| 1 |
* Harry Putnam <reader@×××××××.com> [110420 15:03]: |
| 2 |
> Paul Hartman <paul.hartman+gentoo@×××××.com> writes: |
| 3 |
> |
| 4 |
> > Apr 20 14:41:08 ddwrt kern.warn kernel: [2814955.710000] DROP IN=eth1 |
| 5 |
> > OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:54:c9:4b:d9:08:00 SRC=10.166.128.1 |
| 6 |
> > DST=255.255.255.255 LEN=325 TOS=0x00 PREC=0x00 TTL=255 ID=34279 |
| 7 |
> > PROTO=UDP SPT=67 DPT=68 LEN=305 |
| 8 |
> > Apr 20 14:41:08 ddwrt kern.warn kernel: [2814956.130000] DROP IN=eth1 |
| 9 |
> > OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:54:c9:4b:d9:08:00 SRC=10.166.128.1 |
| 10 |
> > DST=255.255.255.255 LEN=325 TOS=0x00 PREC=0x00 TTL=255 ID=34287 |
| 11 |
> > PROTO=UDP SPT=67 DPT=68 LEN=305 |
| 12 |
> > Apr 20 14:41:10 ddwrt kern.warn kernel: [2814957.770000] DROP IN=eth1 |
| 13 |
> > OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:54:c9:4b:d9:08:00 SRC=172.16.129.29 |
| 14 |
> > DST=255.255.255.255 LEN=365 TOS=0x00 PREC=0x00 TTL=255 ID=34300 |
| 15 |
> > PROTO=UDP SPT=67 DPT=68 LEN=345 |
| 16 |
> > |
| 17 |
> > So it looks like ordinary linux firewall logging... I'm sure you can |
| 18 |
> > customize it if you want to, just as you would on a normal machine. |
| 19 |
> > |
| 20 |
> > Hope that helps :) |
| 21 |
> |
| 22 |
> Yes, thanks for taking the trouble... When I asked that, I hadn't |
| 23 |
> realized that both dd-wrt and openWRT were actually tiny linux OS. |
| 24 |
> |
| 25 |
> I've reading more about them since. |
| 26 |
> |
| 27 |
> It sounds from your report that dd-wrt has some kind of basic firewall |
| 28 |
> script in place by default. |
| 29 |
> |
| 30 |
> Whereas openWRT sounds like you may need to role your own iptables |
| 31 |
> script right off the bat. at least judging from a few posts I've now |
| 32 |
> read from their mailing list where people seem to be asking the kinds |
| 33 |
> of iptables questions you might find on that list.. |
| 34 |
> |
| 35 |
|
| 36 |
There is a basic firewall in place with OpenWRT (enabled by default.) |
| 37 |
|
| 38 |
There is a a web GUI for OpenWRT (as well as with DD-WRT.) |
| 39 |
|
| 40 |
The web GUI supports the usual config pages as with other similar home |
| 41 |
routers. |
| 42 |
|
| 43 |
There's a status page showing the iptables chains with the packet |
| 44 |
counts for each rule (the most complicated page to view I'd say.) |
| 45 |
|
| 46 |
There's config pages for overall firewall config with default policies |
| 47 |
and other things such as zone config. There's a "traffic control" page |
| 48 |
which lets you define your filter rules and a "Traffic Redirection" page |
| 49 |
which allows you to set up your port forwarding (DNAT.) |
| 50 |
|
| 51 |
It's quite easy to configure and doesn't require iptables knowledge. |
| 52 |
|
| 53 |
Though I like very much that the option is there if I want to take |
| 54 |
advantage of it. |
| 55 |
|
| 56 |
I've used LEAF for a long time (a small Linux Embedded Firewall |
| 57 |
Appliance) and it's great but DD-WRT and OpenWRT have nice GUIs on top |
| 58 |
of them and it was very easy to reflash my Buffalo to DD-WRT and then |
| 59 |
upgrade from that to OpenWRT. |
Archives