1 |
* Harry Putnam <reader@×××××××.com> [110420 15:03]: |
2 |
> Paul Hartman <paul.hartman+gentoo@×××××.com> writes: |
3 |
> |
4 |
> > Apr 20 14:41:08 ddwrt kern.warn kernel: [2814955.710000] DROP IN=eth1 |
5 |
> > OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:54:c9:4b:d9:08:00 SRC=10.166.128.1 |
6 |
> > DST=255.255.255.255 LEN=325 TOS=0x00 PREC=0x00 TTL=255 ID=34279 |
7 |
> > PROTO=UDP SPT=67 DPT=68 LEN=305 |
8 |
> > Apr 20 14:41:08 ddwrt kern.warn kernel: [2814956.130000] DROP IN=eth1 |
9 |
> > OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:54:c9:4b:d9:08:00 SRC=10.166.128.1 |
10 |
> > DST=255.255.255.255 LEN=325 TOS=0x00 PREC=0x00 TTL=255 ID=34287 |
11 |
> > PROTO=UDP SPT=67 DPT=68 LEN=305 |
12 |
> > Apr 20 14:41:10 ddwrt kern.warn kernel: [2814957.770000] DROP IN=eth1 |
13 |
> > OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:54:c9:4b:d9:08:00 SRC=172.16.129.29 |
14 |
> > DST=255.255.255.255 LEN=365 TOS=0x00 PREC=0x00 TTL=255 ID=34300 |
15 |
> > PROTO=UDP SPT=67 DPT=68 LEN=345 |
16 |
> > |
17 |
> > So it looks like ordinary linux firewall logging... I'm sure you can |
18 |
> > customize it if you want to, just as you would on a normal machine. |
19 |
> > |
20 |
> > Hope that helps :) |
21 |
> |
22 |
> Yes, thanks for taking the trouble... When I asked that, I hadn't |
23 |
> realized that both dd-wrt and openWRT were actually tiny linux OS. |
24 |
> |
25 |
> I've reading more about them since. |
26 |
> |
27 |
> It sounds from your report that dd-wrt has some kind of basic firewall |
28 |
> script in place by default. |
29 |
> |
30 |
> Whereas openWRT sounds like you may need to role your own iptables |
31 |
> script right off the bat. at least judging from a few posts I've now |
32 |
> read from their mailing list where people seem to be asking the kinds |
33 |
> of iptables questions you might find on that list.. |
34 |
> |
35 |
|
36 |
There is a basic firewall in place with OpenWRT (enabled by default.) |
37 |
|
38 |
There is a a web GUI for OpenWRT (as well as with DD-WRT.) |
39 |
|
40 |
The web GUI supports the usual config pages as with other similar home |
41 |
routers. |
42 |
|
43 |
There's a status page showing the iptables chains with the packet |
44 |
counts for each rule (the most complicated page to view I'd say.) |
45 |
|
46 |
There's config pages for overall firewall config with default policies |
47 |
and other things such as zone config. There's a "traffic control" page |
48 |
which lets you define your filter rules and a "Traffic Redirection" page |
49 |
which allows you to set up your port forwarding (DNAT.) |
50 |
|
51 |
It's quite easy to configure and doesn't require iptables knowledge. |
52 |
|
53 |
Though I like very much that the option is there if I want to take |
54 |
advantage of it. |
55 |
|
56 |
I've used LEAF for a long time (a small Linux Embedded Firewall |
57 |
Appliance) and it's great but DD-WRT and OpenWRT have nice GUIs on top |
58 |
of them and it was very easy to reflash my Buffalo to DD-WRT and then |
59 |
upgrade from that to OpenWRT. |