HELP> Port Forwarding issue on virtual interface

Discussion in 'Tomato Firmware' started by remlei, May 9, 2014.

  1. remlei

    remlei Networkin' Nut Member

    Im having problems regarding port forwarding on virtual interface

    first I created a interface on eth0 using IP address

    ifconfig eth0:1 netmask up
    amd it works fine with lighttpd bind on that virtual interface, lan can view the page just fine, so my next goal is to make it accessible over the internet by going to Port Forwarding page in TomatoUSB shibby;

    external port : 80
    internal port: blank
    internal ip:

    now here is the issue, I can access the webpage by just typing my WAN IP on my browser while still connected to my VDSL2 connection. But when I used my 3G connection, webpage doesnt view at all, although I can access tomatousb admin page on port 90 and transmission on port 9091. I used a proxy service to double check it but alas it still wont access the webpage.

    Any ideas?
  2. koitsu

    koitsu Network Guru Member

    You cannot use the Port Forward GUI interface to "forward a port" to the _router itself_ (neither its "real" IP or an IP alias (what you keep calling a "virtual interface" -- it's actually called an IP alias), doesn't matter) -- port forwarding in the GUI only works if you plan on forwarding a port to a different machine on your network.

    Instead you need to write some actual iptables rules that do things differently. Please see this post, where I provide many links and an example of what you need to do to accomplish your task:

    If you still need help after-the-fact, let me know here in this thread please.
    Last edited: May 10, 2014
    remlei likes this.
  3. remlei

    remlei Networkin' Nut Member

    thanks for the reply, after I did follow on your suggestion, I did finally make it work (with the help of google since im not really familiar with iptables).

    I did use this to make the ip alias to properly forward to internet

    iptables -t nat -A WANPREROUTING -p tcp --dport 80 -j DNAT --to-destination
    iptables -A INPUT -p tcp -d --dport 80 -j ACCEPT
    Thanks koitsu for the help.
  4. koitsu

    koitsu Network Guru Member

    Note that you're not forwarding the packet "to the Internet", all this effectively does is allow the packet to have its destination address rewritten to (the router itself) and done in a certain area of the firewall layer where the router itself will end up "handing the packet off to the userland process" (lighttpd) correctly. "The Internet" isn't involved in this, just to be clear.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice