iptables on DLink DSL-502T Modem/Router
rob0 at gmx.co.uk
Tue Nov 8 23:28:52 CET 2005
On Tuesday 2005-November-08 15:57, Paul Goodyear wrote:
> Thanks for that, I used the -I chain <ruleid> successfully. And added
> the rule 2 down, but the router still does not let me in. Could it be
Being an embedded device means this won't be as easy to debug. On a
regular system I would suggest using a -j LOG rule before your ACCEPT
rule to see what's happening. It might work on this, hard to say.
You can also use -v with the -L option to list rules. See if anything
matched your rule. If not, your rule is wrong, or in the wrong place.
Don't use Microsoft tools for debugging. Try to telnet(1) to your RDP
port from outside. Does telnet connect? Check /proc/net/ip_conntrack.
Is your connection listed?
> possible that the iptables rule is in place, but the manufactures
> (DLink) have done something to stop this working?
I don't know what it would be. But on further thought I realised that
some ISP's block RDP. Comcast does, both RDP and PPTP, likely to
"encourage" residential users to upgrade to "business" service (the
same hit-or-miss service for more money.)
Use nmap(8) to scan your router from outside. Is RDP open? Insert an
INPUT and FORWARD rule to ACCEPT everything from the IP address where
you are doing the scan. If anything shows as "filtered" it means either
your ISP is blocking it or you're DNAT'ing to a closed host:port.
> I have a Safecom router also, with the same embeded linux version and
> this supports ip filtering and the iptables commands.
And you tested with that, and you found ... ?
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
More information about the netfilter