Block Address

Discussion in 'Tomato Firmware' started by GeeTek, Dec 28, 2006.

  1. GeeTek

    GeeTek Guest

    I am trying to block all access to one particular internet IP address. The access restriction rules do not have the IP Address source/destination options that the QOS rules have, and I cannot seem to figure out how to block the IP. I created a block rule and using the "Applies to the following" drop down, and specified the target IP to be blocked, but that does not do it. I think the "Applies to" field refers only to the LAN IP or MAC to be controlled.
  2. u3gyxap

    u3gyxap Network Guru Member

    iptables -I FORWARD -d -j DROP
    add that to the startup script
  3. GeeTek

    GeeTek Guest

    Thank you for the info. I really need to learn how to use IP tables. So much flexible power !
  4. digitalgeek

    digitalgeek Network Guru Member

    did you try blocking the name?
  5. GeeTek

    GeeTek Guest

    This was one of those maintenence back door sites buried inside a piece of trial software I wanted to test. The program required valid data to operate, and the software phoned home every time it ran, so I wanted to close the door on it before I tested it. The address did not seem to resolve to anything I could block. It was not a conventional website, and name look-ups did not seem work on it. Here is the script that did block it, and the IP address in question. Thanks for the help. The software turned out to be bum.

    iptables -I FORWARD -d -j DROP

    Edit - Spellering
  6. digitalgeek

    digitalgeek Network Guru Member

    have you tried entering this address in the HTTP request box?
  7. GeeTek

    GeeTek Guest

    Yes, it does not block access. I have these 2 entries in the HTTP request box in "Access Restrictions" ;

    Rule saved and router rebooted.
    Here is the result shown from TCPview when starting the program ;

    MWSMassMailingNews.exe:3792 TCP ESTABLISHED

    Using the script in Tomato, it never gets past "Sync Sent", and times out with out ever establishing contact. With the script blocking access, the connection never appears in the Tomato graphs. With out the script, but using the http block box, the established connection shows up on the graphs as would be expected.
  8. bokh

    bokh Network Guru Member

    AFAIK I would (have in fact) put that kind of rules in the firewall-tab of the Admin/Scripts-section and not in init anymore, right?
  9. GeeTek

    GeeTek Guest

    I knew I had seen this somewhere. It was in my own thread, only a month ago. I need to fix it to work on only one LAN IP and specify a range to be blocked. I'm going to find some IP tables info and figure it out. Thanks for the reminder !
  10. bokh

    bokh Network Guru Member

    Well never mind, 'cause when I add a single IP-address to be blocked in the FW-script, it still goes through the portforwarding-settings (WWW:80).
    Being used to FreeBSDs "IPFW" I have to dive a little deeper into Linux' "iptables", I guess...
  11. GeeTek

    GeeTek Guest

    I think it is the firewall that worked. I remember that it did not work where I had put it first, so being the n00b that I am, I entered it into Init, Shutdown, Firewall and WAN Up. It worked then, and I never analysed it further !
  12. bonuts

    bonuts Guest

    In the scenario described earlier in the thread, is there any way to know how the installed software tries to 'call home'? Put another way, is there a way to monitor whether it calls home via an IP address or a URL? For instance, the poster mentions he tried blocking both &

    I tried using Zone Alarm. ZA logs the following the exact same way..
    telnet 80
    telnet 80

    (nslookup >>

  13. GeeTek

    GeeTek Guest

    Your pie chart details show all established connections. It has an option to do an automatic name look up of the IP addresses. Just monitor the connections before starting the software and see if anything new pops up in the list. If you have a Windows machine, you can also use a program called "TCP View" that will show all connections on the computer you run it on.
  14. yeop

    yeop Guest

    hi all need some help here
    my problem is i want to block specific or range of ip address from access my pc, i mean to block windows file sharing from certain pc (open wireless)
    no idea to play with Access Restriction,can the AR do the job?
    so just read tomato wiki,im try to use iptables can they?so here my understanding dont know true or not ,like not working may be im wrong completely, no linux experience

    let say my pc
    want block

    1# iptables -A INPUT -s -d -j DROP

    2# iptables -A INPUT -s -j DROP
    iptables -A OUTPUT -d -j DROP

    i put it in firewall btw along with this script
    ifconfig vlan1:0 netmask
    iptables -t nat -I POSTROUTING -o vlan1 -d -j SNAT --to-source

    or any other option?thanks
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice