how to use iptables to block the IP of device connected to openwrt router
- by scola
I have two routers(A,B).the A connect to internet with IP:192.168.1.1
The openwrt router B connect the lan of A by bridge with static IP:192.168.1.111.
I am learning to use iptables to control the devices connected to B(wlan) .
I use my phone to connect wifi of B,the phone's IP is IP:192.168.1.100.it can surf the internet normally.
I want to block the phone's IP to make the phone can not connect to internet.
refer to http://bredsaal.dk/some-small-iptables-on-openwrt-tips
iptables -A input_wan -s 192.168.1.100 --jump REJECT
iptables -A forwarding_rule -d 192.168.1.100 --jump REJECT
but it do not work.the phone still connect to internet normally.
and I tried other chain(INPUT,OUTPUT,FORWARD).so many chains confused me.
iptables -I OUTPUT -o br-lan -s 192.168.1.100 -j DROP
and it do not work again.
I'm sure that the iptables have no problem.
root@OpenWrt:/etc# iptables -L|grep Chain
Chain INPUT (policy ACCEPT)
Chain FORWARD (policy DROP)
Chain OUTPUT (policy ACCEPT)
Chain forward (1 references)
Chain forwarding_lan (1 references)
Chain forwarding_rule (1 references)
Chain forwarding_wan (1 references)
Chain input (1 references)
Chain input_lan (1 references)
Chain input_rule (1 references)
Chain input_wan (1 references)
Chain output (1 references)
root@OpenWrt:/etc# ifconfig
br-lan Link encap:Ethernet HWaddr 0C:82:68:97:57:BA
inet addr:192.168.1.111 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::e82:68ff:fe97:57ba/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14976 errors:0 dropped:0 overruns:0 frame:0
TX packets:7656 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2851980 (2.7 MiB) TX bytes:1902785 (1.8 MiB)
eth0 Link encap:Ethernet HWaddr 0C:82:68:97:57:BA
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:58201 errors:0 dropped:11 overruns:0 frame:0
TX packets:45012 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:54591348 (52.0 MiB) TX bytes:5711142 (5.4 MiB)
Interrupt:4
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:312 errors:0 dropped:0 overruns:0 frame:0
TX packets:312 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:39961 (39.0 KiB) TX bytes:39961 (39.0 KiB)
mon.wlan0 Link encap:UNSPEC HWaddr 0C-82-68-97-57-BA-00-48-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4900 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:1223807 (1.1 MiB) TX bytes:0 (0.0 B)
wlan0 Link encap:Ethernet HWaddr 0C:82:68:97:57:BA
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:37346 errors:0 dropped:0 overruns:0 frame:0
TX packets:49662 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:3808021 (3.6 MiB) TX bytes:54486310 (51.9 MiB)
root@OpenWrt:/etc/config# cat network
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'
config 'interface' 'lan'
option 'ifname' 'eth0'
option 'type' 'bridge'
option 'proto' 'static'
option 'ipaddr' '192.168.1.111'
option 'netmask' '255.255.255.0'
option 'gateway' '192.168.1.1'
option dns 192.168.1.1
and how to use iptables to control the network of wlan?
Thanks in advance and sorry for poor English.