cancel
Showing results for 
Search instead for 
Did you mean: 

DG834 and L8NC Graphing

N/A

DG834 and L8NC Graphing

Not sure if anyone else would be interested in this but...

I'm using the L8NC graphing service to monitor my latency and other issues and using the DG834 without manually editing rules I couldn't find a way of allowing only the l8nc server to receive echo-replies...

However, using the telnet interface (http://<router ip>setup.cgi?todo=debug) you can manually add the approriate rule to the input iptables chain...

iptables -A INPUT -p icmp -s 80.249.110.123 --icmp-type echo-request \
-j ACCEPT -m limit --limit 1/s


For those who are unsure about the above:
-A INPUT = Append rule to the specified table (in this case Append to input)
-p icmp = Protocol, icmp
-s 80.249.110.123 = match this source ip address
--icmp-type echo-request = match incomming ping packes
-j ACCEPT = Target chain,in this case accept
-m limit --limit 1/s = allow only incomming packets at a rate of 1 per second

R.
4 REPLIES
Community Veteran
Posts: 1,656
Registered: 13-06-2007

DG834 and L8NC Graphing

I just switched on the reply to pings on the wan port and it seems to work!
Community Veteran
Posts: 14,469
Registered: 30-07-2007

DG834 and L8NC Graphing

But then it will reply to anyone pinging your router. The point of the original post is to only respond to pings from the L8NC server so everyone else just gets nothing so they don't know there is anything connected to the IP address. Hackers often ping IP addresses to see if they get a reply and they try to target the IP.

The only problem with the OPs solution is a reboot or power cycle will loose the setting and you will have to manually set it again.
Community Veteran
Posts: 1,656
Registered: 13-06-2007

DG834 and L8NC Graphing

ah ok, apologies peter
N/A

DG834 and L8NC Graphing

And as I've just found the ruddy built in cron job resets it at midnight.

I wish Netgear would release a method of altering the default rules set so I don't have to keep poking it with a sharp pointy thing Wink


(Or even better allow proper access to the iptables rule set which would make a very good powerful router even better...)