iptables to allow 80 and 443 on chillispot running ddwrt
Posted
by
user76682
on Server Fault
See other posts from Server Fault
or by user76682
Published on 2011-03-31T20:55:27Z
Indexed on
2012/09/21
3:40 UTC
Read the original article
Hit count: 515
I am having problems setting this up. this is what I am trying to do. I have Chillispot (hotpsot) running on dd-wrt. Everything is setup, but the client wants only 80 and 443 to go through through the hotspot. I found this tutorial for dd-wrt but that doesnt seem to work.
http://www.dd-wrt.com/wiki/index.php/Iptables#Allow_HTTP_traffic_only_to_specific_domain.28s.29
Initially I tried to place the options at the top but didnt work. then i flushed the iptables and set only these three. I can see the pkts number grow but for some reason I can browse.
root@DD-WRT:~# iptables -nvL FORWARD
Chain FORWARD (policy ACCEPT 3105 packets, 2442K bytes)
pkts bytes target prot opt in out source destination
1629 230K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 21,80,443
2346 2792K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
328 46420 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Heres some info from the router, chillispot is the tun0 interface.
root@DD-WRT:~# iptables -vnL FORWARD --line-numbers
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT 47 -- * vlan1 192.168.8.0/24 0.0.0.0/0
2 0 0 ACCEPT tcp -- * vlan1 192.168.8.0/24 0.0.0.0/0 tcp dpt:1723
3 32 1851 ACCEPT 0 -- tun0 * 0.0.0.0/0 0.0.0.0/0 state NEW
4 0 0 ACCEPT 0 -- br0 br0 0.0.0.0/0 0.0.0.0/0
5 48 2408 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
6 756 452K lan2wan 0 -- * * 0.0.0.0/0 0.0.0.0/0
7 756 452K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
8 0 0 TRIGGER 0 -- vlan1 br0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
9 0 0 trigger_out 0 -- br0 * 0.0.0.0/0 0.0.0.0/0
10 0 0 ACCEPT 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
11 0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
12 0 0 DROP 0 -- br0 * 0.0.0.0/0 0.0.0.0/0
13 0 0 DROP 0 -- * br0 0.0.0.0/0 0.0.0.0/0
The interfaces:
root@DD-WRT:~# ifconfig -a
br0 Link encap:Ethernet HWaddr 00:12:17:CF:80:5F
inet addr:192.168.8.1 Bcast:192.168.8.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2371 errors:0 dropped:0 overruns:0 frame:0
TX packets:1862 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:259721 (253.6 KiB) TX bytes:254862 (248.8 KiB)
br0:0 Link encap:Ethernet HWaddr 00:12:17:CF:80:5F
inet addr:169.254.255.1 Bcast:169.254.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth0 Link encap:Ethernet HWaddr 00:12:17:CF:80:5F
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5050 errors:0 dropped:0 overruns:0 frame:0
TX packets:2508 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1066410 (1.0 MiB) TX bytes:376001 (367.1 KiB)
Interrupt:5
eth1 Link encap:Ethernet HWaddr 00:12:17:CF:80:61
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:729 errors:0 dropped:0 overruns:0 frame:114693
TX packets:697 errors:2 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:107869 (105.3 KiB) TX bytes:473134 (462.0 KiB)
Interrupt:4 Base address:0x1000
etherip0 Link encap:Ethernet HWaddr 1E:13:B7:09:CC:8C
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1
RX packets:18 errors:0 dropped:0 overruns:0 frame:0
TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1210 (1.1 KiB) TX bytes:1210 (1.1 KiB)
teql0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.182.1 P-t-P:192.168.182.1 Mask:255.255.255.0
UP POINTOPOINT RUNNING MTU:1500 Metric:1
RX packets:662 errors:0 dropped:0 overruns:0 frame:0
TX packets:587 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:92167 (90.0 KiB) TX bytes:427657 (417.6 KiB)
vlan0 Link encap:Ethernet HWaddr 00:12:17:CF:80:5F
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2371 errors:0 dropped:0 overruns:0 frame:0
TX packets:1864 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:269558 (263.2 KiB) TX bytes:262680 (256.5 KiB)
vlan1 Link encap:Ethernet HWaddr 00:12:17:CF:80:60
inet addr:10.3.2.47 Bcast:10.255.255.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2675 errors:0 dropped:0 overruns:0 frame:0
TX packets:645 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:705429 (688.8 KiB) TX bytes:102197 (99.8 KiB)
The routing table:
root@DD-WRT:~# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.182.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
10.3.2.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan1
192.168.8.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 10.3.2.1 0.0.0.0 UG 0 0 0 vlan1
Highly appreciate your help.
TIA, Arun
© Server Fault or respective owner