iptables on DLink DSL-502T Modem/Router

/dev/rob0 rob0 at gmx.co.uk
Tue Nov 8 23:28:52 CET 2005


On Tuesday 2005-November-08 15:57, Paul Goodyear wrote:
> Thanks for that, I used the -I chain <ruleid> successfully. And added
> the rule 2 down, but the router still does not let me in. Could it be

Being an embedded device means this won't be as easy to debug. On a 
regular system I would suggest using a -j LOG rule before your ACCEPT 
rule to see what's happening. It might work on this, hard to say.

You can also use -v with the -L option to list rules. See if anything 
matched your rule. If not, your rule is wrong, or in the wrong place.

Don't use Microsoft tools for debugging. Try to telnet(1) to your RDP 
port from outside. Does telnet connect? Check /proc/net/ip_conntrack. 
Is your connection listed?

> possible that the iptables rule is in place, but the manufactures
> (DLink) have done something to stop this working?

I don't know what it would be. But on further thought I realised that 
some ISP's block RDP. Comcast does, both RDP and PPTP, likely to 
"encourage" residential users to upgrade to "business" service (the 
same hit-or-miss service for more money.)

Use nmap(8) to scan your router from outside. Is RDP open? Insert an 
INPUT and FORWARD rule to ACCEPT everything from the IP address where 
you are doing the scan. If anything shows as "filtered" it means either 
your ISP is blocking it or you're DNAT'ing to a closed host:port.

> I have a Safecom router also, with the same embeded linux version and
> this supports ip filtering and the iptables commands.

And you tested with that, and you found ... ?
-- 
    mail to this address is discarded unless "/dev/rob0"
    or "not-spam" is in Subject: header



More information about the netfilter mailing list