Hi all,
anyone knows wich ports or wich Dyndns IPs I have to open to input firewall rules on my board?
I have problems running the script of dyndns with all my ip firewall rules activated and if I disable the drop everything else rule, it works.
I opened source port 80 in input and it receive matches, but the script don’t work with only this rule.
chain=input action=accept protocol=tcp src-port=80
Thanks,
You should not need any input rules to allow traffic inbound for a ddns update. You might need an accept established / related rule to allow the response to come back in. Traffic leaving the router will be on the output chain.
Are you using connection tracking? If so, add the established / related rules to your input and forward chains (if not already there).
Hi,
I had the forward rules only for related and establiched.
Now it works. I added:
add action=accept chain=input comment="allow established connections" \
connection-state=established disabled=no
add action=accept chain=input comment="allow related connections" \
connection-state=related disabled=no
Thanks,
I helped me as well 