Hum… Seems good so :'( > Can you dump your real current firewall entries ? > > And how do you connect your 3020 to your LAN ? RJ45 with DHCP ? > > Here is the iptables-save output
I have and adsl modem. Connected to Internet. I plugged its lan port, to my new small router wt3020. And i am connecting to the new ssid. Betwrrn adsl and wt3020, there is rj45 and yes dhcp is active at the adsl modem. # Generated by iptables-save v1.4.21 on Sun Dec 28 10:30:12 2014 *nat :PREROUTING ACCEPT [1:345] :INPUT ACCEPT [19:1522] :OUTPUT ACCEPT [201:14140] :POSTROUTING ACCEPT [201:14140] :delegate_postrouting - [0:0] :delegate_prerouting - [0:0] :postrouting_lan_rule - [0:0] :postrouting_rule - [0:0] :postrouting_transtor_rule - [0:0] :postrouting_wan_rule - [0:0] :prerouting_lan_rule - [0:0] :prerouting_rule - [0:0] :prerouting_transtor_rule - [0:0] :prerouting_wan_rule - [0:0] :zone_lan_postrouting - [0:0] :zone_lan_prerouting - [0:0] :zone_transtor_postrouting - [0:0] :zone_transtor_prerouting - [0:0] :zone_wan_postrouting - [0:0] :zone_wan_prerouting - [0:0] -A PREROUTING -j delegate_prerouting -A PREROUTING -i wlan0 -p udp -m udp --dport 53 -j REDIRECT --to-ports 9053 -A PREROUTING -i wlan0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040 -A OUTPUT -d 10.192.0.0/10 -p tcp -j REDIRECT --to-ports 9040 -A POSTROUTING -j delegate_postrouting -A delegate_postrouting -m comment --comment "user chain for postrouting" -j postrouting_rule -A delegate_postrouting -o br-lan -j zone_lan_postrouting -A delegate_postrouting -o eth0.2 -j zone_wan_postrouting -A delegate_prerouting -m comment --comment "user chain for prerouting" -j prerouting_rule -A delegate_prerouting -i br-lan -j zone_lan_prerouting -A delegate_prerouting -i eth0.2 -j zone_wan_prerouting -A zone_lan_postrouting -m comment --comment "user chain for postrouting" -j postrouting_lan_rule -A zone_lan_prerouting -m comment --comment "user chain for prerouting" -j prerouting_lan_rule -A zone_transtor_postrouting -m comment --comment "user chain for postrouting" -j postrouting_transtor_rule -A zone_transtor_prerouting -m comment --comment "user chain for prerouting" -j prerouting_transtor_rule -A zone_wan_postrouting -m comment --comment "user chain for postrouting" -j postrouting_wan_rule -A zone_wan_postrouting -j MASQUERADE -A zone_wan_prerouting -m comment --comment "user chain for prerouting" -j prerouting_wan_rule COMMIT # Completed on Sun Dec 28 10:30:12 2014 # Generated by iptables-save v1.4.21 on Sun Dec 28 10:30:12 2014 *raw :PREROUTING ACCEPT [689:59343] :OUTPUT ACCEPT [556:45097] :delegate_notrack - [0:0] :zone_lan_notrack - [0:0] -A PREROUTING -j delegate_notrack -A delegate_notrack -i br-lan -j zone_lan_notrack -A zone_lan_notrack -j CT --notrack COMMIT # Completed on Sun Dec 28 10:30:12 2014 # Generated by iptables-save v1.4.21 on Sun Dec 28 10:30:12 2014 *mangle :PREROUTING ACCEPT [689:59343] :INPUT ACCEPT [621:51385] :FORWARD ACCEPT [17:1020] :OUTPUT ACCEPT [556:45097] :POSTROUTING ACCEPT [556:45097] :fwmark - [0:0] :mssfix - [0:0] -A PREROUTING -j fwmark -A FORWARD -j mssfix -A mssfix -o eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu COMMIT # Completed on Sun Dec 28 10:30:12 2014 # Generated by iptables-save v1.4.21 on Sun Dec 28 10:30:12 2014 *filter :INPUT ACCEPT [33:2723] :FORWARD DROP [0:0] :OUTPUT ACCEPT [2:702] :delegate_forward - [0:0] :delegate_input - [0:0] :delegate_output - [0:0] :forwarding_lan_rule - [0:0] :forwarding_rule - [0:0] :forwarding_transtor_rule - [0:0] :forwarding_wan_rule - [0:0] :input_lan_rule - [0:0] :input_rule - [0:0] :input_transtor_rule - [0:0] :input_wan_rule - [0:0] :output_lan_rule - [0:0] :output_rule - [0:0] :output_transtor_rule - [0:0] :output_wan_rule - [0:0] :reject - [0:0] :syn_flood - [0:0] :zone_lan_dest_ACCEPT - [0:0] :zone_lan_forward - [0:0] :zone_lan_input - [0:0] :zone_lan_output - [0:0] :zone_lan_src_ACCEPT - [0:0] :zone_transtor_dest_ACCEPT - [0:0] :zone_transtor_dest_REJECT - [0:0] :zone_transtor_forward - [0:0] :zone_transtor_input - [0:0] :zone_transtor_output - [0:0] :zone_transtor_src_REJECT - [0:0] :zone_wan_dest_ACCEPT - [0:0] :zone_wan_dest_REJECT - [0:0] :zone_wan_forward - [0:0] :zone_wan_input - [0:0] :zone_wan_output - [0:0] :zone_wan_src_REJECT - [0:0] -A INPUT -j delegate_input -A FORWARD -j delegate_forward -A OUTPUT -j delegate_output -A delegate_forward -m comment --comment "user chain for forwarding" -j forwarding_rule -A delegate_forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A delegate_forward -i br-lan -j zone_lan_forward -A delegate_forward -i eth0.2 -j zone_wan_forward -A delegate_forward -j reject -A delegate_input -i lo -j ACCEPT -A delegate_input -m comment --comment "user chain for input" -j input_rule -A delegate_input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A delegate_input -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn_flood -A delegate_input -i br-lan -j zone_lan_input -A delegate_input -i eth0.2 -j zone_wan_input -A delegate_output -o lo -j ACCEPT -A delegate_output -m comment --comment "user chain for output" -j output_rule -A delegate_output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A delegate_output -o br-lan -j zone_lan_output -A delegate_output -o eth0.2 -j zone_wan_output -A reject -p tcp -j REJECT --reject-with tcp-reset -A reject -j REJECT --reject-with icmp-port-unreachable -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -j RETURN -A syn_flood -j DROP -A zone_lan_dest_ACCEPT -o br-lan -j ACCEPT -A zone_lan_forward -m comment --comment "user chain for forwarding" -j forwarding_lan_rule -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "Accept port forwards" -j ACCEPT -A zone_lan_forward -j zone_lan_dest_ACCEPT -A zone_lan_input -m comment --comment "user chain for input" -j input_lan_rule -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "Accept port redirections" -j ACCEPT -A zone_lan_input -j zone_lan_src_ACCEPT -A zone_lan_output -m comment --comment "user chain for output" -j output_lan_rule -A zone_lan_output -j zone_lan_dest_ACCEPT -A zone_lan_src_ACCEPT -i br-lan -j ACCEPT -A zone_transtor_forward -m comment --comment "user chain for forwarding" -j forwarding_transtor_rule -A zone_transtor_forward -m conntrack --ctstate DNAT -m comment --comment "Accept port forwards" -j ACCEPT -A zone_transtor_forward -j zone_transtor_dest_REJECT -A zone_transtor_input -m comment --comment "user chain for input" -j input_transtor_rule -A zone_transtor_input -p udp -m udp --dport 67 -m comment --comment Allow-Tor-DHCP -j ACCEPT -A zone_transtor_input -p tcp -m tcp --dport 9040 -m comment --comment Allow-Tor-Transparent -j ACCEPT -A zone_transtor_input -p udp -m udp --dport 9053 -m comment --comment Allow-Tor-DNS -j ACCEPT -A zone_transtor_input -m conntrack --ctstate DNAT -m comment --comment "Accept port redirections" -j ACCEPT -A zone_transtor_input -j zone_transtor_src_REJECT -A zone_transtor_output -m comment --comment "user chain for output" -j output_transtor_rule -A zone_transtor_output -j zone_transtor_dest_ACCEPT -A zone_wan_dest_ACCEPT -o eth0.2 -j ACCEPT -A zone_wan_dest_REJECT -o eth0.2 -j reject -A zone_wan_forward -m comment --comment "user chain for forwarding" -j forwarding_wan_rule -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "Accept port forwards" -j ACCEPT -A zone_wan_forward -j zone_wan_dest_REJECT -A zone_wan_input -m comment --comment "user chain for input" -j input_wan_rule -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment Allow-DHCP-Renew -j ACCEPT -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment Allow-Ping -j ACCEPT -A zone_wan_input -p tcp -m tcp --dport 443 -m comment --comment "@rule[5]" -j ACCEPT -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "Accept port redirections" -j ACCEPT -A zone_wan_input -j zone_wan_src_REJECT -A zone_wan_output -m comment --comment "user chain for output" -j output_wan_rule -A zone_wan_output -j zone_wan_dest_ACCEPT -A zone_wan_src_REJECT -i eth0.2 -j reject COMMIT # Completed on Sun Dec 28 10:30:12 2014 > -- > Aeris > > Protégez votre vie privée, chiffrez vos communications > GPG : EFB74277 ECE4E222 > OTR : 5769616D 2D3DAC72 > https://café-vie-privée.fr/ <https://xn--caf-vie-prive-dhbj.fr/> > > -- > tor-talk mailing list - [email protected] > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > > -- Oğuz Yarımtepe http://about.me/oguzy -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
