Ping a Specific Port

Question

NitroxDM

Asked: 2011-04-21 05:00:36 +0800 CST2011-04-21 05:00:36 +0800 CST 2011-04-21 05:00:36 +0800 CST

Forward port ip on seprate vlan dd-wrt

772

I set up multiple isolated vlans in dd-wrt. Now I need to forward a port to an IP on vlan2.

The goal here is to allow someone to use a computer on vlan2 without having access to the rest of my network.

I isolated the vlans using:

iptables -I FORWARD -i br0 -o vlan2 -j DROP
iptables -I FORWARD -i br0 -o vlan3 -j DROP
iptables -I FORWARD -i br0 -o vlan4 -j DROP

Any ideas?

iptables:

 Chain INPUT (policy ACCEPT)     
 target     prot opt source               destination     
 ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED     
 DROP       udp  --  anywhere             anywhere            udp dpt:route     
 DROP       udp  --  anywhere             anywhere            udp dpt:route     
 ACCEPT     udp  --  anywhere             anywhere            udp dpt:route     
 logaccept  tcp  --  anywhere             DD-WRT              tcp dpt:www        
 DROP       icmp --  anywhere             anywhere     
 DROP       igmp --  anywhere             anywhere     
 ACCEPT     0    --  anywhere             anywhere            state NEW     
 logaccept  0    --  anywhere             anywhere            state NEW     
 ACCEPT     0    --  anywhere             anywhere     
 ACCEPT     0    --  anywhere             anywhere     
 ACCEPT     0    --  anywhere             anywhere     
 DROP       0    --  anywhere             anywhere     

 Chain FORWARD (policy ACCEPT)     
 target     prot opt source               destination     
 DROP       0    --  anywhere             anywhere     
 DROP       0    --  anywhere             anywhere     
 DROP       0    --  anywhere             anywhere     
 ACCEPT     gre  --  192.168.1.0/24       anywhere     
 ACCEPT     tcp  --  192.168.1.0/24       anywhere            tcp dpt:1723     
 ACCEPT     0    --  anywhere             anywhere     
 ACCEPT     0    --  anywhere             anywhere     
 ACCEPT     0    --  anywhere             anywhere     
 ACCEPT     0    --  anywhere             anywhere     
 logdrop    0    --  anywhere             anywhere            state INVALID     
 TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN tcpmss match 1461:65535 TCPMSS set 1460     
 lan2wan    0    --  anywhere             anywhere     
 ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED     
 ACCEPT     tcp  --  anywhere             192.168.1.98        tcp dpt:www     
 ACCEPT     tcp  --  anywhere             192.168.1.111       tcp dpt:www         
 TRIGGER    0    --  anywhere             anywhere            TRIGGER type:in match:0 relate:0     
 trigger_out  0    --  anywhere             anywhere     
 ACCEPT     0    --  anywhere             anywhere            state NEW     
 DROP       0    --  anywhere             anywhere     

 Chain OUTPUT (policy ACCEPT)     
 target     prot opt source               destination     

 Chain advgrp_1 (0 references)     
 target     prot opt source               destination     

 Chain advgrp_10 (0 references)     
 target     prot opt source               destination     

 Chain advgrp_2 (0 references)     
 target     prot opt source               destination     

 Chain advgrp_3 (0 references)     
 target     prot opt source               destination     

 Chain advgrp_4 (0 references)     
 target     prot opt source               destination     

 Chain advgrp_5 (0 references)     
 target     prot opt source               destination     

 Chain advgrp_6 (0 references)     
 target     prot opt source               destination     

 Chain advgrp_7 (0 references)     
 target     prot opt source               destination     

 Chain advgrp_8 (0 references)     
 target     prot opt source               destination     

 Chain advgrp_9 (0 references)     
 target     prot opt source               destination     

 Chain grp_1 (1 references)     
 target     prot opt source               destination     

 Chain grp_10 (0 references)     
 target     prot opt source               destination     

 Chain grp_2 (0 references)     
 target     prot opt source               destination     

 Chain grp_3 (0 references)     
 target     prot opt source               destination     

 Chain grp_4 (0 references)     
 target     prot opt source               destination     

 Chain grp_5 (0 references)     
 target     prot opt source               destination     

 Chain grp_6 (0 references)     
 target     prot opt source               destination     

 Chain grp_7 (0 references)     
 target     prot opt source               destination     

 Chain grp_8 (0 references)     
 target     prot opt source               destination     

 Chain grp_9 (0 references)     
 target     prot opt source               destination     

 Chain lan2wan (1 references)     
 target     prot opt source               destination     
 grp_1      0    --  anywhere             anywhere     

 Chain logaccept (3 references)     
 target     prot opt source               destination     
 ACCEPT     0    --  anywhere             anywhere     

 Chain logdrop (1 references)     
 target     prot opt source               destination     
 DROP       0    --  anywhere             anywhere     

 Chain logreject (0 references)     
 target     prot opt source               destination     
 REJECT     tcp  --  anywhere             anywhere            tcp reject-with tcp-reset     

 Chain trigger_out (1 references)     
 target     prot opt source               destination     
 root@DD-WRT:~#

2 Answers

Voted

Hyppy · Answer 1 · 2011-04-21T05:13:49+08:00

Hyppy

2011-04-21T05:13:49+08:002011-04-21T05:13:49+08:00

You don't forward a single port to a VLAN, you forward it to a specific IP. If you want it broadcast to the entire VLAN for some reason, you can forward it do the broadcast address for VLAN2.

Also, you may want to make sure all your VLANs are using separate subnets. dd-wrt gets a bit strange when it starts looping on itself because it's trying to route between multiple VLANs with the same subnet.

0

NitroxDM · Answer 2 · 2011-05-18T07:42:14+08:00

Best Answer

NitroxDM

2011-05-18T07:42:14+08:002011-05-18T07:42:14+08:00

You can still use the same Port Forwarding app in the GUI. The loopback is broken on DD-WRT v24-sp1 (07/27/08) std. So to test it you will have to hit it from outside your network.

0

Forward port ip on seprate vlan dd-wrt

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Resolve host name from IP address

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?