Netgear dg834g

From Smop.co.uk

I set the router into bridged mode - however it still does various NATing etc. (which breaks MSN for example) this seems to perhaps be an approach I could take. However ATM, I've added enough routes and then do this to remove the NATing etc that I do not want:

• Enable telnet interface
  • wget -O /dev/null -q --user=admin --password ..... http://$routerip/setup.cgi?todo=debug
• Telnet to the router and then type in

iptables -P FORWARD ACCEPT
iptables -F FORWARD
iptables -t nat -F PREROUTING
iptables -t nat -F POSTROUTING

grep -v firewall < /etc/crontab > /etc/crontab2
mv /etc/crontab2 /etc/crontab

There are several other dg834g hints which might be handy.

• • wget -O /dev/null -q --user=admin --password ..... http://$routerip/setup.cgi?next_file=mode.htm

I've now written a script to do this:

#!/bin/sh

# script to remove dumb firewall rules from router (that block MSN!)
# written by Adrian Bridgett <adrian@smop.co.uk>
# released under GPL v3

username=admin
password=...
routerip=...

wget -O /dev/null -q --user="$username" --password="$password"  "http://$routerip/setup.cgi?todo=debug"

expect << EOF
spawn telnet $routerip
expect "#"
send "iptables -P FORWARD ACCEPT\r"
expect "#" 
send "iptables -F FORWARD\r"
expect "#"
send "iptables -t nat -F PREROUTING\r"
expect "#"
send "iptables -t nat -F POSTROUTING\r"
expect "#"
send "grep -v firewall < /etc/crontab > /etc/crontab2\r"
expect "#"
send "mv /etc/crontab2 /etc/crontab\r"
expect "#"
send "exit\r"
EOF

Update

Eclipse/BT kindly upgraded the ADSL platform last night (no notice, no service ticket in the system - 4000 users dropped, still no ticket hours later). They also removed PPPoE support and gave me incorrect information which took a few hours to shift through.

_anyway_, new settings: ferro:

• ext0: 81.5.177.201 with default GW 81.5.177.202

netgear:

• LAN IP: 192.168.99.1/24
• ADSL IP: 81.5.177.202/32
• Static routes (not used?):
  • 81.5.177.201/32 GW 192.168.99.1
  • 192.168.100.0/24 GW 81.5.177.201
• Firewall rules (outbound):
  • Default, enabled, Any, ALLOW always, Any Any
• Firewall rules (inbound):
  • 1, enabled, TELNET, ALLOW always, 81.5.177.202, 81.5.177.201
  • 2, enabled, HTTP, ALLOW always, 81.5.177.202, 81.5.177.201
  • 3, enabled, HTTP, ALLOW always, 81.5.177.202, 192.168.100.0-192.168.101.254
  • 4, disabled, Any(ALL), BLOCK always, Any, Any
  • Default, eanbled, DMZ, ALLOW always, 81.5.177.201, Any
  • Default, enabled, TELNET, ALLOW always, Any, Any