iptables on DLink DSL-502T Modem/Router
pgudge at gmail.com
Wed Nov 9 01:57:09 CET 2005
On 11/8/05, /dev/rob0 <rob0 at gmx.co.uk> wrote:
> On Tuesday 2005-November-08 15:57, Paul Goodyear wrote:
> > Thanks for that, I used the -I chain <ruleid> successfully. And added
> > the rule 2 down, but the router still does not let me in. Could it be
> Being an embedded device means this won't be as easy to debug. On a
> regular system I would suggest using a -j LOG rule before your ACCEPT
> rule to see what's happening. It might work on this, hard to say.
Just get a unknown target with -j LOG
> You can also use -v with the -L option to list rules. See if anything
> matched your rule. If not, your rule is wrong, or in the wrong place.
Very nice, it says 0 0 for my rule, so thats good indication nothing
is coming in.
> Don't use Microsoft tools for debugging. Try to telnet(1) to your RDP
> port from outside. Does telnet connect? Check /proc/net/ip_conntrack.
> Is your connection listed?
> > possible that the iptables rule is in place, but the manufactures
> > (DLink) have done something to stop this working?
> I don't know what it would be. But on further thought I realised that
> some ISP's block RDP. Comcast does, both RDP and PPTP, likely to
> "encourage" residential users to upgrade to "business" service (the
> same hit-or-miss service for more money.)
My ISP doesn't block anything as yet, and if I open the port to
everyone, the RDP connection is fine.
> Use nmap(8) to scan your router from outside. Is RDP open? Insert an
> INPUT and FORWARD rule to ACCEPT everything from the IP address where
> you are doing the scan. If anything shows as "filtered" it means either
> your ISP is blocking it or you're DNAT'ing to a closed host:port.
VERY nice tool, tried nmap from a remote host and only found my ftp,
imap ports open, no RDP
> > I have a Safecom router also, with the same embeded linux version and
> > this supports ip filtering and the iptables commands.
> And you tested with that, and you found ... ?
The Safecom router allows the ip filtering in the web admin, and after
checking the iptables -L the rule is identical to the one entered on
the dlink DSL-502T.
Thank you so much for all the help, and direction, i really do appreciate it.
More information about the netfilter