1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Problems with Iptables tomato-E2000-1.28.7466MIPSR2-Toastman-Std

Discussion in 'Tomato Firmware' started by hjf288, Apr 11, 2011.

  1. hjf288

    hjf288 LI Guru Member

    I have the following script that worked on Tomato RAF 1.28.121006 K2.4.20 MIPSR1.. on a WRT54GL..

    I've tried to use it on my new E2000 and while the rules are added, the computer can still access UPNP/NAT-PMP on the router

    Also I can't access my modem on 192.168.100.1..

    Can anyone please assist :(

    Firewall:

    iptables -I POSTROUTING -t nat -o vlan1 -d 192.168.100.0/24 -j MASQUERADE

    iptables -I INPUT -p udp --dport 1900 -m mac --mac-source B4:82:FE:56:50:33 -j DROP
    iptables -I INPUT -p tcp --dport 1900 -m mac --mac-source B4:82:FE:56:50:33 -j DROP
    iptables -I INPUT -p udp --dport 5351 -m mac --mac-source B4:82:FE:56:50:33 -j DROP
    iptables -I INPUT -p tcp --dport 5351 -m mac --mac-source B4:82:FE:56:50:33 -j DROP
    iptables -I INPUT -p tcp --dport 2869 -m mac --mac-source B4:82:FE:56:50:33 -j DROP
    iptables -I INPUT -p tcp --dport 5000 -m mac --mac-source B4:82:FE:56:50:33 -j DROP
    iptables -I INPUT -p udp --dport 5000 -m mac --mac-source B4:82:FE:56:50:33 -j DROP

    iptables -I INPUT -p udp --sport 30932 -m mac --mac-source B4:82:FE:56:50:33 -j DROP
    iptables -I INPUT -p tcp --sport 30932 -m mac --mac-source B4:82:FE:56:50:33 -j DROP

    iptables -I INPUT -p udp --dport 50603 -m mac --mac-source B4:82:FE:56:50:33 -j DROP
    iptables -I INPUT -p tcp --dport 50603 -m mac --mac-source B4:82:FE:56:50:33 -j DROP

    iptables -I INPUT -d 239.255.255.250 -m mac --mac-source B4:82:FE:56:50:33 -j DROP

    WAN UP:
    ip addr add 192.168.100.254/24 dev vlan1 brd +

    INIT:
    echo "0" > /proc/sys/net/ipv4/netfilter/ip_conntrack_fastnat
     
  2. TT76

    TT76 Networkin' Nut Member

    replace vlan1 with vlan2.
     
  3. hjf288

    hjf288 LI Guru Member

    Thanks, any help with the iptables problem please?
     
  4. phuque99

    phuque99 LI Guru Member

    Could you post your itables output using the following commands:

    iptables -vnL
    iptables -t nat -vnL
     
  5. hjf288

    hjf288 LI Guru Member

    Chain INPUT (policy DROP 136 packets, 15980 bytes)
    pkts bytes target prot opt in out source destination
    0 0 DROP all -- * * 192.168.0.163 239.255.255.250
    0 0 DROP tcp -- * * 192.168.0.163 0.0.0.0/0 tcp dpt:50603
    0 0 DROP udp -- * * 192.168.0.163 0.0.0.0/0 udp dpt:50603
    0 0 DROP tcp -- * * 192.168.0.163 0.0.0.0/0 tcp spt:30932
    0 0 DROP udp -- * * 192.168.0.163 0.0.0.0/0 udp spt:30932
    0 0 DROP udp -- * * 192.168.0.163 0.0.0.0/0 udp dpt:5000
    0 0 DROP tcp -- * * 192.168.0.163 0.0.0.0/0 tcp dpt:5000
    0 0 DROP tcp -- * * 192.168.0.163 0.0.0.0/0 tcp dpt:2869
    0 0 DROP tcp -- * * 192.168.0.163 0.0.0.0/0 tcp dpt:5351
    33 1210 DROP udp -- * * 192.168.0.163 0.0.0.0/0 udp dpt:5351
    0 0 DROP tcp -- * * 192.168.0.163 0.0.0.0/0 tcp dpt:1900
    0 0 DROP udp -- * * 192.168.0.163 0.0.0.0/0 udp dpt:1900
    0 0 DROP all -- * * 0.0.0.0/0 239.255.255.250 MAC B4:82:FE:56:50:33
    0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:50603 MAC B4:82:FE:56:50:33
    0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:50603 MAC B4:82:FE:56:50:33
    0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:30932 MAC B4:82:FE:56:50:33
    0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:30932 MAC B4:82:FE:56:50:33
    0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5000 MAC B4:82:FE:56:50:33
    0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5000 MAC B4:82:FE:56:50:33
    0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2869 MAC B4:82:FE:56:50:33
    0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5351 MAC B4:82:FE:56:50:33
    0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5351 MAC B4:82:FE:56:50:33
    0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1900 MAC B4:82:FE:56:50:33
    0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 MAC B4:82:FE:56:50:33
    0 0 DROP all -- br0 * 0.0.0.0/0 86.27.110.225
    459 33441 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
    3480 554K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    26742 1467K ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0
    18 1664 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
    27548 1661K ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5
    0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:33434:33534 limit: avg 5/sec burst 5
    711 238K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
    6 192 ACCEPT 2 -- * * 0.0.0.0/0 224.0.0.0/4
    0 0 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.0/4 udp dpt:!1900

    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    24 1464 ACCEPT all -- br0 br0 0.0.0.0/0 0.0.0.0/0
    5100 220K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
    31681 1744K TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
    1060K 412M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    10518 1390K wanin all -- vlan2 * 0.0.0.0/0 0.0.0.0/0
    62163 5568K wanout all -- * vlan2 0.0.0.0/0 0.0.0.0/0
    62163 5568K ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0
    582 85812 upnp all -- vlan2 * 0.0.0.0/0 0.0.0.0/0

    Chain OUTPUT (policy ACCEPT 893 packets, 242K bytes)
    pkts bytes target prot opt in out source destination

    Chain upnp (1 references)
    pkts bytes target prot opt in out source destination
    5 750 ACCEPT udp -- * * 0.0.0.0/0 192.168.0.66 udp dpt:5668
    3 152 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.66 tcp dpt:5668

    Chain wanin (1 references)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.0/4
    12 632 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.9 tcp dpt:5222
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.9 tcp dpt:21
    0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.0.9 udp dpt:21
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.9 tcp dpt:1935
    0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.0.9 udp dpt:1935
    215 11456 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.9 tcp dpt:80
    3 132 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.66 tcp dpt:8000
    0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.0.66 udp dpt:8000
    1 44 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.9 tcp dpts:65500:65535
    0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.0.9 udp dpts:65500:65535
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.66 tcp dpt:5004
    0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.0.66 udp dpt:5004
    21 1148 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.9 tcp dpt:443
    2 104 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.9 tcp dpt:3690
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.66 tcp dpt:5688
    0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.0.66 udp dpt:5688
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.9 tcp dpt:30932
    9682 1290K ACCEPT udp -- * * 0.0.0.0/0 192.168.0.9 udp dpt:30932

    Chain wanout (1 references)
    pkts bytes target prot opt in out source destination

    Chain PREROUTING (policy ACCEPT 1923 packets, 250K bytes)
    pkts bytes target prot opt in out source destination
    0 0 DROP tcp -- * * 192.168.0.163 0.0.0.0/0 tcp flags:0x17/0x02 #conn/32 > 50
    4618 808K ACCEPT udp -- * * 192.168.0.163 0.0.0.0/0 limit: avg 1/sec burst 5
    0 0 DROP all -- vlan2 * 0.0.0.0/0 192.168.0.0/24
    40293 3256K WANPREROUTING all -- * * 0.0.0.0/0 86.27.110.225
    5547 649K upnp all -- * * 0.0.0.0/0 86.27.110.225

    Chain POSTROUTING (policy ACCEPT 119 packets, 16459 bytes)
    pkts bytes target prot opt in out source destination
    0 0 MASQUERADE all -- * vlan2 0.0.0.0/0 192.168.100.0/24
    0 0 SNAT tcp -- * * 192.168.0.0/24 192.168.0.9 tcp dpt:5222 to:86.27.110.225
    3 180 SNAT tcp -- * * 192.168.0.0/24 192.168.0.9 tcp dpt:21 to:86.27.110.225
    0 0 SNAT udp -- * * 192.168.0.0/24 192.168.0.9 udp dpt:21 to:86.27.110.225
    0 0 SNAT tcp -- * * 192.168.0.0/24 192.168.0.9 tcp dpt:1935 to:86.27.110.225
    0 0 SNAT udp -- * * 192.168.0.0/24 192.168.0.9 udp dpt:1935 to:86.27.110.225
    0 0 SNAT tcp -- * * 192.168.0.0/24 192.168.0.9 tcp dpt:80 to:86.27.110.225
    0 0 SNAT tcp -- * * 192.168.0.0/24 192.168.0.66 tcp dpt:8000 to:86.27.110.225
    0 0 SNAT udp -- * * 192.168.0.0/24 192.168.0.66 udp dpt:8000 to:86.27.110.225
    0 0 SNAT tcp -- * * 192.168.0.0/24 192.168.0.9 tcp dpts:65500:65535 to:86.27.110.225
    0 0 SNAT udp -- * * 192.168.0.0/24 192.168.0.9 udp dpts:65500:65535 to:86.27.110.225
    0 0 SNAT tcp -- * * 192.168.0.0/24 192.168.0.66 tcp dpt:5004 to:86.27.110.225
    0 0 SNAT udp -- * * 192.168.0.0/24 192.168.0.66 udp dpt:5004 to:86.27.110.225
    0 0 SNAT tcp -- * * 192.168.0.0/24 192.168.0.9 tcp dpt:443 to:86.27.110.225
    3 180 SNAT tcp -- * * 192.168.0.0/24 192.168.0.9 tcp dpt:3690 to:86.27.110.225
    0 0 SNAT tcp -- * * 192.168.0.0/24 192.168.0.66 tcp dpt:5688 to:86.27.110.225
    0 0 SNAT udp -- * * 192.168.0.0/24 192.168.0.66 udp dpt:5688 to:86.27.110.225
    0 0 SNAT tcp -- * * 192.168.0.0/24 192.168.0.9 tcp dpt:30932 to:86.27.110.225
    0 0 SNAT udp -- * * 192.168.0.0/24 192.168.0.9 udp dpt:30932 to:86.27.110.225
    49545 4438K MASQUERADE all -- * vlan2 0.0.0.0/0 0.0.0.0/0

    Chain OUTPUT (policy ACCEPT 91 packets, 7739 bytes)
    pkts bytes target prot opt in out source destination

    Chain WANPREROUTING (1 references)
    pkts bytes target prot opt in out source destination
    27548 1661K DNAT icmp -- * * 0.0.0.0/0 0.0.0.0/0 to:192.168.0.1
    12 632 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5222 to:192.168.0.9
    3 180 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 to:192.168.0.9
    0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:21 to:192.168.0.9
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1935 to:192.168.0.9
    0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1935 to:192.168.0.9
    215 11448 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:192.168.0.9
    3 120 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000 to:192.168.0.66
    0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:8000 to:192.168.0.66
    1 40 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:65500:65535 to:192.168.0.9
    0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:65500:65535 to:192.168.0.9
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5004 to:192.168.0.66
    0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5004 to:192.168.0.66
    21 1148 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:192.168.0.9
    5 284 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3690 to:192.168.0.9
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5688 to:192.168.0.66
    0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5688 to:192.168.0.66
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:30932 to:192.168.0.9
    6938 933K DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:30932 to:192.168.0.9

    Chain upnp (1 references)
    pkts bytes target prot opt in out source destination
    5 750 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5668 to:192.168.0.66:5668
    3 152 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5668 to:192.168.0.66:5668

    Chain PREROUTING (policy ACCEPT 1420K packets, 477M bytes)
    pkts bytes target prot opt in out source destination
    776K 158M IMQ all -- br0 * 0.0.0.0/0 0.0.0.0/0 IMQ: todev 0
    654K 141M MARK all -- * * 192.168.0.163 !192.168.0.0/24 MARK set 0xa

    Chain INPUT (policy ACCEPT 63971 packets, 4519K bytes)
    pkts bytes target prot opt in out source destination

    Chain FORWARD (policy ACCEPT 1137K packets, 420M bytes)
    pkts bytes target prot opt in out source destination

    Chain OUTPUT (policy ACCEPT 36955 packets, 2858K bytes)
    pkts bytes target prot opt in out source destination

    Chain POSTROUTING (policy ACCEPT 1170K packets, 422M bytes)
    pkts bytes target prot opt in out source destination
    614K 316M IMQ all -- * br0 0.0.0.0/0 0.0.0.0/0 IMQ: todev 1
    591K 312M MARK all -- * * !192.168.0.0/24 192.168.0.163 MARK set 0xa
     
  6. phuque99

    phuque99 LI Guru Member

    Your rule to drop nat-pmp is working, I can see dropped packets registered on your INPUT chain:

    Code:
    Chain INPUT (policy DROP 136 packets, 15980 bytes)
    pkts bytes target prot opt in out source destination
    33 1210 DROP udp -- * * 192.168.0.163 0.0.0.0/0 udp dpt:5351
    The upnp chain only had IP "192.168.0.66" registered. When you ran the iptables listing, was "192.168.0.163" showing up on uPnP forwarded port list in the GUI?

    Code:
    Chain upnp (1 references)
    pkts bytes target prot opt in out source destination
    5 750 ACCEPT udp -- * * 0.0.0.0/0 192.168.0.66 udp dpt:5668
    3 152 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.66 tcp dpt:5668
     
  7. hjf288

    hjf288 LI Guru Member

    Yeah sorry I forgot I disabled UPNP last night to stop 163 from mapping to it.

    66 Is mapped via NAT-PMP and 163 cant access that but it can access UPNP no matter what my rules are... I'll try snag a dump when its online
     
  8. hjf288

    hjf288 LI Guru Member

    Chain INPUT (policy DROP 2 packets, 930 bytes)
    pkts bytes target prot opt in out source destination
    1 32 DROP all -- * * 192.168.0.163 239.255.255.250
    0 0 DROP tcp -- * * 192.168.0.163 0.0.0.0/0 tcp dpt:50603
    0 0 DROP udp -- * * 192.168.0.163 0.0.0.0/0 udp dpt:50603
    0 0 DROP tcp -- * * 192.168.0.163 0.0.0.0/0 tcp spt:30932
    0 0 DROP udp -- * * 192.168.0.163 0.0.0.0/0 udp spt:30932
    0 0 DROP udp -- * * 192.168.0.163 0.0.0.0/0 udp dpt:5000
    0 0 DROP tcp -- * * 192.168.0.163 0.0.0.0/0 tcp dpt:5000
    0 0 DROP tcp -- * * 192.168.0.163 0.0.0.0/0 tcp dpt:2869
    0 0 DROP tcp -- * * 192.168.0.163 0.0.0.0/0 tcp dpt:5351
    0 0 DROP udp -- * * 192.168.0.163 0.0.0.0/0 udp dpt:5351
    0 0 DROP tcp -- * * 192.168.0.163 0.0.0.0/0 tcp dpt:1900
    0 0 DROP udp -- * * 192.168.0.163 0.0.0.0/0 udp dpt:1900
    0 0 DROP all -- * * 0.0.0.0/0 239.255.255.250 MAC B4:82:FE:56:50:33
    0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:50603 MAC B4:82:FE:56:50:33
    0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:50603 MAC B4:82:FE:56:50:33
    0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:30932 MAC B4:82:FE:56:50:33
    0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:30932 MAC B4:82:FE:56:50:33
    0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5000 MAC B4:82:FE:56:50:33
    0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5000 MAC B4:82:FE:56:50:33
    0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2869 MAC B4:82:FE:56:50:33
    0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5351 MAC B4:82:FE:56:50:33
    0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5351 MAC B4:82:FE:56:50:33
    0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1900 MAC B4:82:FE:56:50:33
    0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 MAC B4:82:FE:56:50:33
    0 0 DROP all -- br0 * 0.0.0.0/0 86.27.110.225
    22 1133 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
    474 69942 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    262 24708 ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
    54 3240 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5
    0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:33434:33534 limit: avg 5/sec burst 5
    0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
    0 0 ACCEPT 2 -- * * 0.0.0.0/0 224.0.0.0/4
    0 0 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.0/4 udp dpt:!1900

    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT all -- br0 br0 0.0.0.0/0 0.0.0.0/0
    57 2280 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
    396 20864 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
    78 17335 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    57 7430 wanin all -- vlan2 * 0.0.0.0/0 0.0.0.0/0
    501 30051 wanout all -- * vlan2 0.0.0.0/0 0.0.0.0/0
    501 30051 ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0
    1 60 upnp all -- vlan2 * 0.0.0.0/0 0.0.0.0/0

    Chain OUTPUT (policy ACCEPT 60 packets, 26927 bytes)
    pkts bytes target prot opt in out source destination

    Chain upnp (1 references)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.0.163 udp dpt:30932
    1 60 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.66 tcp dpt:45631

    Chain wanin (1 references)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.0/4
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.9 tcp dpt:5222
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.9 tcp dpt:21
    0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.0.9 udp dpt:21
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.9 tcp dpt:1935
    0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.0.9 udp dpt:1935
    1 64 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.9 tcp dpt:80
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.66 tcp dpt:8000
    0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.0.66 udp dpt:8000
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.9 tcp dpts:65500:65535
    0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.0.9 udp dpts:65500:65535
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.66 tcp dpt:5004
    0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.0.66 udp dpt:5004
    1 64 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.9 tcp dpt:443
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.9 tcp dpt:3690
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.66 tcp dpt:5688
    0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.0.66 udp dpt:5688
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.9 tcp dpt:30932
    54 7242 ACCEPT udp -- * * 0.0.0.0/0 192.168.0.9 udp dpt:30932

    Chain wanout (1 references)
    pkts bytes target prot opt in out source destination

    Chain PREROUTING (policy ACCEPT 19 packets, 2111 bytes)
    pkts bytes target prot opt in out source destination
    0 0 DROP all -- vlan2 * 0.0.0.0/0 192.168.0.0/24
    139 14381 WANPREROUTING all -- * * 0.0.0.0/0 86.27.110.225
    32 4164 upnp all -- * * 0.0.0.0/0 86.27.110.225

    Chain POSTROUTING (policy ACCEPT 8 packets, 835 bytes)
    pkts bytes target prot opt in out source destination
    0 0 MASQUERADE all -- * vlan2 0.0.0.0/0 192.168.100.0/24
    0 0 SNAT tcp -- * * 192.168.0.0/24 192.168.0.9 tcp dpt:5222 to:86.27.110.225
    0 0 SNAT tcp -- * * 192.168.0.0/24 192.168.0.9 tcp dpt:21 to:86.27.110.225
    0 0 SNAT udp -- * * 192.168.0.0/24 192.168.0.9 udp dpt:21 to:86.27.110.225
    0 0 SNAT tcp -- * * 192.168.0.0/24 192.168.0.9 tcp dpt:1935 to:86.27.110.225
    0 0 SNAT udp -- * * 192.168.0.0/24 192.168.0.9 udp dpt:1935 to:86.27.110.225
    0 0 SNAT tcp -- * * 192.168.0.0/24 192.168.0.9 tcp dpt:80 to:86.27.110.225
    0 0 SNAT tcp -- * * 192.168.0.0/24 192.168.0.66 tcp dpt:8000 to:86.27.110.225
    0 0 SNAT udp -- * * 192.168.0.0/24 192.168.0.66 udp dpt:8000 to:86.27.110.225
    0 0 SNAT tcp -- * * 192.168.0.0/24 192.168.0.9 tcp dpts:65500:65535 to:86.27.110.225
    0 0 SNAT udp -- * * 192.168.0.0/24 192.168.0.9 udp dpts:65500:65535 to:86.27.110.225
    0 0 SNAT tcp -- * * 192.168.0.0/24 192.168.0.66 tcp dpt:5004 to:86.27.110.225
    0 0 SNAT udp -- * * 192.168.0.0/24 192.168.0.66 udp dpt:5004 to:86.27.110.225
    0 0 SNAT tcp -- * * 192.168.0.0/24 192.168.0.9 tcp dpt:443 to:86.27.110.225
    0 0 SNAT tcp -- * * 192.168.0.0/24 192.168.0.9 tcp dpt:3690 to:86.27.110.225
    0 0 SNAT tcp -- * * 192.168.0.0/24 192.168.0.66 tcp dpt:5688 to:86.27.110.225
    0 0 SNAT udp -- * * 192.168.0.0/24 192.168.0.66 udp dpt:5688 to:86.27.110.225
    0 0 SNAT tcp -- * * 192.168.0.0/24 192.168.0.9 tcp dpt:30932 to:86.27.110.225
    0 0 SNAT udp -- * * 192.168.0.0/24 192.168.0.9 udp dpt:30932 to:86.27.110.225
    581 34506 MASQUERADE all -- * vlan2 0.0.0.0/0 0.0.0.0/0

    Chain OUTPUT (policy ACCEPT 3 packets, 180 bytes)
    pkts bytes target prot opt in out source destination

    Chain WANPREROUTING (1 references)
    pkts bytes target prot opt in out source destination
    54 3240 DNAT icmp -- * * 0.0.0.0/0 0.0.0.0/0 to:192.168.0.1
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5222 to:192.168.0.9
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 to:192.168.0.9
    0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:21 to:192.168.0.9
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1935 to:192.168.0.9
    0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1935 to:192.168.0.9
    1 64 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:192.168.0.9
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8000 to:192.168.0.66
    0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:8000 to:192.168.0.66
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:65500:65535 to:192.168.0.9
    0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:65500:65535 to:192.168.0.9
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5004 to:192.168.0.66
    0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5004 to:192.168.0.66
    1 64 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:192.168.0.9
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3690 to:192.168.0.9
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5688 to:192.168.0.66
    0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5688 to:192.168.0.66
    0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:30932 to:192.168.0.9
    51 6849 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:30932 to:192.168.0.9

    Chain upnp (1 references)
    pkts bytes target prot opt in out source destination
    0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:30932 to:192.168.0.163:30932
    1 60 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:45631 to:192.168.0.66:45631

    Chain PREROUTING (policy ACCEPT 1614 packets, 170K bytes)
    pkts bytes target prot opt in out source destination

    Chain INPUT (policy ACCEPT 848 packets, 103K bytes)
    pkts bytes target prot opt in out source destination

    Chain FORWARD (policy ACCEPT 693 packets, 57096 bytes)
    pkts bytes target prot opt in out source destination

    Chain OUTPUT (policy ACCEPT 842 packets, 272K bytes)
    pkts bytes target prot opt in out source destination

    Chain POSTROUTING (policy ACCEPT 1483 packets, 327K bytes)
    pkts bytes target prot opt in out source destination
     

Share This Page