On Wednesday 22 June 2005 20:36, Jong Hian Zin wrote: > http://202.188.95.52:8080/speedometer/ > > The bandwidth test Java applet can be loaded, but unable to start the Does it work if not going through the OpenWRT? > iptables -A INPUT -m state --state INVALID -j DROP > iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT You could consolidate these INPUT rules with the ones in FORWARD and OUTPUT. I use a chain named "State" which I call from INPUT and FORWARD. (I don't do OUTPUT filtering, seems pointless to me.) > iptables -A INPUT -p tcp --dport 22 -j ACCEPT You're DNAT'ing your 22/tcp, so that would hit the FORWARD chain. > iptables -A INPUT -j input_rule These "*_rule" chains do not appear to be used for anything. > Any idea what is blocking the bandwidth test Java applet? Not from what you posted. iptables-save(8) would be easier to follow. But you can probably troubleshoot this on your own by putting in -j LOG rules for -s/-d 202.188.95.52 traffic. Try it and see what you get. Is the openwrt capable of normal logging? Or maybe to a remote syslog server? -- mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header
