1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Port forwarding doesn't work

Discussion in 'Tomato Firmware' started by turbo123, Nov 3, 2013.

  1. turbo123

    turbo123 Reformed Router Member

    I have WRT54GL v1.1 router with Tomato firmware running on it. I'm using Toastman version of Tomato, which can be found on this link: http://www.4shared.com/file/GnS5_9DJ/tomato-WRT54G_WRT54GLUSB-12876.html. I also added USB port to router, so I could run webserver on it.

    I sucessfully installed Lighttpd on /opt partition on router and I got it working. Port of Lighttpd is 8081. I can connect to website with, but the problem is I can't forward ports, so the website would be accessible from internet.

    My ISP is not blocking port 80, as I have already had other routers, which worked on port 80. This router is directly connected to modem (NOT router!). I can't also forward any other ports.

    Some screenshots:


    This doesn't work.

    I also tried manually forward ports by using iptables and adding them to administrator>scripts>firewall. This are the iptables that I entered. I'm not 100% sure they are right:

    iptables -A INPUT -p tcp --dport 80 -j ACCEPT
    iptables -t nat -A WANPREROUTING -p tcp --dport 80 -j DNAT --to-destination

    I still couldn't connect to router at port 80.

    Would it be possible to solve this issue without restoring router to defaults?

    Best regards,
  2. koitsu

    koitsu Network Guru Member

    You're correct that a port forwarding rule in the GUI will not work/do what you want. This has to do with the fact that the daemon you're using is on the router itself. In other words, if lighttpd was running on a different machine on your LAN (say, then the forward would work just fine. So, you have to use some manual iptables rules to take care of this predicament.

    The iptables rules you're using are incorrect. What you should be using is this:

    iptables -t nat -A WANPREROUTING -p tcp --dport 80 -j DNAT --to-destination :8081
    iptables -A INPUT -p tcp --dport 8081 -j ACCEPT
    And to be clear: the lack of IP address (ex. in --to-destination is very, very much intentional. It's explained by Bird333 in one of the below references.


Share This Page