1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.


Discussion in 'Tomato Firmware' started by linkmaniac, Oct 23, 2011.

  1. linkmaniac

    linkmaniac Networkin' Nut Member

    Hello all,
    I m trying to configure the iptables in tomato in order to setup a dmz. I m really stuck on this because i can`t even pass a script in tomato. When I put a rule or a policy in the firewall window should after "save" change the iptables, right?
    After entering a command and clicking "save" or even rebooting nothing has changed (checking with telnet to my router (wrt54gs) and giving "iptables --list"). Everything is like before. I even tried with WinSCP to edit the iptables directly in /etc but nothing happens. I` ve tried shibby and toastman mods without success. Am I doing something wrong or am I missing something?

    Thanks in advance!
  2. kthaddock

    kthaddock Network Guru Member

  3. linkmaniac

    linkmaniac Networkin' Nut Member

    "Iptables writes in: Administration => Scripts => Firewall If you want more here is a link:
    Yes, this is where i mean, but nothing seems to happen.

    "Dmz can you find: Porforwarding => DMZ no need to write iptables."
    I do not to create an insecure zone, I want to forward only some ports.
  4. kthaddock

    kthaddock Network Guru Member

    You have to elborate what you want you do, port, ip, tcp,udp and so onw.
  5. linkmaniac

    linkmaniac Networkin' Nut Member

    I don t rember exactly, I ve tried several times commands like these:
    iptables -I INPUT -p tcp --source-port 67 --destination-port 68 -i vlan1 -j ACCEPT
    iptables -P OUTPUT ACCEPT

    nothing changes...
  6. linkmaniac

    linkmaniac Networkin' Nut Member

    It seems to work when I pass the command via telnet. But this is only temporary, when I reboot the change is gone. How can I make it work permanently?
  7. kthaddock

    kthaddock Network Guru Member

    The default configuration of the firewall blocks DHCP renewal responses which causes
    it to request a new IP and for current connections to be dropped whether the address
    changes or not.

    Save this command to the firewall script on the Administration->Commands page to fix it:
    iptables -I INPUT -p udp --sport 67 --dport 68 -j ACCEPT
    But you don't explain what you want to do.
  8. linkmaniac

    linkmaniac Networkin' Nut Member

    this rule is default, that s not the problem.

    As I said before I want to setup a DMZ in order to put there my NAS (as bittorent client, ftp, web server). The WRT54GS is going to be between WAN und DMZ. Behind the DMZ is going to be another router to protect my LAN (WHS and some PCs).

    I created in tomato some VLANs and now I m stuck with the iptables. I can t tell now which rules exactly I want in the iptables. The point is I cannot save the rules at all. Tomato doesn t pass the commands to the iptables.
  9. Toastman

    Toastman Super Moderator Staff Member Member

    I think this is what's wrong:

    When you have entered a change by telnet or by the system command box under the tools menu, you must then save it to NVRAM in order to survive a reboot.

    nvram commit​

    If you enter a firewall rule, you can run it without saving by

    service firewall restart​

    If it works, then save to NVRAM.
  10. linkmaniac

    linkmaniac Networkin' Nut Member

    I am a few steps further....:). I ve found out that something was messed up with my configuration. I think the box for clearing the nvram as I flashed a new tomato was not checked. I did it again but now checked for sure and reflashed another tomato. Now I can pass the rules in the firewall script box and after rebooting they are still there. I don t how to remove them though...Can I use fwbuilder to configure iptables? I find the manual editing tricky and time consuming.


Share This Page