1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can't access server on WRTSL54GS

Discussion in 'Networking Issues' started by John Tweedell, Dec 3, 2006.

  1. John Tweedell

    John Tweedell LI Guru Member

    I am trying to run an a small server on my WRTSL54GS. My application is listening on the routers LAN address (192.168.0.1), port 1234. I have port redirection set up to forward port 1234 from the external address to 192.168.0.1, port 1234. I have used this approach because I see that is how the routers internal web server is set up.
    It seems like this should work, yet I can't connect from outside the LAN.
    Is there something I'm overlooking?

    Thanks for any help.
    JET

    PS Using Firmware Version : v2.00.5, HyperWRT + thibor15b .
    And yes, I can access the server just fine from the LAN and it works perfectly.
     
  2. grcore

    grcore Network Guru Member

    you are running a server internally on the SL? you dont forward to the SL, it wont work. delete that entriy (delete it, not just disable it)

    try this

    iptables -I INPUT -p 1234 -j ACCEPT


    g
     
  3. John Tweedell

    John Tweedell LI Guru Member

    I have deleted all my other forwards/redirects/etc, and added
    iptables -I INPUT -p tcp --sport 1234 -j ACCEPT

    which still does not work.

    here is the .ipt file:
    *mangle
    :pREROUTING ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    -I PREROUTING -i br0 -j MARK --set-mark 256
    COMMIT
    *nat
    :pREROUTING ACCEPT [0:0]
    :pOSTROUTING ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    -A PREROUTING -i eth1 -d 192.168.0.0/24 -j DROP
    -A PREROUTING -p tcp -m tcp -d my.i.p.address --dport 8080 -j DNAT --to-destination 192.168.0.1:80
    -A PREROUTING -p icmp -d my.i.p.address -j DNAT --to-destination 192.168.0.1
    -A PREROUTING -d my.i.p.address -j TRIGGER --trigger-type dnat
    -A POSTROUTING -o eth1 -j MASQUERADE
    -A POSTROUTING -o br0 -s 192.168.0.0/24 -d 192.168.0.0/24 -j MASQUERADE
    COMMIT
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :logaccept - [0:0]
    :logdrop - [0:0]
    :logreject - [0:0]
    :trigger_out - [0:0]
    :lan2wan - [0:0]
    -A INPUT -m state --state INVALID -j DROP
    -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -i lo -m state --state NEW -j ACCEPT
    -A INPUT -i br0 -m state --state NEW -j ACCEPT
    -A INPUT -p tcp -m tcp -d 192.168.0.1 --dport 80 -j logaccept
    -A INPUT -p icmp -j logaccept
    -A INPUT -p igmp -j logaccept
    -A INPUT -p tcp -m tcp --dport 113 -j ACCEPT
    -A INPUT -j logdrop
    -A FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1461: -j TCPMSS --set-mss 1460
    -A logaccept -m state --state NEW -j LOG --log-prefix "ACCEPT " --log-tcp-sequence --log-tcp-options --log-ip-options
    -A logaccept -j ACCEPT
    -A logdrop -m state --state NEW -j LOG --log-prefix "DROP " --log-tcp-sequence --log-tcp-options --log-ip-options
    -A logdrop -j DROP
    -A logreject -j LOG --log-prefix "WEBDROP " --log-tcp-sequence --log-tcp-options --log-ip-options
    -A logreject -p tcp -m tcp -j REJECT --reject-with tcp-reset
    COMMIT


    and this is what iptables -L produces:
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    ACCEPT udp -- anywhere anywhere udp spt:1234
    ACCEPT tcp -- anywhere anywhere tcp spt:1234
    DROP all -- anywhere anywhere state INVALID
    ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
    ACCEPT all -- anywhere anywhere state NEW
    ACCEPT all -- anywhere anywhere state NEW
    logaccept tcp -- anywhere bluebonnet tcp dpt:www
    logaccept icmp -- anywhere anywhere
    logaccept igmp -- anywhere anywhere
    ACCEPT tcp -- anywhere anywhere tcp dpt:auth
    logdrop all -- anywhere anywhere

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN tcpmss match 1461:65535 TCPMSS set 1460

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    Chain lan2wan (0 references)
    target prot opt source destination

    Chain logaccept (3 references)
    target prot opt source destination
    LOG all -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `ACCEPT '
    ACCEPT all -- anywhere anywhere

    Chain logdrop (1 references)
    target prot opt source destination
    LOG all -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `DROP '
    DROP all -- anywhere anywhere

    Chain logreject (0 references)
    target prot opt source destination
    LOG all -- anywhere anywhere LOG level warning tcp-sequence tcp-options ip-options prefix `WEBDROP '
    REJECT tcp -- anywhere anywhere tcp reject-with tcp-reset

    Chain trigger_out (0 references)
    target prot opt source destination


    Still looking for an answer.

    Thanks,
    JET
     

Share This Page