABLES to block access to LAN IP

Discussion in 'Tomato Firmware' started by mikester, Jan 27, 2011.

  1. mikester

    mikester Network Guru Member

    I'm trying to use IPTABLES to block access from a LAN IP to another LAN IP

    iptables -I FORWARD -d 192.168.2.250 -j DROP

    I've tried it both from the firewall and directly in the shell but it doesn't seem to work - I can still ping the address.

    Any suggestions as to where I'm going wrong?
     
  2. mstombs

    mstombs Network Guru Member

    LAN to LAN traffic is handled in hardware by the switch, the kernel doesn't get a chance to filter. You could configure the switch into vlans - but its a lot of manual configuration in Tomato.
     
  3. mikester

    mikester Network Guru Member

    You mean to assign VLAN's to each port and filter that way?

    I am using WDS between two routers and want to block traffic to certain IP's on the second router. BTW I am connecting with two GL's ... just checking out your post
    http://www.linksysinfo.org/forums/showthread.php?t=54665
     
  4. mstombs

    mstombs Network Guru Member

    Comments about switch vlans not too relevant with wireless - those lan connections must be virtual via firmware - but maybe buried deep in wireless drivers.

    I guess that test router still has unused second wan port...

    There have been posts describing how to use dnsmasq to allocate different lan ranges to specific devices - that would also ensure the routing has to be handled by the kernel and not switch I guess.
     

Share This Page