port-forward iptables question

Discussion in 'Tomato Firmware' started by jan.n, Jul 16, 2009.

  1. jan.n

    jan.n


    I want to forward WAN port XXX to internal machine port YYY. I know how to do it in the web interface and it works. How would I do that manually using an iptables command (for my knockd.conf)?

    I compared the output of iptables -L before and after forwarding the port (using the web interface), but all I noticed was a rule added to the "wanin" chain. Shouldn't there be something like a NAT setting?

    I'm afraid of doing something silly so I thought I ask the experts first :redface:
  2. mstombs

    mstombs

    Look at what is also added to the nat PREROUTING table with

    iptables -nvL -t nat
  3. jan.n

    jan.n


    Is this correct? It's meant to forward wan:443 to LAN:80...

    iptables -t nat -I PREROUTING -p tcp -d $(nvram get wan_ipaddr) --dport 443 -j DNAT --to 192.168.X.X:80
    iptables -I FORWARD -p tcp -d 192.168.X.X --dport 80 -j ACCEPT

