I want to configure my firewall on the openwrt router... (I have one of the asus models, but I don't think that is terribly important...) Anyway I would prefer to just put together some iptables scripts, since I'm a bit familiar with that and can look up different rules. The other reason is since I'm totally blind, using a braille display with brltty under linux using the lynx web browser and unfortunately I can't use the gui firewall that easily...
Anyway here is what I want to do. Before I list what I want I have two questions: 1. What script should I place all my iptables calls in? I want them to be restored if the router reboots or if there is a power dropp out... 2. How can I then test these rules all work? Just with an nmap? Ok so this is what I want: - Only allow people from behind my network to send out packets and then recieve packets in a connection started by someone behind the router. Do not allow anyone from the outside world just to send stuff straight in. They should be dropped... Although its ok to recieve packets from the outside world if they are coming from a connection started by one of my users... - Block people from the outside world sshing into my router, only allow one local ip address to ssh in, how can I do this? - Allow pings (I think I have code for that...) - forward port 22 to a certain computer on my network (will I still be able to ssh into the router locally if I do this?) I can probably look all these rules up, I have code that works on my linux box for pings and allowing ssh connections from certain ips, and the other one on forwarding I can probably find, but will forwarding port 22 stop ssh into the router? >From my local machine? I don't want to be able to ssh into the router from outside the network... So the main one I need help with is the one to stop people from sending packets into my router, but allow people to send out from behind the network. Oh and then if the connection was started by my user allow packets to come back from that connection... The rest I should be ok with... Just where should I put iptables rules that will be called when the router is rebooted or when the power dropps out and the router is repowered on? Also when I set up samba how can I be sure people from the out side world can't get to my mount points? I guess if they can't ssh or telnet in they can't really get to them? I think telnet is disabled anyway... Any help would be greatly appreciated. Thanks! -- Daniel Dalton http://members.iinet.net.au/~ddalton/ <[EMAIL PROTECTED]> _______________________________________________ openwrt-users mailing list [email protected] http://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-users
