Netgear dg834g
From Smop.co.uk
I set the router into bridged mode - however it still does various NATing etc. (which breaks MSN for example) this seems to perhaps be an approach I could take. However ATM, I've added enough routes and then do this to remove the NATing etc that I do not want:
- Enable telnet interface
- wget -O /dev/null -q --user=admin --password ..... http://$routerip/setup.cgi?todo=debug
- Telnet to the router and then type in
iptables -P FORWARD ACCEPT iptables -F FORWARD iptables -t nat -F PREROUTING iptables -t nat -F POSTROUTING grep -v firewall < /etc/crontab > /etc/crontab2 mv /etc/crontab2 /etc/crontab
There are several other dg834g hints which might be handy.
- wget -O /dev/null -q --user=admin --password ..... http://$routerip/setup.cgi?next_file=mode.htm
I've now written a script to do this:
#!/bin/sh # script to remove dumb firewall rules from router (that block MSN!) # written by Adrian Bridgett <adrian@smop.co.uk> # released under GPL v3 username=admin password=... routerip=... wget -O /dev/null -q --user="$username" --password="$password" "http://$routerip/setup.cgi?todo=debug" expect << EOF spawn telnet $routerip expect "#" send "iptables -P FORWARD ACCEPT\r" expect "#" send "iptables -F FORWARD\r" expect "#" send "iptables -t nat -F PREROUTING\r" expect "#" send "iptables -t nat -F POSTROUTING\r" expect "#" send "grep -v firewall < /etc/crontab > /etc/crontab2\r" expect "#" send "mv /etc/crontab2 /etc/crontab\r" expect "#" send "exit\r" EOF
[edit]
Update
Eclipse/BT kindly upgraded the ADSL platform last night (no notice, no service ticket in the system - 4000 users dropped, still no ticket hours later). They also removed PPPoE support and gave me incorrect information which took a few hours to shift through.
_anyway_, new settings: ferro:
- ext0: 81.5.177.201 with default GW 81.5.177.202
netgear:
- LAN IP: 192.168.99.1/24
- ADSL IP: 81.5.177.202/32
- Static routes (not used?):
- 81.5.177.201/32 GW 192.168.99.1
- 192.168.100.0/24 GW 81.5.177.201
- Firewall rules (outbound):
- Default, enabled, Any, ALLOW always, Any Any
- Firewall rules (inbound):
- 1, enabled, TELNET, ALLOW always, 81.5.177.202, 81.5.177.201
- 2, enabled, HTTP, ALLOW always, 81.5.177.202, 81.5.177.201
- 3, enabled, HTTP, ALLOW always, 81.5.177.202, 192.168.100.0-192.168.101.254
- 4, disabled, Any(ALL), BLOCK always, Any, Any
- Default, eanbled, DMZ, ALLOW always, 81.5.177.201, Any
- Default, enabled, TELNET, ALLOW always, Any, Any
