Dd wrt firewall script
How to block websites and ads using a dd-wrt enabled
As PPPoE is used, the WAN interface is ppp0. It can also be used for PPTP VPN connections. This information is taken from the IPv6 page and is used with permission: “The comprehensive configuration steps are intended for users who have a simple DHCP WAN connection. If you’re using PPPoE, you’ll need to change vlan1 to ppp0 in each case. Other types of connections will differ.”
When you run the above iptables command, you’ll note that it takes a long time to list all of the rules because it uses reverse DNS to translate IP addresses to host names. To see only numerical addresses, use the -n option. ‘0.0.0.0/0’ represents ‘anywhere’ (any IP address), and ‘0’ protocol represents ‘any’ protocol.
Here’s where you can set up port forwarding from the web interface. However, the same thing can be done via command line in a slightly different (but tested and working) way. —u3gyxap: u3gyxap: u3gyxa Use port 443 and the IP address 192.168.1.2 as an example.
To get this to work (v.24), I had to include the “-s 184.108.40.206” option in the “iptables -I FORWARD” command as well – I was still able to reach the internal resource from any IP address when it was just in the PREROUTING command!
Dd-wrt: installing optware
This will put whatever paths you want before the default device path in $PATH and $LD LIBRARY PATH. Change the paths to your heart’s content. Have a legitimate reason for doing so; it should be viewed as a workaround before the function is permanently introduced.
Note: Just do this if you’re getting segmentation faults or your applications aren’t running, and even then, only if you believe this hack is absolutely necessary. Also, if you’re using Optware, the files you’ll need are ld-opt.so.conf and ld-opt.so.cache.
Before attempting this, make sure you understand what you’re doing; if you get a lot of segmentation faults while running commands like ls, cat, cp, and so on, you’ll want to either change the above commands or place them in a script and run them manually when you enter your shell.
Every month, the ttraff daemon will fill up a few hundred bytes of nvram space. This may not seem like a lot, but nvram is only 32KB in size and contains a lot of other detail. For devices with complex configurations or to keep the router secure, disabling ttraff and clearing its old nvram data is often needed. While using the ttraff GUI button to uninstall it still leaves the current month’s variable, this script will remove all of ttraff’s traffic data from nvram.
I found that some scripts download the same files multiple times when working on my PC. The same is true for my Estobuntu boxes, which I want to keep current, and software packages from APT repositories are currently downloaded at least twice. For my LAN, I discovered that I need a caching proxy server. My DD-WRT router with USB harddisk attached was an obvious place to mount it.
That’s all there is to it; you can test it by destroying the squid operation, in which case none of the HTTP requests should succeed, or by downloading a file and then downloading it again. For eg, the first download of the Linux source tarball took 300-400kB/s, and subsequent downloads took 3-4MB/s.
Set up an openvpn server on your dd-wrt router
I thought I had it worked out, but I found I could ping addresses on the 192.168.99.X network when on the guest WiFi. Obviously, this isn’t good because I don’t want tourists to be able to browse or see devices on the Draytek network.
The issue is that you’re using NAT to hide your open network rather than the other way around. The most straightforward approach is to link your private network to the innermost network and your public network to the outermost network. If you can do all of your routing with a single system and only use the Asus as a simple Access Point rather than a router, life would be a lot simpler. (Connect it via LAN rather than WAN, and have Draytek assign a different IP range.)
Thomas has the implementation down to a science. But, in general, routing works by creating a table of the networks that a system is aware of. In this case, the ASUS is aware of the LAN and WAN networks to which it is linked. The default gateway is used by all other networks. Furthermore, many routers have firewalls as standard features. The IPTables firewall is used by the DD-WRT firmware. Firewalls monitor what traffic can flow through them, in which direction it can flow, and where it can go. Most routers’ default firewall rules block all incoming traffic on the WAN while allowing all outgoing traffic on the LAN. As a result, when you try to reach a computer on the draytek LAN subnet, the ASUS has no trouble doing so because A)it is aware of the network and B)the traffic was initiated from the device’s LAN side. This problem can be resolved by creating a firewall rule that blocks all traffic from the LAN to any WAN IP except the draytek’s own IP (because that is the ASUS’s default gateway to the Internet).