iptables on DLink DSL-502T Modem/Router

Paul Goodyear pgudge at gmail.com
Wed Nov 9 01:57:09 CET 2005

On 11/8/05, /dev/rob0 <rob0 at gmx.co.uk> wrote:
> On Tuesday 2005-November-08 15:57, Paul Goodyear wrote:
> > Thanks for that, I used the -I chain <ruleid> successfully. And added
> > the rule 2 down, but the router still does not let me in. Could it be
> Being an embedded device means this won't be as easy to debug. On a
> regular system I would suggest using a -j LOG rule before your ACCEPT
> rule to see what's happening. It might work on this, hard to say.

Just get a unknown target with -j LOG

> You can also use -v with the -L option to list rules. See if anything
> matched your rule. If not, your rule is wrong, or in the wrong place.

Very nice, it says 0 0 for my rule, so thats good indication nothing
is coming in.

> Don't use Microsoft tools for debugging. Try to telnet(1) to your RDP
> port from outside. Does telnet connect? Check /proc/net/ip_conntrack.
> Is your connection listed?

nothing :(

> > possible that the iptables rule is in place, but the manufactures
> > (DLink) have done something to stop this working?
> I don't know what it would be. But on further thought I realised that
> some ISP's block RDP. Comcast does, both RDP and PPTP, likely to
> "encourage" residential users to upgrade to "business" service (the
> same hit-or-miss service for more money.)

My ISP doesn't block anything as yet, and if I open the port to
everyone, the RDP connection is fine.

> Use nmap(8) to scan your router from outside. Is RDP open? Insert an
> INPUT and FORWARD rule to ACCEPT everything from the IP address where
> you are doing the scan. If anything shows as "filtered" it means either
> your ISP is blocking it or you're DNAT'ing to a closed host:port.

VERY nice tool, tried nmap from a remote host and only found my ftp,
imap ports open, no RDP

> > I have a Safecom router also, with the same embeded linux version and
> > this supports ip filtering and the iptables commands.
> And you tested with that, and you found ... ?
> --

The Safecom router allows the ip filtering in the web admin, and after
checking the iptables -L the rule is identical to the one entered on
the dlink DSL-502T.

Thank you so much for all the help, and direction, i really do appreciate it.

More information about the netfilter mailing list