1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Traffic only at Port 80 and 110! How?

Discussion in 'Tomato Firmware' started by faxxe, Oct 14, 2007.

  1. faxxe

    faxxe LI Guru Member

    Hello!

    I have a pc with the ip 192.168.0.9 in my LAN and i want, traffic is only on port 80 and 110 allowed for that pc.

    With the line:
    iptables -I FORWARD -s 192.168.0.9 -p TCP ! --dport 80 -j DROP

    in Section WAN-UP everthing except port 80 will be dropped.
    But how can i do that for port 80 and port 110?:confused::confused:

    Thanks for your help!
    Regards,
    faxxe
     
  2. GeeTek

    GeeTek Guest

  3. roadkill

    roadkill Super Moderator Staff Member Member

    I modified the script for your ports...
     
  4. faxxe

    faxxe LI Guru Member

    Many thanks for your help!

    Too early - have i to add the source ip? 192.168.0.9 like this?

    iptables -A FORWARD -p -s 192.168.0.9 tcp --destination-port 80 -j ACCEPT

    because when i add the script to wan-up, nothing is blocked

    Regards from austria,
    faxxe
     
  5. faxxe

    faxxe LI Guru Member

    Hi!

    Sorry for some questions more :redface:

    * If i add the lines above into the firewall scripts and reboot, everythink is blocked and i dont know why :confused:

    * should i add a -s(ource) ord -d(estination) IP ?

    Many thanks,
    Heimo
     
  6. u3gyxap

    u3gyxap Network Guru Member

    Yes, the script should be added to firewall, not wanup.
    Yes, if you want to restrict only 192.168.0.5 to being able to access only 80 and 110, then yes, you should add -s 192.168.0.9, like this:
    iptables -A FORWARD -s 192.168.0.9 -p tcp --destination-port 80 -j ACCEPT
     
  7. faxxe

    faxxe LI Guru Member

    Hello again!

    Now i have this script in my Firewall-Section:

    iptables -A FORWARD -s 192.168.0.9 -p tcp --destination-port 80 -j ACCEPT
    iptables -A FORWARD -s 192.168.0.9 -p tcp -j DROP


    But i still have full access to the net on all ports.

    UPNP is disabled.

    Strange, is´nt it?:eek:

    Heimo
     
  8. u3gyxap

    u3gyxap Network Guru Member

    No, it's normal.
    try it like this:
    iptables -I FORWARD -s 192.168.0.9 -j DROP
    iptables -I FORWARD -s 192.168.0.9 -p udp --destination-port 53 -j ACCEPT
    iptables -I FORWARD -s 192.168.0.9 -p tcp --destination-port 110 -j ACCEPT
    iptables -I FORWARD -s 192.168.0.9 -p tcp --destination-port 443 -j ACCEPT
    iptables -I FORWARD -s 192.168.0.9 -p tcp --destination-port 80 -j ACCEPT
    53 is for DNS, 443 is for https.
    Make sure you type them in this exact order.
     
  9. faxxe

    faxxe LI Guru Member

    thank you, u3gyxap! A beer for you!

    now it works!

    i thought, the "DROPS" have to be on the end of the script.
    Best regards,
    Heimo
     

Share This Page