1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Wanted feature ...

Discussion in 'DD-WRT Firmware' started by on4cet, Apr 14, 2005.

  1. on4cet

    on4cet Network Guru Member

    Hi Sebastian (people call you brian, but that's not correct),

    Isn't it possible to integrate a firewall feature on the WAN-side like eg. Zonealarm ... I mean, I want to specify which ip-ranges from the internet are allowed to get their way into the port forwarding etc...

    At this moment, if I put port forwarding on, everyone from everywhere can get their way through ...

    I would like the possibility to block or allow specific ports right from the beginning when they come into the WAN-port ...


    Is this too much asked, or can it be done ...

    Are there other forum users who would like this features, please comment on this ... or is there a way to do that right now ? But I would like to see it in the GUI ...

    Kind regards,

    Bart

    PS. Just came across the program 'wallwatcher', since this info must be coming from the logs, can't it be integrated like their screenshots ??
     
  2. jagboy

    jagboy Network Guru Member

    1.the WRT54G runs linux so you might need to find a program that runs on linux that is a firewall.

    2.the router is very limited to memeory. i think the average it 16 falsh and 8 ram or is it the other way around......

    3.you could install a package that could do this. but i have yet to hear of a package that does this.
     
  3. XCOM7

    XCOM7 Network Guru Member

    As far as I know the WRT54G is a Full SPI Router so that makes it some what of a hardware firewall.
    As far as Making it something like it zonealarm is just plain joke...
    If you looking for some thing that would pop up and say you want to allow these?!? You will not get it from a Hardware Firewall.
    Now to block specific range I am pretty sure you can since these hacked firmware are base on Linux I am sure they are running a type of IP chain firewall etc...
    I have not look at the code but if not there I am sure there is a module floating around.
    Good Luck.

    By the way even with port forwarding on not everybody will get thru.. your ports will still be close and stealth to unsolicited traffic..
    Now DMZ is a whole different story..
     
  4. Disman_ca

    Disman_ca Super Moderator Staff Member Member

    iptables is there Iptables Tutorial. If you wan't to manage exactly how iptables handles port forwarding or blocking you should look at http://www.fwbuilder.org/ to help you design detailed iptable scripts which you can load on the wrt.

    I'm sure its been asked before but it simply isn't possible hence wallwatcher and linklogger PC apps which are GUI based syslog monitors.
     
  5. t4thfavor

    t4thfavor Network Guru Member

    have you ever seen anyone who wants to hack into a wrt router?
    and if they want to hack it they will.

    so if you want security turn off the router and unplug the cable modem.
     
  6. tl511

    tl511 Network Guru Member

    DD-WRT runs iptables. Therefore you theoretically do anything with it. However, I am still trying to get the question of "how" to make permanent changes directly to the iptables.
     
  7. t4thfavor

    t4thfavor Network Guru Member

    via the telnet/ssh command line through the good ol linux command(s) line
     
  8. jagboy

    jagboy Network Guru Member

    well the only thing that i can suggest is investing into a hardware firewall.

    or get an old pentium 2 or 3 machine and run some kind of linux on it.

    this is waht i am going to do with my old windows 95 machine.


    i just swap out the hardrive and go form file server to linux in a matter of seconds
     
  9. Guyfromhe

    Guyfromhe Network Guru Member

    i don;t know how true this is but I recall someone saying running nvram commit would save current fw rules (that may be incorrect never tried it).
    you can also stick the appropriate rules in the startup script in your firmware.
     
  10. Guyfromhe

    Guyfromhe Network Guru Member

    and thats true of any security but that doesn't mean you leave your front door unlocked and wide open while your out beacuse somoene could kick down your door without too much trouble...
     
  11. jagboy

    jagboy Network Guru Member

    :dancing:
     
  12. Disman_ca

    Disman_ca Super Moderator Staff Member Member

    telnet /ssh example commands for port forwarding of http (80) to an internal web server 192.168.1.10:

    command #1- iptables -I FORWARD -p tcp --dport 80 -d 192.168.1.10 -j ACCEPT
    command #2 - iptables -t nat -I PREROUTING -i vlan1 -p tcp --destination-port 80 -j DNAT --to-destination 192.168.1.10:80
    command #3 - nvram commit

    This will save it to survive a reboot. You should note it will not show in the GUI port forwarding page. I do suggest using firewall builder as it will create the entire script for you after you design it first and load it to the router. Don't be discouraged by looking at the interface as it can look overwhelming. Run throught the tutorial and you will get an idea on how to set policies/rules. You can use the command shell to run each rule command seperately but it will take you some time to finish it. You only need to run nvram commit after entering all your desired rules.
     
  13. t4thfavor

    t4thfavor Network Guru Member

    lol i leave my door unlocked, but i live in the woods away from everyone

    and hence the reason i have no broadband to be hacked. this is why im kinda
    biased against security. i just know that. if anyone wants to get in they will get in. and if there is nothing in there they will leave.
     
  14. tl511

    tl511 Network Guru Member


    If the rules are dumped into nvram, then I should be able to see them with nvram show. I have looked but haven't been able to find them. Therefore, I'm wondering if the rules are written to a file somewhere and then committed to nvram. I am trying to get fwbuilder linked up to be able to install rules directly from the gui. That would be pretty tight. Any clue how to set this to allow me to install directly to nvram on the WRT54G?

    Thanks,
     
  15. Disman_ca

    Disman_ca Super Moderator Staff Member Member

    [quote="tl511]If the rules are dumped into nvram, then I should be able to see them with nvram show. I have looked but haven't been able to find them. Therefore, I'm wondering if the rules are written to a file somewhere and then committed to nvram. I am trying to get fwbuilder linked up to be able to install rules directly from the gui. That would be pretty tight. Any clue how to set this to allow me to install directly to nvram on the WRT54G?

    Thanks,[/quote]To get the current rules list run "cat /tmp/.ipt" Fwbuilder will automatically load the rules to the router using putty.exe. Go through the tutorial http://www.fwbuilder.org/archives/cat_slides.html#000157 and it steps you through the entire process from start to finish included uploading the script to the router. Side 33 for config of fwbuilder using putty.
     
  16. Guyfromhe

    Guyfromhe Network Guru Member

    they may piss on the carpet before they do though and no one likes a pissed on carpet
     

Share This Page