From: Todd Goodman <tsg@bonedaddy.net>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Re: [OT router advice] a router capable of detailed logs
Date: Thu, 21 Apr 2011 08:22:29 -0400 [thread overview]
Message-ID: <20110421122229.GA9766@ns1.bonedaddy.net> (raw)
In-Reply-To: <87fwpcd8ol.fsf@newsguy.com>
* Harry Putnam <reader@newsguy.com> [110420 15:03]:
> Paul Hartman <paul.hartman+gentoo@gmail.com> writes:
>
> > Apr 20 14:41:08 ddwrt kern.warn kernel: [2814955.710000] DROP IN=eth1
> > OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:54:c9:4b:d9:08:00 SRC=10.166.128.1
> > DST=255.255.255.255 LEN=325 TOS=0x00 PREC=0x00 TTL=255 ID=34279
> > PROTO=UDP SPT=67 DPT=68 LEN=305
> > Apr 20 14:41:08 ddwrt kern.warn kernel: [2814956.130000] DROP IN=eth1
> > OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:54:c9:4b:d9:08:00 SRC=10.166.128.1
> > DST=255.255.255.255 LEN=325 TOS=0x00 PREC=0x00 TTL=255 ID=34287
> > PROTO=UDP SPT=67 DPT=68 LEN=305
> > Apr 20 14:41:10 ddwrt kern.warn kernel: [2814957.770000] DROP IN=eth1
> > OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:54:c9:4b:d9:08:00 SRC=172.16.129.29
> > DST=255.255.255.255 LEN=365 TOS=0x00 PREC=0x00 TTL=255 ID=34300
> > PROTO=UDP SPT=67 DPT=68 LEN=345
> >
> > So it looks like ordinary linux firewall logging... I'm sure you can
> > customize it if you want to, just as you would on a normal machine.
> >
> > Hope that helps :)
>
> Yes, thanks for taking the trouble... When I asked that, I hadn't
> realized that both dd-wrt and openWRT were actually tiny linux OS.
>
> I've reading more about them since.
>
> It sounds from your report that dd-wrt has some kind of basic firewall
> script in place by default.
>
> Whereas openWRT sounds like you may need to role your own iptables
> script right off the bat. at least judging from a few posts I've now
> read from their mailing list where people seem to be asking the kinds
> of iptables questions you might find on that list..
>
There is a basic firewall in place with OpenWRT (enabled by default.)
There is a a web GUI for OpenWRT (as well as with DD-WRT.)
The web GUI supports the usual config pages as with other similar home
routers.
There's a status page showing the iptables chains with the packet
counts for each rule (the most complicated page to view I'd say.)
There's config pages for overall firewall config with default policies
and other things such as zone config. There's a "traffic control" page
which lets you define your filter rules and a "Traffic Redirection" page
which allows you to set up your port forwarding (DNAT.)
It's quite easy to configure and doesn't require iptables knowledge.
Though I like very much that the option is there if I want to take
advantage of it.
I've used LEAF for a long time (a small Linux Embedded Firewall
Appliance) and it's great but DD-WRT and OpenWRT have nice GUIs on top
of them and it was very easy to reflash my Buffalo to DD-WRT and then
upgrade from that to OpenWRT.
next prev parent reply other threads:[~2011-04-21 12:53 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-19 3:31 [gentoo-user] [OT router advice] a router capable of detailed logs Harry Putnam
2011-04-19 6:02 ` Mick
2011-04-20 15:56 ` [gentoo-user] " Harry Putnam
2011-04-21 5:55 ` Mick
2011-04-21 5:58 ` Mick
2011-04-22 19:28 ` Harry Putnam
2011-04-22 22:17 ` Mick
2011-04-25 17:37 ` Harry Putnam
2011-04-25 18:20 ` Paul Hartman
2011-04-25 19:04 ` Mick
2011-04-25 18:44 ` Mick
2011-04-25 22:23 ` Jake Moe
2011-04-26 6:08 ` Mick
2011-04-26 22:27 ` Harry Putnam
2011-04-27 6:23 ` Mick
2011-04-28 5:31 ` Harry Putnam
2011-04-28 14:36 ` Todd Goodman
2011-04-30 4:28 ` Harry Putnam
2011-04-30 15:02 ` Todd Goodman
2011-04-28 16:07 ` Mick
2011-04-19 6:54 ` [gentoo-user] " Joost Roeleveld
2011-04-20 16:16 ` [gentoo-user] " Harry Putnam
2011-04-19 9:15 ` [gentoo-user] " Peter Humphrey
2011-04-20 16:23 ` [gentoo-user] " Harry Putnam
2011-04-20 18:49 ` Dale
2011-04-20 19:38 ` Harry Putnam
2011-04-20 19:50 ` Dale
2011-04-20 22:36 ` Peter Humphrey
2011-04-20 22:36 ` Harry Putnam
2011-04-20 23:35 ` Dale
2011-04-21 5:37 ` Pandu Poluan
2011-04-19 10:17 ` [gentoo-user] " Pandu Poluan
2011-04-19 10:18 ` Stroller
2011-04-19 14:50 ` Paul Hartman
2011-04-20 2:01 ` W.Kenworthy
2011-04-20 18:50 ` [gentoo-user] " Harry Putnam
2011-04-20 18:15 ` Harry Putnam
2011-04-20 18:15 ` Todd Goodman
2011-04-20 19:01 ` Harry Putnam
2011-04-20 18:48 ` Paul Hartman
2011-04-20 19:28 ` Harry Putnam
2011-04-20 20:11 ` Paul Hartman
2011-04-20 22:41 ` Harry Putnam
2011-04-21 12:22 ` Todd Goodman [this message]
2011-04-22 20:25 ` Harry Putnam
2011-04-22 22:47 ` Todd Goodman
2011-04-20 19:14 ` Harry Putnam
2011-04-30 17:47 ` James
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110421122229.GA9766@ns1.bonedaddy.net \
--to=tsg@bonedaddy.net \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox