Monitoring Network Bandwidth Usage - Netgear DG834G

I

IonMan

New Member
Joined
May 7, 2011
Messages
6
Reaction score
0
Hi all, I've been trying to setup some sort of program to let me keep track of how much my household has downloaded on a monthly basis. This is in the hopes that we can avoid running over our monthly limit, and so having our connection speed throttled to an unbearable level; as we've suffered from recently.

I currently have PRTG Network Monitor installed, but I've only been able to get it to track ping/response times and my own computer's usage, not the whole network as I know it's capable of.
NOTE: Even if you have no knowledge of PRTG, I'm open to suggestions on other programs that might do the job.

I found the below solution on these forums and followed the instructions:
jacobstone said:
Here are the steps guys:

1) Access your router on http://192.168.0.1/snmp.htm
2) Enable SNMP and make your community name 'public'. Click Apply.
3) Type in the address bar: http://192.168.0.1/setup.cgi?todo=debug (it will say "Debug enabled").
4) Click Start, Run, type in 'cmd' to get a command prompt.
5) Type 'telnet 192.168.0.1' (You will see a BusyBox shell prompt).
6) type 'iptables -D INPUT 1' at the # prompt (this disables SNMP blocking).

That's it, your router will now respond to SNMP requests on port 161. Get yourself a program like PRTG and hook it up, remember that your community string is 'public' but PRTG should default to that anyway.

Of course if your router has a different IP address simply replace 192.168.0.1 in all the steps above with whatever your router's IP is.
Click to expand...
You can find the original post in full here: http://mybroadband.co.za/vb/showthr...P-Capabilities?p=733116&viewfull=1#post733116

As I say, I followed these instructions but when I tried to add a sensor in PRTG for Bandwidth Monitoring(as SNMP traffic) it still wouldn't work. Saying:
Sorry, the scan for available monitoring items has failed!

Error Message:"No response (check: firewalls, routing, snmp settings of device, IPs, SNMP version, community, passwords etc) (SNMP error # -2003)"
Click to expand...
Furthermore, inputting those settings to my router seemed to stop me from being able to load it's page(192.168.0.1). All I seem to get is a blank page, and it seems PRTG had the same problem, as it didnt seem to be able to even Ping the router anymore.
The only solution I found to that was turning off the router(pulling out the power cable) and then turning it back on. So, it seems the problem isn't just with PRTG.

So, that's where I'm at.
Hope someone can help.
Cheers.

P.S. Note to the Mods: I have posted this in both the "Networking and Security" forum(since that seems the apropriate place), aswell as the "ADSL Discussions" forum(since thats where I found the aforementioned thread). If one of them needs to be deleted then so be it, but I'd hope they could both remain, so that I might have a better chance of finding a solution.
Thank you.
 
The DG834GUv5 modem that I have access to doesn't seem to have SNMP at all.
It would be pretty awesome if you can get SNMP working on yours.

I'm guessing that you've deleted the firewall rule that allowed incoming connections, instead of the one that was blocking SNMP.

Establish a telnet connection again to your router: telnet 192.168.0.1
Then type in 'iptables -L -v -n --line-numbers' and paste the results here.
 
Hi, interesting post. I have a Billion 7402G and running Win 7. Access is via wireless although can use ethernet if required. When I type "telnet" from a command prompt I get invalid command. What am I doing wrong? Thanks.
 
The original poster in the thread I mentioned had this same router, and it seemed like they got it working fine. As did 1 or 2 other posters.

As for the results you asked for, here you go:
Code: 
# iptables -L -v -n --line-numbers
Chain INPUT (policy DROP 187 packets, 9092 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1     3609  371K ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0
2      573  184K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
3        0     0 ACCEPT     all  --  ipsec0 *       0.0.0.0/0            0.0.0.0/0
4      343 53327 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED
5      139  6448 DOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x16/0x02
6       14  1260 DOS        udp  --  *      *       0.0.0.0/0            0.0.0.0/0
7        2    56 DOS        icmp --  *      *       0.0.0.0/0            0.0.0.0/0          icmp type 8
8      187  9092 PROXY      all  --  *      *       0.0.0.0/0            0.0.0.0/0
9      187  9092 LOCAL_SERVICE  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1     328K  208M OUT_FILTER  all  --  *      *       0.0.0.0/0            0.0.0.0/0
2     328K  208M CFILTER    all  --  *      *       0.0.0.0/0            0.0.0.0/0
3     328K  208M FW_BASIC   all  --  *      *       0.0.0.0/0            0.0.0.0/0
4        0     0 DOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x16/0x02
5        0     0 DOS        udp  --  *      *       0.0.0.0/0            0.0.0.0/0
6        0     0 DOS        icmp --  *      *       0.0.0.0/0            0.0.0.0/0          icmp type 8
7        0     0 IN_FILTER  all  --  *      *       0.0.0.0/0            0.0.0.0/0
8        0     0 FW_UPNP    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 13131 packets, 2599K bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain BLOCK (0 references)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0          LOG flags 0 level 4 prefix `[BLOCK] '
2        0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:80 reject-with http-block

Chain CFILTER (1 references)
num   pkts bytes target     prot opt in     out     source               destination
1     5385 3680K HTTP       tcp  --  br0    *       0.0.0.0/0            0.0.0.0/0          tcp dpt:80 flags:0x3F/0x18 STRING match GET
2      317  320K HTTP       tcp  --  br0    *       0.0.0.0/0            0.0.0.0/0          tcp dpt:80 flags:0x3F/0x18 STRING match POST
3       68 53640 HTTP       tcp  --  br0    *       0.0.0.0/0            0.0.0.0/0          tcp dpt:80 flags:0x3F/0x18 STRING match HEAD

Chain DOS (6 references)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 RETURN     all  --  !ppp0  *       0.0.0.0/0            0.0.0.0/0
2        0     0 SCAN       all  --  *      *       0.0.0.0/0            0.0.0.0/0          psd weight-threshold: 21 delay-threshold: 300 lo-ports-weight: 3 hi-
ports-weight: 1
3      131  6128 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          limit: avg 5/sec burst 10 tcp flags:0x16/0x02
4       14  1260 RETURN     udp  --  *      *       0.0.0.0/0            0.0.0.0/0          limit: avg 5/sec burst 10
5        2    56 RETURN     icmp --  *      *       0.0.0.0/0            0.0.0.0/0          icmp type 8 limit: avg 5/sec burst 60
6        7   280 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0          limit: avg 10/sec burst 5 LOG flags 0 level 4 prefix `[DOS] '
7        8   320 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FW_BASIC (1 references)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
2        0     0 ACCEPT     all  --  ipsec0 *       0.0.0.0/0            0.0.0.0/0
3    10701  553K TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x06/0x02 TCPMSS clamp to PMTU
4     319K  208M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED
5        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          MARK match 0x2511
6     9057  519K ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0

Chain FW_UPNP (1 references)
num   pkts bytes target     prot opt in     out     source               destination

Chain HTTP (3 references)
num   pkts bytes target     prot opt in     out     source               destination

Chain IN_FILTER (1 references)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 RETURN     all  --  !ppp0  *       0.0.0.0/0            0.0.0.0/0
2        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.0.27       tcp dpt:62599
3        0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.0.27       udp dpt:62599

Chain LOCAL_SERVICE (1 references)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          MARK match 0x2511
2        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.0.1        tcp dpt:80 MARK match 0x2643

Chain OUT_FILTER (1 references)
num   pkts bytes target     prot opt in     out     source               destination
1     156K  193M RETURN     all  --  !br0   *       0.0.0.0/0            0.0.0.0/0
2        0     0 LOG        tcp  --  *      *      !0.0.0.0/0            0.0.0.0/0          tcp dpt:62599 LOG flags 0 level 4 prefix `[BitTorrent rule not match
] '
3        0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:62599 LOG flags 0 level 4 prefix `[BitTorrent rule match] '
4        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:62599
5        0     0 LOG        udp  --  *      *      !0.0.0.0/0            0.0.0.0/0          udp dpt:62599 LOG flags 0 level 4 prefix `[BitTorrent rule not match
] '
6        0     0 LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0          udp dpt:62599 LOG flags 0 level 4 prefix `[BitTorrent rule match] '
7        0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0          udp dpt:62599

Chain PROXY (1 references)
num   pkts bytes target     prot opt in     out     source               destination

Chain SCAN (1 references)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0          limit: avg 10/sec burst 5 LOG flags 0 level 4 prefix `[PORT SCAN] '
2        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0
#
#
The "BitTorrent" rules are something I barely remember adding, and was from some set of instructions on how to optimize BitTorrent's download/upload speeds. As I recall though it make basically no difference, so I'd be happy to remove those rules if it might help.

P.S. I should have mentioned my operating system before, I'm on Windows XP professional, SP3.
 
This double/triple posting is not cool dude. Stop that ****. It won't mean you'll get an answer faster.
 
Your firewall rules looks completely different from that of the other people where they deleted the first firewall rule in the INPUT chain, using 'iptables -D INPUT 1'.

You can try something like 'iptables -I INPUT 4 -s 192.168.0.0/24 -p udp --dport 161 -j ACCEPT', which will accept ALL incoming SNMP packets from the 192.168.0.1-192.168.0.255 IP addresses.
You might have to change the 192.168.0.0/24 IP range to whatever your LAN IP range is.

Once you've added that rule, and you run 'iptables -L -v -n --line-numbers', you'll see that rule in the INPUT chain in position #4. If your PRTG Traffic grapher has requested SNMP information from your router, then the packet count (pkts column) should show an increase in that new rule.

btw: does this URL (http://192.168.0.1/snmp.htm) exist on your router?

Please take note that the change that you make to the iptables via Telnet would be lost as soon as the router is reset.
You can perhaps try to follow the SNMP enable & firewall rules as the following person described it: http://mybroadband.co.za/vb/showthr...P-Capabilities?p=645673&viewfull=1#post645673
 
Last edited:
I have rebooted the router since my last failed attempt at getting those settings(the ones i posted/quoted originally) to work, so that may be why the information is different than you expected.

And yes the 192.168.0.1/snmp.htm address exists, but only as a hidden menu - theres no link to it from any menu/submenu of the 192.168.0.1 page.

So, should I go ahead with your suggestion(s)? Or does this change anything?

Hm, hold on a second. I'll just re-do those original steps and let you know what the result sheet looks like then.

Here ya go:
Code: 
# iptables -D INPUT 1
#
# iptables -L -v -n --line-numbers
Chain INPUT (policy DROP 257 packets, 12484 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1     1881  621K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
2        0     0 ACCEPT     all  --  ipsec0 *       0.0.0.0/0            0.0.0.0/0
3      481 70337 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED
4      200  9404 DOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x16/0x02
5       14  1260 DOS        udp  --  *      *       0.0.0.0/0            0.0.0.0/0
6        4   176 DOS        icmp --  *      *       0.0.0.0/0            0.0.0.0/0          icmp type 8
7      257 12484 PROXY      all  --  *      *       0.0.0.0/0            0.0.0.0/0
8      257 12484 LOCAL_SERVICE  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destina
tion
1     343K  214M OUT_FILTER  all  --  *      *       0.0.0.0/0            0.0.0.0/0
2     343K  214M CFILTER    all  --  *      *       0.0.0.0/0            0.0.0.0/0
3     343K  214M FW_BASIC   all  --  *      *       0.0.0.0/0            0.0.0.0/0
4        0     0 DOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x16/0x02
5        0     0 DOS        udp  --  *      *       0.0.0.0/0            0.0.0.0/0
6        0     0 DOS        icmp --  *      *       0.0.0.0/0            0.0.0.0/0          icmp type 8
7        0     0 IN_FILTER  all  --  *      *       0.0.0.0/0            0.0.0.0/0
8        0     0 FW_UPNP    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 16898 packets, 3668K bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain BLOCK (0 references)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0          LOG flags 0 level 4 prefix `[BLOCK] '
2        0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:80 reject-with http-block

Chain CFILTER (1 references)
num   pkts bytes target     prot opt in     out     source               destination
1     6026 4318K HTTP       tcp  --  br0    *       0.0.0.0/0            0.0.0.0/0          tcp dpt:80 flags:0x3F/0x18 STRING match GET
2      537  576K HTTP       tcp  --  br0    *       0.0.0.0/0            0.0.0.0/0          tcp dpt:80 flags:0x3F/0x18 STRING match POST
3       68 53640 HTTP       tcp  --  br0    *       0.0.0.0/0            0.0.0.0/0          tcp dpt:80 flags:0x3F/0x18 STRING match HEAD

Chain DOS (6 references)
num   pkts bytes target     prot opt in     out     source               destination
1        2   120 RETURN     all  --  !ppp0  *       0.0.0.0/0            0.0.0.0/0
2        0     0 SCAN       all  --  *      *       0.0.0.0/0            0.0.0.0/0          psd weight-threshold: 21 delay-threshold: 300 lo-ports-weight: 3 hi-ports-weight: 1
3      188  8924 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          limit: avg 5/sec burst 10 tcp flags:0x16/0x02
4       14  1260 RETURN     udp  --  *      *       0.0.0.0/0            0.0.0.0/0          limit: avg 5/sec burst 10
5        2    56 RETURN     icmp --  *      *       0.0.0.0/0            0.0.0.0/0          icmp type 8 limit: avg 5/sec burst 60
6       11   440 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0          limit: avg 10/sec burst 5 LOG flags 0 level 4 prefix `[DOS] '
7       12   480 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FW_BASIC (1 references)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
2        0     0 ACCEPT     all  --  ipsec0 *       0.0.0.0/0            0.0.0.0/0
3    12606  652K TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x06/0x02 TCPMSS clamp to PMTU
4     332K  213M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED
5        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          MARK match 0x2511
6    10776  623K ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0

Chain FW_UPNP (1 references)
num   pkts bytes target     prot opt in     out     source               destination

Chain HTTP (3 references)
num   pkts bytes target     prot opt in     out     source               destination

Chain IN_FILTER (1 references)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 RETURN     all  --  !ppp0  *       0.0.0.0/0            0.0.0.0/0
2        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.0.27       tcp dpt:62599
3        0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.0.27       udp dpt:62599

Chain LOCAL_SERVICE (1 references)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          MARK match 0x2511
2        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.0.1        tcp dpt:80 MARK match 0x2643

Chain OUT_FILTER (1 references)
num   pkts bytes target     prot opt in     out     source               destination
1     162K  196M RETURN     all  --  !br0   *       0.0.0.0/0            0.0.0.0/0
2        0     0 LOG        tcp  --  *      *      !0.0.0.0/0            0.0.0.0/0          tcp dpt:62599 LOG flags 0 level 4 prefix `[BitTorrent rule not match
] '
3        0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:62599 LOG flags 0 level 4 prefix `[BitTorrent rule match] '
4        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:62599
5        0     0 LOG        udp  --  *      *      !0.0.0.0/0            0.0.0.0/0          udp dpt:62599 LOG flags 0 level 4 prefix `[BitTorrent rule not match
] '
6        0     0 LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0          udp dpt:62599 LOG flags 0 level 4 prefix `[BitTorrent rule match] '
7        0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0          udp dpt:62599

Chain PROXY (1 references)
num   pkts bytes target     prot opt in     out     source               destination

Chain SCAN (1 references)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0          limit: avg 10/sec burst 5 LOG flags 0 level 4 prefix `[PORT SCAN] '
2        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0
#
#

Okay, so yeah, same suggestion(s)?

P.S. Now that I've re-input those settings(iptables -D INPUT 1), I'm once again no longer able to access the 192.168.0.1 page... argh.
 
Ai man. Please just read my post more carefully. Your firewall rules are different from the other guys' firewall rules, so you SHOULD NOT delete the first rule that allow all the incoming packets on the router from the LAN ports.

I'd suggest that you give the firewall rules a try that the guy has posted here: http://mybroadband.co.za/vb/showthr...P-Capabilities?p=645673&viewfull=1#post645673
I'd think that you would only need a single inbound firewall rule: "No.1 was for SNMP on the modem (192.168.0.1 or whatever you have the modem set at).", because the OUTPUT chain accepts everything already by default (see 'policy ACCEPT' next to 'Chain OUTPUT').

When you modify the firewall from the web interface, those settings will be kept even after you reset the modem.

Once you've added that single inbound rule, you should see a new entry in the INPUT chain that would be something like the following:
Code: 
Chain INPUT (policy DROP x packets, x bytes)
num   pkts bytes target     prot opt in     out     source               destination
x        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.0.1       udp dpt:161
^^ I'm just guessing what that inbound rule would actually add to the iptables :)
 
Last edited:
Well you just said they were completely different, not specifically how, and i'm really not familiar with this sort of stuff(for instance I didn't even know these were firewall rules really, although I supose I should've guessed as much, since they're rules to block/allow input/output ¬_¬), so I just didnt know how to interpret that, sorry :(.
Plus I kinda felt I might've caused some confusion by talking about that previous method(iptables -D INPUT 1), and then giving you a readout where I hadn't put those settings in, so I wanted to make sure I hadn't misled you on anything important. So yeah, sorry about that, and thanks for clarifying :).

I've tried that guy's firewall rules(via the web interface, and omitting the 2nd input rule as you suggested). And heres the new results:
Code: 
# iptables -L -v -n --line-numbers
Chain INPUT (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1      222 17296 ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0
2       36 15228 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
3        0     0 ACCEPT     all  --  ipsec0 *       0.0.0.0/0            0.0.0.0/0
4        2   201 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED
5        0     0 DOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x16/0x02
6        0     0 DOS        udp  --  *      *       0.0.0.0/0            0.0.0.0/0
7        0     0 DOS        icmp --  *      *       0.0.0.0/0            0.0.0.0/0          icmp type 8
8        0     0 PROXY      all  --  *      *       0.0.0.0/0            0.0.0.0/0
9        0     0 LOCAL_SERVICE  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1    21073   16M OUT_FILTER  all  --  *      *       0.0.0.0/0            0.0.0.0/0
2    21073   16M CFILTER    all  --  *      *       0.0.0.0/0            0.0.0.0/0
3    21073   16M FW_BASIC   all  --  *      *       0.0.0.0/0            0.0.0.0/0
4        0     0 DOS        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x16/0x02
5        0     0 DOS        udp  --  *      *       0.0.0.0/0            0.0.0.0/0
6        0     0 DOS        icmp --  *      *       0.0.0.0/0            0.0.0.0/0          icmp type 8
7        0     0 IN_FILTER  all  --  *      *       0.0.0.0/0            0.0.0.0/0
8        0     0 FW_UPNP    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 2561 packets, 933K bytes)
num   pkts bytes target     prot opt in     out     source               destination

Chain BLOCK (0 references)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0          LOG flags 0 level 4 prefix `[BLOCK] '
2        0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:80 reject-with http-block

Chain CFILTER (1 references)
num   pkts bytes target     prot opt in     out     source               destination
1        7  5844 HTTP       tcp  --  br0    *       0.0.0.0/0            0.0.0.0/0          tcp dpt:80 flags:0x3F/0x18 STRING match GET
2        7  9139 HTTP       tcp  --  br0    *       0.0.0.0/0            0.0.0.0/0          tcp dpt:80 flags:0x3F/0x18 STRING match POST
3        4  4940 HTTP       tcp  --  br0    *       0.0.0.0/0            0.0.0.0/0          tcp dpt:80 flags:0x3F/0x18 STRING match HEAD

Chain DOS (6 references)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 RETURN     all  --  !ppp0  *       0.0.0.0/0            0.0.0.0/0
2        0     0 SCAN       all  --  *      *       0.0.0.0/0            0.0.0.0/0          psd weight-threshold: 21 delay-threshold: 300 lo-ports-weight: 3 hi-ports-weight: 1
3        0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          limit: avg 5/sec burst 10 tcp flags:0x16/0x02
4        0     0 RETURN     udp  --  *      *       0.0.0.0/0            0.0.0.0/0          limit: avg 5/sec burst 10
5        0     0 RETURN     icmp --  *      *       0.0.0.0/0            0.0.0.0/0          icmp type 8 limit: avg 5/sec burst 60
6        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0          limit: avg 10/sec burst 5 LOG flags 0 level 4 prefix `[DOS] '
7        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FW_BASIC (1 references)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
2        0     0 ACCEPT     all  --  ipsec0 *       0.0.0.0/0            0.0.0.0/0
3       30  1560 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x06/0x02 TCPMSS clamp to PMTU
4    21050   16M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED
5        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          MARK match 0x2511
6       23  1667 ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0

Chain FW_UPNP (1 references)
num   pkts bytes target     prot opt in     out     source               destination

Chain HTTP (3 references)
num   pkts bytes target     prot opt in     out     source               destination

Chain IN_FILTER (1 references)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 RETURN     all  --  !ppp0  *       0.0.0.0/0            0.0.0.0/0
2        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.0.27       tcp dpt:62599
3        0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.0.27       udp dpt:62599
4        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.0.1        tcp dpt:161
5        0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.0.1        udp dpt:161

Chain LOCAL_SERVICE (1 references)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          MARK match 0x2511
2        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.0.1        tcp dpt:80 MARK match 0x2643

Chain OUT_FILTER (1 references)
num   pkts bytes target     prot opt in     out     source               destination
1    10464   15M RETURN     all  --  !br0   *       0.0.0.0/0            0.0.0.0/0
2        0     0 LOG        tcp  --  *      *      !0.0.0.0/0            0.0.0.0/0          tcp dpt:62599 LOG flags 0 level 4 prefix `[BitTorrent rule not match] '
3        0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:62599 LOG flags 0 level 4 prefix `[BitTorrent rule match] '
4        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:62599
5        0     0 LOG        udp  --  *      *      !0.0.0.0/0            0.0.0.0/0          udp dpt:62599 LOG flags 0 level 4 prefix `[BitTorrent rule not match] '
6        0     0 LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0          udp dpt:62599 LOG flags 0 level 4 prefix `[BitTorrent rule match] '
7        0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0          udp dpt:62599
8        0     0 LOG        tcp  --  *      *      !0.0.0.0/0            0.0.0.0/0          tcp dpt:162 LOG flags 0 level 4 prefix `[SNMP-TRAPS rule not match]'
9        0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:162 LOG flags 0 level 4 prefix `[SNMP-TRAPS rule match] '
10       0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:162
11       0     0 LOG        udp  --  *      *      !0.0.0.0/0            0.0.0.0/0          udp dpt:162 LOG flags 0 level 4 prefix `[SNMP-TRAPS rule not match]'
12       0     0 LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0          udp dpt:162 LOG flags 0 level 4 prefix `[SNMP-TRAPS rule match] '
13       0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0          udp dpt:162
14       0     0 LOG        tcp  --  *      *      !0.0.0.0/0            0.0.0.0/0          tcp dpt:161 LOG flags 0 level 4 prefix `[SNMP rule not match] '
15       0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:161 LOG flags 0 level 4 prefix `[SNMP rule match] '
16       0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:161
17       0     0 LOG        udp  --  *      *      !0.0.0.0/0            0.0.0.0/0          udp dpt:161 LOG flags 0 level 4 prefix `[SNMP rule not match] '
18       0     0 LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0          udp dpt:161 LOG flags 0 level 4 prefix `[SNMP rule match] '
19       0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0          udp dpt:161

Chain PROXY (1 references)
num   pkts bytes target     prot opt in     out     source               destination

Chain SCAN (1 references)
num   pkts bytes target     prot opt in     out     source               destination
1        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0          limit: avg 10/sec burst 5 LOG flags 0 level 4 prefix `[PORT SCAN] '
2        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0
#
#
It doesn't seem to have added anything to the Chain INPUT section though, only the Chain IN_FILTER. And a bunch of stuff to the Chain OUT_FILTER.
 
Last edited:
Hmm that is weird. So it pretty much added it to the FORWARD chain, since there's a jump from the FORWARD chain to the IN_FILTER chain (see #7 in FORWARD chain).
The FORWARD chain is meant for all the traffic that the router has to forward, which in essence isn't destined for the router itself.

Try the following 2 commands:
Code: 
iptables -I INPUT 4 -s 192.168.0.0/24 -p udp --dport 161 -j ACCEPT
iptables -I INPUT 4 -s 192.168.0.0/24 -p tcp --dport 161 -j ACCEPT
They would have the following effect:
The router would accept all the traffic coming from the 192.168.0.0/24 subnet (which is 192.168.0.*) destined for both UDP & TCP ports 161.

If you're really desperate, you can always disable the firewall, by changing the policies from DROP to ACCEPT on the INPUT & FORWARD chains. I won't recommend this when the ADSL connection is active, but it's OK if you just want to see if you can get a SNMP response.
Code: 
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
To revert that, run:
Code: 
iptables -P INPUT DROP
iptables -P FORWARD DROP

So ja, just try the section that I've said in bold first, and if that failed, then you can try to change the policies from DROP to ACCEPT.
 
>_<
Neither of them worked either. So... I dunno what else to tell you...
Let me know if you want me to re-try any of it and give you readouts of the iptables/numbers/whatever you call it.
Sorry if i'm not being so helpful today, i'm not feeling so great. And this is really starting to get me down... sorry.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X