1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How can I do reverse port forwarding

Discussion in 'Networking Issues' started by la_tengo_como_burro, Jan 21, 2008.

  1. la_tengo_como_burro

    la_tengo_como_burro LI Guru Member

    How can I reverse forward a port from my LAN to a different port on WAN. Port forwarding does this but only from WAN to LAN and not from the inside out.

    In other words... I want all devices in my LAN that try to access port 80 to be redirected to port 8118 once it leaves the router. Kind of a Port translation type of thing.

    LAN PORT 80 ----- router----- WAN port 8118

    I am using tomato firmware. I really appreciate your help I have been trying o do this for weeks to no avail. :confused:
  2. HennieM

    HennieM Network Guru Member

    You want http://foo.bar.com:80/ to go out to the internet as http://foo.bar.com:8118/ ?

    You won't get to any websites??, but perhaps something like this (dunno if this is right, and I have not tested it, but you might get the idea):

    iptables -A PREROUTING -i br0 -p tcp --dport 80 -d ! -j REDIRECT --to-ports 8118

    assuming your router's LAN address is

    It says: any packet coming in through interface br0 (LAN and wireless), protocol tcp (http traffic, usually), and where the destination is not the router itself (, in the prerouting stage, redirect that packet to port 8118.

    Just for info, and perhaps stating the obvious:
    Assuming you have a PC/browser, talking to the router, the router NATs, and then send the request out to some web site on the internet, say http://foo.bar.com/ , where the redirect above is NOT applied, this happens:


    where x is a port such as 1234, and y is another port such as 1243 or whatever.
  3. frenchy2k1

    frenchy2k1 LI Guru Member

    What is the point in doing this? The port you open for communication is NOT the same as the destination point. When you contact a website port 80, your PC (and router) may use port 31352 for all we know.
  4. wistlo

    wistlo Addicted to LI Member

    One reason for doing this would be to access a web site with a non-standard port, such as CPanel host sites (Bluehost, Hostgator) while using a client that's connected to a VPN tunnel and the tunnel allows local LAN access (i.e., 192.168.1.x), and external web sites only on ports 80 and 443. CPanel email hosts use 2095 and 2096 as their ports, so browser:x---routherLAN:80-routerWAN:y---webmail.bar.com:2095.

Share This Page