IPTABLES commands for Tomato

Discussion in 'Tomato Firmware' started by Dataa, May 30, 2014.

  1. Dataa

    Dataa Network Newbie Member

    I am trying to learn how to use iptables and I am a little confused about the commands, and the syntax.

    I am using the ddwrt wiki page on iptable commands as a guide, but a lot of these commands don't seem to be working.

    Device I am using to experiment: WRT54gl
    Running Tomato by Shibby: 1.28.0005 112 ND VPN

    iptables -I FORWARD -d <ipaddress> -j REJECT - This command works (blocks the ip address)
    iptables -I FORWARD -d <ipaddress> -j DROP - This commands does not block the ip address
    iptables -I OUTPUT -d <ipaddress> -j logdrop - This commands does not block the ip address, and does not log
    iptables -I OUTPUT -d <ipaddress> -j ldrop - This commands does not block the ip address

    Does it matter if certain words are in capitals or not?

    Are there seperate set of command for iptables in Tomato? Can any one tell me where I can learn the commands for iptables for tomato?
  2. koitsu

    koitsu Network Guru Member

    EDIT: Is this thread related to another thread you made prior? If so, why do we need two threads?

    The problem is that you don't understand iptables. It has nothing to do with Tomato vs. DD-WRT. iptables are confusing because of the use of chains (names like FORWARD, OUTPUT, INPUT, etc.) and tables (things like filter vs. nat). There are chain and target name differences between TomatoUSB and DD-WRT, but for INPUT/OUTPUT/FORWARD these are universal.

    1. You aren't providing enough information as to what you're trying to accomplish. It looks like you're trying to block "an IP address" but you aren't saying what kind of IP address. Are you trying to stop someone within your LAN (wireless or Ethernet, doesn't matter) from reaching somewhere on the Internet? Are you trying to stop someone on the Internet from connecting to your router? It matters!

    2. PLEASE DO NOT OMIT INFORMATION. Do not hide IP addresses, do not hide MAC addresses, etc.. When asking for networking help, hiding/omitting this information will usually cause a network administrator to ignore you; you gain nothing by hiding this information (in this particular case). :)

    3. Things are usually case-sensitive in *IX (Linux/UNIX). If unsure, always assume so.

    As for the targets (REJECT vs. DROP vs. logdrop): I explain the first two in this post. There is no logdrop target on TomatoUSB. If you want to make such a chain/target, you can, but given your lack of familiarity and just "flailing around" I would suggest you not do this right now. Instead focus on getting an understanding of iptables in general.

    Footnote: this matter has nothing to do with TomatoUSB or DD-WRT, so if you have iptables (what is also known as netfilter) questions, I would suggest you ask on their mailing lists or what not. Be aware TomatoUSB uses iptables 1.3.8 and Linux kernel 2.6.22 (it matters).
  3. Dataa

    Dataa Network Newbie Member

    Thanks for you help Koitsu.
    I made this a general thread to ask where I can learn more about iptables.

    sorry I was not trying to omit information. The ip address I am blocking is a random one for the experiment right now.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice