Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Linux, Unix › DD-WRT Help - IPtables specifically
New Posts  All Forums:Forum Nav:

DD-WRT Help - IPtables specifically

post #1 of 10
Thread Starter 
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=148759

I have been having issues getting Optware's Asiablock to work correctly.

Current build:
Code:
DD-WRT v24-sp2 mega (c) 2011 NewMedia-NET GmbH
Release: 12/20/11 (SVN revision: 18024)
Enhanced with OTRW

Router Model Linksys WRT350N


The IPTables has the asiablock service loading the IP Addresses correctly:
Code:
root@operator:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTAB                                                                                                                                                             LISHED
nologdrop  0    --  anywhere             anywhere
syn_flood  tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,R                                                                                                                                                             ST,ACK/SYN
invalid    0    --  anywhere             anywhere            state INVALID
ACCEPT     0    --  anywhere             anywhere
DROP       udp  --  anywhere             anywhere            udp dpt:route
ACCEPT     0    --  anywhere             anywhere
DROP       udp  --  anywhere             anywhere            udp dpt:route
ACCEPT     udp  --  anywhere             anywhere            udp dpt:route
logdrop    icmp --  anywhere             anywhere
logdrop    igmp --  anywhere             anywhere
ACCEPT     udp  --  anywhere             anywhere            udp dpt:5060
DROP       udp  --  anywhere             239.255.255.0/24    udp dpt:upnp
logdrop    0    --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/S                                                                                                                                                             YN TCPMSS clamp to PMTU
lan2wan    0    --  anywhere             anywhere
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTAB                                                                                                                                                             LISHED
nologdrop  0    --  anywhere             anywhere
syn_flood  tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,R                                                                                                                                                             ST,ACK/SYN
invalid    0    --  anywhere             anywhere            state INVALID
ACCEPT     0    --  anywhere             anywhere
ACCEPT     0    --  anywhere             anywhere
ACCEPT     gre  --  10.10.10.0/24        anywhere
asia       tcp  --  anywhere             anywhere            tcp dpts:ftp-data:1                                                                                                                                                             024
asia       tcp  --  anywhere             anywhere            tcp dpts:5800:5910
asia       tcp  --  anywhere             anywhere            tcp dpt:5800
asia       tcp  --  anywhere             anywhere            tcp dpt:https
asia       tcp  --  anywhere             anywhere            tcp dpt:ftp
asia       tcp  --  anywhere             anywhere            tcp dpt:www
ACCEPT     tcp  --  10.10.10.0/24        anywhere            tcp dpt:1723
logreject  tcp  --  anywhere             anywhere            tcp WEBSTR match co                                                                                                                                                             ntent 15
logaccept  tcp  --  anywhere             10.10.10.252        tcp dpt:5900
logaccept  udp  --  anywhere             10.10.10.252        udp dpt:5900
logaccept  tcp  --  anywhere             10.10.10.223        tcp dpt:37777
logaccept  udp  --  anywhere             10.10.10.223        udp dpt:37777
logaccept  tcp  --  anywhere             10.10.10.223        tcp dpt:58846
logaccept  udp  --  anywhere             10.10.10.223        udp dpt:58846
logaccept  tcp  --  anywhere             Ubuntu              tcp dpt:https
logaccept  udp  --  anywhere             Ubuntu              udp dpt:https
logaccept  tcp  --  anywhere             10.10.10.254        tcp dpt:https
logaccept  udp  --  anywhere             10.10.10.254        udp dpt:https
logaccept  tcp  --  anywhere             10.10.10.254        tcp dpt:www
logaccept  udp  --  anywhere             10.10.10.254        udp dpt:www
logaccept  0    --  anywhere             Airave
logaccept  0    --  anywhere             anywhere            state NEW
logdrop    0    --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain DROPasia (14291 references)
target     prot opt source               destination
LOG        0    --  anywhere             anywhere            LOG level warning t                                                                                                                                                             cp-options ip-options prefix `[asia DROP] : '
DROP       0    --  anywhere             anywhere

Chain DROPbirma (5 references)
target     prot opt source               destination
LOG        0    --  anywhere             anywhere            LOG level warning t                                                                                                                                                             cp-options ip-options prefix `[birma DROP] : '
DROP       0    --  anywhere             anywhere

Chain SPAMasia (1 references)
target     prot opt source               destination
DROPasia   0    --  112.0.0.0/5          anywhere

root@operator:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED
nologdrop  0    --  anywhere             anywhere
syn_flood  tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/SYN
invalid    0    --  anywhere             anywhere            state INVALID
ACCEPT     0    --  anywhere             anywhere
DROP       udp  --  anywhere             anywhere            udp dpt:route
ACCEPT     0    --  anywhere             anywhere
DROP       udp  --  anywhere             anywhere            udp dpt:route
ACCEPT     udp  --  anywhere             anywhere            udp dpt:route
logdrop    icmp --  anywhere             anywhere
logdrop    igmp --  anywhere             anywhere
ACCEPT     udp  --  anywhere             anywhere            udp dpt:5060
DROP       udp  --  anywhere             239.255.255.0/24    udp dpt:upnp
logdrop    0    --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
lan2wan    0    --  anywhere             anywhere
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED
nologdrop  0    --  anywhere             anywhere
syn_flood  tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/SYN
invalid    0    --  anywhere             anywhere            state INVALID
ACCEPT     0    --  anywhere             anywhere
ACCEPT     0    --  anywhere             anywhere
ACCEPT     gre  --  10.10.10.0/24        anywhere
asia       tcp  --  anywhere             anywhere            tcp dpts:ftp-data:1024
asia       tcp  --  anywhere             anywhere            tcp dpts:5800:5910
asia       tcp  --  anywhere             anywhere            tcp dpt:5800
asia       tcp  --  anywhere             anywhere            tcp dpt:https
asia       tcp  --  anywhere             anywhere            tcp dpt:ftp
asia       tcp  --  anywhere             anywhere            tcp dpt:www
ACCEPT     tcp  --  10.10.10.0/24        anywhere            tcp dpt:1723
logreject  tcp  --  anywhere             anywhere            tcp WEBSTR match content 15
logaccept  tcp  --  anywhere             10.10.10.252        tcp dpt:5900
logaccept  udp  --  anywhere             10.10.10.252        udp dpt:5900
logaccept  tcp  --  anywhere             10.10.10.223        tcp dpt:37777
logaccept  udp  --  anywhere             10.10.10.223        udp dpt:37777
logaccept  tcp  --  anywhere             10.10.10.223        tcp dpt:58846
logaccept  udp  --  anywhere             10.10.10.223        udp dpt:58846
logaccept  tcp  --  anywhere             Ubuntu              tcp dpt:https
logaccept  udp  --  anywhere             Ubuntu              udp dpt:https
logaccept  tcp  --  anywhere             10.10.10.254        tcp dpt:https
logaccept  udp  --  anywhere             10.10.10.254        udp dpt:https
logaccept  tcp  --  anywhere             10.10.10.254        tcp dpt:www
logaccept  udp  --  anywhere             10.10.10.254        udp dpt:www
logaccept  0    --  anywhere             Airave
logaccept  0    --  anywhere             anywhere            state NEW
logdrop    0    --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain DROPasia (14291 references)
target     prot opt source               destination
LOG        0    --  anywhere             anywhere            LOG level warning tcp-options ip-options prefix `[asia DROP] : '
DROP       0    --  anywhere             anywhere

Chain DROPbirma (5 references)
target     prot opt source               destination
LOG        0    --  anywhere             anywhere            LOG level warning tcp-options ip-options prefix `[birma DROP] : '
DROP       0    --  anywhere             anywhere

Chain SPAMasia (1 references)
target     prot opt source               destination
DROPasia   0    --  112.0.0.0/5          anywhere
DROPasia   0    --  120.0.0.0/6          anywhere
DROPasia   0    --  110.0.0.0/7          anywhere
DROPasia   0    --  124.0.0.0/7          anywhere
DROPasia   0    --  202.0.0.0/7          anywhere
DROPasia   0    --  210.0.0.0/7          anywhere
DROPasia   0    --  218.0.0.0/7          anywhere
DROPasia   0    --  softbank220000000000.bbtec.net/7  anywhere
DROPasia   0    --  42.0.0.0/7           anywhere
DROPasia   0    --  ppp-net.infoweb.ne.jp/7  anywhere
DROPasia   0    --  60.0.0.0/7           anywhere
DROPasia   0    --  1.0.0.0/8            anywhere
DROPasia   0    --  101.0.0.0/8          anywhere
DROPasia   0    --  softbank126000000000.bbtec.net/8  anywhere
DROPasia   0    --  133.0.0.0/8          anywhere
DROPasia   0    --  180.0.0.0/8          anywhere
DROPasia   0    --  222.0.0.0/8          anywhere
DROPasia   0    --  25.0.0.0/8           anywhere
DROPasia   0    --  39.0.0.0/8           anywhere
DROPasia   0    --  47.0.0.0/8           anywhere
DROPasia   0    --  53.0.0.0/8           anywhere
DROPasia   0    --  57.0.0.0/8           anywhere
DROPasia   0    --  106.128.0.0/9        anywhere
DROPasia   0    --  153.128.0.0/9        anywhere
DROPasia   0    --  177.0.0.0/9          anywhere
DROPasia   0    --  182.128.0.0/9        anywhere
DROPasia   0    --  183.128.0.0/9        anywhere
DROPasia   0    --  187.0.0.0/9          anywhere
DROPasia   0    --  ip-189-0-0-0.user.vivozap.com.br/9  anywhere
DROPasia   0    --  002128000000.mbb.telenor.dk/9  anywhere
DROPasia   0    --  200.128.0.0/9        anywhere
DROPasia   0    --  201-0-0-0.dsl.telesp.net.br/9  anywhere
DROPasia   0    --  223.0.0.0/9          anywhere
DROPasia   0    --  27.128.0.0/9         anywhere
DROPasia   0    --  49.0.0.0/9           anywhere
DROPasia   0    --  host86-128-0-0.range86-128.btcentralplus.com/9  anywhere
DROPasia   0    --  AClermont-Ferrand-651-1-49-net.w90-0.abo.wanadoo.fr/9  anywhere
DROPasia   0    --  106.64.0.0/10        anywhere
DROPasia   0    --  0.0-128-109.adsl-dyn.isp.belgacom.be/10  anywhere
DROPasia   0    --  14.128.0.0/10        anywhere
DROPasia   0    --  150.0.0.0/10         anywhere
DROPasia   0    --  175.192.0.0/10       anywhere
DROPasia   0    --  176.128.0.0/10       anywhere
DROPasia   0    --  182.64.0.0/10        anywhere
DROPasia   0    --  183.0.0.0/10         anywhere
DROPasia   0    --  186.192.0.0/10       anywhere
DROPasia   0    --  189.128.0.0/10       anywhere
DROPasia   0    --  197.0.0.0/10         anywhere
DROPasia   0    --  2.64.0.0.mobile.tre.se/10  anywhere
DROPasia   0    --  223.192.0.0/10       anywhere
DROPasia   0    --  31.64.0.0/10         anywhere
DROPasia   0    --  36.128.0.0/10        anywhere
DROPasia   0    --  36.64.0.0/10         anywhere
DROPasia   0    --  pa49-192-0-0.pa.vic.optusnet.com.au/10  anywhere
DROPasia   0    --  77.128.0.0/10        anywhere

root@operator:~#

And having the following firewall rule:
Code:
wanf=`nvram get wan_iface`
iptables -I FORWARD 2 -i $wanf -p tcp --dport 20:1024 -j asia
iptables -I FORWARD 3 -i $wanf -p tcp --dport 5800:5910 -j asia
iptables -I FORWARD 4 -i $wanf -p tcp --dport 5800 -j asia
iptables -I FORWARD 5 -i $wanf -p tcp --dport 443 -j asia
iptables -I FORWARD 6 -i $wanf -p tcp --dport 21 -j asia
iptables -I FORWARD 7 -i $wanf -p tcp --dport 80 -j asia

I still get this:
http://i.imgur.com/IgUxo.png

Or VNC Still is able to be connectable on port 5900 from a "blocked" source.
Gaming
(23 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X6 1090T Crosshair IV Formula GTX 560 GTX 580 
RAMRAMRAMRAM
G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI  G. Skill F3-12800CL6D-4GBPI 
Hard DriveHard DriveHard DriveOptical Drive
Seagate Hard Drive Seagate Hard Drive Crucial M4 SSD Sony Optiarc 
CoolingOSMonitorMonitor
Corsair H70 Windows 7 Professional x64 ASUS VH242H 23" Monitor ASUS VH242H 23" Monitor 
MonitorKeyboardPowerCase
Samsung SyncMaster 906BW 19" Monitor Logitech G15 Corsair 1K PSU Lian-Li 70A 
MouseMouse PadAudio
Logitech Performance MX Razer Vespula HT Omega Pro+ 
  hide details  
Reply
Gaming
(23 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X6 1090T Crosshair IV Formula GTX 560 GTX 580 
RAMRAMRAMRAM
G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI  G. Skill F3-12800CL6D-4GBPI 
Hard DriveHard DriveHard DriveOptical Drive
Seagate Hard Drive Seagate Hard Drive Crucial M4 SSD Sony Optiarc 
CoolingOSMonitorMonitor
Corsair H70 Windows 7 Professional x64 ASUS VH242H 23" Monitor ASUS VH242H 23" Monitor 
MonitorKeyboardPowerCase
Samsung SyncMaster 906BW 19" Monitor Logitech G15 Corsair 1K PSU Lian-Li 70A 
MouseMouse PadAudio
Logitech Performance MX Razer Vespula HT Omega Pro+ 
  hide details  
Reply
post #2 of 10
The connection is untrusted means the certificate. The browser is not trusting the certificate.
SR71
(17 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II X4 960T GA-880GM-USB3 AMD Radeon HD 7750 2GB DDR3 Series Hyundai Electronics  
RAMRAMHard DriveOptical Drive
Hyundai Electronics  Hyundai Electronics  WD 360 GB / 160 GB Sony 
CoolingOSMonitorKeyboard
Cooler Master Hyper TX3 (Push & Pull) Win 7 64 bit / Suse 12.1 64 Acer 20 " Led Wide Logitech 
PowerCaseMouseMouse Pad
VIP Gold 500w Cooler Master Elite 370 Logitech My Underwear 
Audio
Altec Lansing AVS300 / Altec Lansing BXR1121 
  hide details  
Reply
SR71
(17 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II X4 960T GA-880GM-USB3 AMD Radeon HD 7750 2GB DDR3 Series Hyundai Electronics  
RAMRAMHard DriveOptical Drive
Hyundai Electronics  Hyundai Electronics  WD 360 GB / 160 GB Sony 
CoolingOSMonitorKeyboard
Cooler Master Hyper TX3 (Push & Pull) Win 7 64 bit / Suse 12.1 64 Acer 20 " Led Wide Logitech 
PowerCaseMouseMouse Pad
VIP Gold 500w Cooler Master Elite 370 Logitech My Underwear 
Audio
Altec Lansing AVS300 / Altec Lansing BXR1121 
  hide details  
Reply
post #3 of 10
Thread Starter 
The browser isn't supposed to be able to connect to the webserver, as the IP Range is supposed to be blocked by "asiablock".


I understand what is being displayed in the browser, however, the browser isn't the issue, but the connection that is being made.
Gaming
(23 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X6 1090T Crosshair IV Formula GTX 560 GTX 580 
RAMRAMRAMRAM
G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI  G. Skill F3-12800CL6D-4GBPI 
Hard DriveHard DriveHard DriveOptical Drive
Seagate Hard Drive Seagate Hard Drive Crucial M4 SSD Sony Optiarc 
CoolingOSMonitorMonitor
Corsair H70 Windows 7 Professional x64 ASUS VH242H 23" Monitor ASUS VH242H 23" Monitor 
MonitorKeyboardPowerCase
Samsung SyncMaster 906BW 19" Monitor Logitech G15 Corsair 1K PSU Lian-Li 70A 
MouseMouse PadAudio
Logitech Performance MX Razer Vespula HT Omega Pro+ 
  hide details  
Reply
Gaming
(23 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X6 1090T Crosshair IV Formula GTX 560 GTX 580 
RAMRAMRAMRAM
G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI  G. Skill F3-12800CL6D-4GBPI 
Hard DriveHard DriveHard DriveOptical Drive
Seagate Hard Drive Seagate Hard Drive Crucial M4 SSD Sony Optiarc 
CoolingOSMonitorMonitor
Corsair H70 Windows 7 Professional x64 ASUS VH242H 23" Monitor ASUS VH242H 23" Monitor 
MonitorKeyboardPowerCase
Samsung SyncMaster 906BW 19" Monitor Logitech G15 Corsair 1K PSU Lian-Li 70A 
MouseMouse PadAudio
Logitech Performance MX Razer Vespula HT Omega Pro+ 
  hide details  
Reply
post #4 of 10
Honestly I do not understand what you are trying to explain, Well I have worked on IPsec VPN but that was a few years back, when you connect to a VPN you are natted to an internal IP or one assigned by the vpn server . You may need to setup NAT for VPN,

IIRC "iptables -t or something would show you NAT.
Edited by ironmaiden - 1/5/12 at 8:05am
SR71
(17 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II X4 960T GA-880GM-USB3 AMD Radeon HD 7750 2GB DDR3 Series Hyundai Electronics  
RAMRAMHard DriveOptical Drive
Hyundai Electronics  Hyundai Electronics  WD 360 GB / 160 GB Sony 
CoolingOSMonitorKeyboard
Cooler Master Hyper TX3 (Push & Pull) Win 7 64 bit / Suse 12.1 64 Acer 20 " Led Wide Logitech 
PowerCaseMouseMouse Pad
VIP Gold 500w Cooler Master Elite 370 Logitech My Underwear 
Audio
Altec Lansing AVS300 / Altec Lansing BXR1121 
  hide details  
Reply
SR71
(17 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II X4 960T GA-880GM-USB3 AMD Radeon HD 7750 2GB DDR3 Series Hyundai Electronics  
RAMRAMHard DriveOptical Drive
Hyundai Electronics  Hyundai Electronics  WD 360 GB / 160 GB Sony 
CoolingOSMonitorKeyboard
Cooler Master Hyper TX3 (Push & Pull) Win 7 64 bit / Suse 12.1 64 Acer 20 " Led Wide Logitech 
PowerCaseMouseMouse Pad
VIP Gold 500w Cooler Master Elite 370 Logitech My Underwear 
Audio
Altec Lansing AVS300 / Altec Lansing BXR1121 
  hide details  
Reply
post #5 of 10
Thread Starter 
I have a router that is running DD-WRT. I have a webserver behind that that runs on ports 80 and 443 (HTTP and HTTPS).

I have a secondary package that is an add on for DD-WRT called Optware, which adds several key features to DD-WRT. One of these services is asiablock.

Directly from the site:
AsiaBlock - A custom iptables firewall that is configurable to block certain countries from accessing your Webserver, FTP or just general Web surfing.
Worldblock - Very similar to Asiablock, other than the fact that it is for blocking everything except your country. To properly use this service, you must know how to use Vi editor to add your country.

My asiablock service is downloading the IP Addresses, and configuring them correctly and adding them as a rule, however, the rules are not being followed and nothing is being blocked.

Where as the page says that the certificate is untrusted because I self signed it, that shouldn't show at all and the service should just time out.

What I need help with is either figuring out why it isn't working, and come up with a solution to get it to work.

This used to work before an upgrade to all routers and services, and I can't downgrade back down to an older version of optware.
Gaming
(23 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X6 1090T Crosshair IV Formula GTX 560 GTX 580 
RAMRAMRAMRAM
G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI  G. Skill F3-12800CL6D-4GBPI 
Hard DriveHard DriveHard DriveOptical Drive
Seagate Hard Drive Seagate Hard Drive Crucial M4 SSD Sony Optiarc 
CoolingOSMonitorMonitor
Corsair H70 Windows 7 Professional x64 ASUS VH242H 23" Monitor ASUS VH242H 23" Monitor 
MonitorKeyboardPowerCase
Samsung SyncMaster 906BW 19" Monitor Logitech G15 Corsair 1K PSU Lian-Li 70A 
MouseMouse PadAudio
Logitech Performance MX Razer Vespula HT Omega Pro+ 
  hide details  
Reply
Gaming
(23 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X6 1090T Crosshair IV Formula GTX 560 GTX 580 
RAMRAMRAMRAM
G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI  G. Skill F3-12800CL6D-4GBPI 
Hard DriveHard DriveHard DriveOptical Drive
Seagate Hard Drive Seagate Hard Drive Crucial M4 SSD Sony Optiarc 
CoolingOSMonitorMonitor
Corsair H70 Windows 7 Professional x64 ASUS VH242H 23" Monitor ASUS VH242H 23" Monitor 
MonitorKeyboardPowerCase
Samsung SyncMaster 906BW 19" Monitor Logitech G15 Corsair 1K PSU Lian-Li 70A 
MouseMouse PadAudio
Logitech Performance MX Razer Vespula HT Omega Pro+ 
  hide details  
Reply
post #6 of 10
Could you post AsiaBlock ruleset
SR71
(17 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II X4 960T GA-880GM-USB3 AMD Radeon HD 7750 2GB DDR3 Series Hyundai Electronics  
RAMRAMHard DriveOptical Drive
Hyundai Electronics  Hyundai Electronics  WD 360 GB / 160 GB Sony 
CoolingOSMonitorKeyboard
Cooler Master Hyper TX3 (Push & Pull) Win 7 64 bit / Suse 12.1 64 Acer 20 " Led Wide Logitech 
PowerCaseMouseMouse Pad
VIP Gold 500w Cooler Master Elite 370 Logitech My Underwear 
Audio
Altec Lansing AVS300 / Altec Lansing BXR1121 
  hide details  
Reply
SR71
(17 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II X4 960T GA-880GM-USB3 AMD Radeon HD 7750 2GB DDR3 Series Hyundai Electronics  
RAMRAMHard DriveOptical Drive
Hyundai Electronics  Hyundai Electronics  WD 360 GB / 160 GB Sony 
CoolingOSMonitorKeyboard
Cooler Master Hyper TX3 (Push & Pull) Win 7 64 bit / Suse 12.1 64 Acer 20 " Led Wide Logitech 
PowerCaseMouseMouse Pad
VIP Gold 500w Cooler Master Elite 370 Logitech My Underwear 
Audio
Altec Lansing AVS300 / Altec Lansing BXR1121 
  hide details  
Reply
post #7 of 10
Thread Starter 
This is the entire iptables structure as well as the status on the asiablock service:
http://pastebin.com/raw.php?i=niTbvAu5
Gaming
(23 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X6 1090T Crosshair IV Formula GTX 560 GTX 580 
RAMRAMRAMRAM
G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI  G. Skill F3-12800CL6D-4GBPI 
Hard DriveHard DriveHard DriveOptical Drive
Seagate Hard Drive Seagate Hard Drive Crucial M4 SSD Sony Optiarc 
CoolingOSMonitorMonitor
Corsair H70 Windows 7 Professional x64 ASUS VH242H 23" Monitor ASUS VH242H 23" Monitor 
MonitorKeyboardPowerCase
Samsung SyncMaster 906BW 19" Monitor Logitech G15 Corsair 1K PSU Lian-Li 70A 
MouseMouse PadAudio
Logitech Performance MX Razer Vespula HT Omega Pro+ 
  hide details  
Reply
Gaming
(23 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X6 1090T Crosshair IV Formula GTX 560 GTX 580 
RAMRAMRAMRAM
G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI  G. Skill F3-12800CL6D-4GBPI 
Hard DriveHard DriveHard DriveOptical Drive
Seagate Hard Drive Seagate Hard Drive Crucial M4 SSD Sony Optiarc 
CoolingOSMonitorMonitor
Corsair H70 Windows 7 Professional x64 ASUS VH242H 23" Monitor ASUS VH242H 23" Monitor 
MonitorKeyboardPowerCase
Samsung SyncMaster 906BW 19" Monitor Logitech G15 Corsair 1K PSU Lian-Li 70A 
MouseMouse PadAudio
Logitech Performance MX Razer Vespula HT Omega Pro+ 
  hide details  
Reply
post #8 of 10
Have not gone through your ruleset yet, ah hope I remember Iptables as its been very long .

I saw your asiablock rules. your destination is 0/0 which is the internet, you are blocking IPs going to the internet.
SR71
(17 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II X4 960T GA-880GM-USB3 AMD Radeon HD 7750 2GB DDR3 Series Hyundai Electronics  
RAMRAMHard DriveOptical Drive
Hyundai Electronics  Hyundai Electronics  WD 360 GB / 160 GB Sony 
CoolingOSMonitorKeyboard
Cooler Master Hyper TX3 (Push & Pull) Win 7 64 bit / Suse 12.1 64 Acer 20 " Led Wide Logitech 
PowerCaseMouseMouse Pad
VIP Gold 500w Cooler Master Elite 370 Logitech My Underwear 
Audio
Altec Lansing AVS300 / Altec Lansing BXR1121 
  hide details  
Reply
SR71
(17 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II X4 960T GA-880GM-USB3 AMD Radeon HD 7750 2GB DDR3 Series Hyundai Electronics  
RAMRAMHard DriveOptical Drive
Hyundai Electronics  Hyundai Electronics  WD 360 GB / 160 GB Sony 
CoolingOSMonitorKeyboard
Cooler Master Hyper TX3 (Push & Pull) Win 7 64 bit / Suse 12.1 64 Acer 20 " Led Wide Logitech 
PowerCaseMouseMouse Pad
VIP Gold 500w Cooler Master Elite 370 Logitech My Underwear 
Audio
Altec Lansing AVS300 / Altec Lansing BXR1121 
  hide details  
Reply
post #9 of 10
i think you've got it backwards. this is how i see the logic:

FORWARD -> asia -> SPAMasia -> DROPasia

right? But in SPAMasia, the IP list is in the "source" column, NOT the "destination" column. It's not designed to block you from going there... it's designed to block others from getting to you. So, the way it is setup, folks from the SPAMasia list won't be able to connect to you... that doesn't affect whether or not you can connect to them. The only way to test is to have someone in the block list try to connect to you or setup a mock-up network and assume a IP in the block list.

If you're trying to block yourself from going to anything on the SPAMasia list, then you need to reverse the IP addresses from the "source" column and put them in the "destination" column. Perhaps there's a configuration option to switch them? (I don't know.. just suggesting to look for one)
TAIPEI
(10 items)
 
AURORA
(13 items)
 
 
MotherboardGraphicsRAMHard Drive
ASRock X99 Extreme11 EVGA GTX 980 Superclocked 32GB 8x4GB Corsair LPX Samsung XP941  
Hard DriveCoolingOSMonitor
Western Digital 3TB RE Noctua NH-D15 Fedora 21 Linux Samsung S27D590C 
PowerCase
Seasonic SS-1200XP Cooler Master Cosmos II 
CPUMotherboardGraphicsRAM
Dual Quad-core L5430 2.66Ghz 12mb cache Intel 5000 chipset ATI ES1000 64GB FBDIMM DDR2 PC2-5300 667Mhz 
Hard DriveOSPower
WD3000FYYZ PERC H700 w/ 512MB cache CentOS 7.2.1511 950W x2 
  hide details  
Reply
TAIPEI
(10 items)
 
AURORA
(13 items)
 
 
MotherboardGraphicsRAMHard Drive
ASRock X99 Extreme11 EVGA GTX 980 Superclocked 32GB 8x4GB Corsair LPX Samsung XP941  
Hard DriveCoolingOSMonitor
Western Digital 3TB RE Noctua NH-D15 Fedora 21 Linux Samsung S27D590C 
PowerCase
Seasonic SS-1200XP Cooler Master Cosmos II 
CPUMotherboardGraphicsRAM
Dual Quad-core L5430 2.66Ghz 12mb cache Intel 5000 chipset ATI ES1000 64GB FBDIMM DDR2 PC2-5300 667Mhz 
Hard DriveOSPower
WD3000FYYZ PERC H700 w/ 512MB cache CentOS 7.2.1511 950W x2 
  hide details  
Reply
post #10 of 10
Quote:
Originally Posted by BLinux View Post

i think you've got it backwards. this is how i see the logic:

FORWARD -> asia -> SPAMasia -> DROPasia

right? But in SPAMasia, the IP list is in the "source" column, NOT the "destination" column. It's not designed to block you from going there... it's designed to block others from getting to you. So, the way it is setup, folks from the SPAMasia list won't be able to connect to you... that doesn't affect whether or not you can connect to them. The only way to test is to have someone in the block list try to connect to you or setup a mock-up network and assume a IP in the block list.

If you're trying to block yourself from going to anything on the SPAMasia list, then you need to reverse the IP addresses from the "source" column and put them in the "destination" column. Perhaps there's a configuration option to switch them? (I don't know.. just suggesting to look for one)

Lol you could be right
SR71
(17 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II X4 960T GA-880GM-USB3 AMD Radeon HD 7750 2GB DDR3 Series Hyundai Electronics  
RAMRAMHard DriveOptical Drive
Hyundai Electronics  Hyundai Electronics  WD 360 GB / 160 GB Sony 
CoolingOSMonitorKeyboard
Cooler Master Hyper TX3 (Push & Pull) Win 7 64 bit / Suse 12.1 64 Acer 20 " Led Wide Logitech 
PowerCaseMouseMouse Pad
VIP Gold 500w Cooler Master Elite 370 Logitech My Underwear 
Audio
Altec Lansing AVS300 / Altec Lansing BXR1121 
  hide details  
Reply
SR71
(17 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II X4 960T GA-880GM-USB3 AMD Radeon HD 7750 2GB DDR3 Series Hyundai Electronics  
RAMRAMHard DriveOptical Drive
Hyundai Electronics  Hyundai Electronics  WD 360 GB / 160 GB Sony 
CoolingOSMonitorKeyboard
Cooler Master Hyper TX3 (Push & Pull) Win 7 64 bit / Suse 12.1 64 Acer 20 " Led Wide Logitech 
PowerCaseMouseMouse Pad
VIP Gold 500w Cooler Master Elite 370 Logitech My Underwear 
Audio
Altec Lansing AVS300 / Altec Lansing BXR1121 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Linux, Unix
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Linux, Unix › DD-WRT Help - IPtables specifically