Port forwarding from a WAN port to a *different* LAN port

Discussion in 'HyperWRT Firmware' started by aputerguy, Sep 8, 2004.

  aputerguy

    aputerguy

    Does the HyperWRT firmware mod support forwarding of a specific WAN port to a different specified LAN port at a given LAN IP address?

    i.e. I would like to be able to specify specific, individual WAN ports to send to a different specific port at a user-specified IP address on my LAN

    This feature is critical for me to get around ports that my dsl ISP blocks.
    For example, sending WAN port 8080 -> LAN port 80 on my Apache web server t o reroute http packets

    On the WRT54g firmware that I have, I only see "Port Range Forwarding" which allows you to specify the LAN IP address but doesn't allow you to change the port numbers. I also see UPNP functionality, but that seems to be only the auto/security-risky Windoze paradigm.

    On my old BEFSR41 router, this feature was available on the screen (mis)-titled "UPNP Port Forwarding", but it seems to have disappeared from the WRT54g series.
  Esquire

    Esquire

    One can access something similar to the UPnP Forwarding you mentioned via Windows XP, provided UPnP has been detected.
  aputerguy

    aputerguy

    Perhaps I am misunderstanding, but I am not interested in UPNP; rather, I want the ability to manually configure forwarding of specific WAN ports to different LAN ports. Or are you saing that somehow when UPNP is recognized by the router, then you get a page that allows the manual configuration that I am interested in?

  Esquire

    Esquire

    I meant literally what I wrote (see below). I manually added FTP service this way so port 21 will open only when I do run my FTP service. I'm sure you can map it to different external and internal ports, although I haven't the need to do it yet.

    I know you may not be interested in UPnP, but I don't think you'll find anything like the UPnP Forwarding interface on a WRT54G.

  TazUk

    TazUk

    Re: Port forwarding from a WAN port to a *different* LAN por

    You could just configure Apache to listen on port 8080 instead :?
  aputerguy

    aputerguy

    Of course, I could change the ports of various services on my Linux server to accomodate my ISP, but I prefer to instead keep my server and LAN setup pure and instead use the router to perform the port translation.

    I am still not even sure that UPNP will do what I want but even so it has two strikes against it (for me)
    1. It requires WinXP to setup and can't be done from my Linux machine
    2. There are some security concerns (or so I have heard)

    Given this, I would probably prefer to continue using my BEFSR41 as my Gateway and then use the WRT54g just in router mode to give me wireless access (obviously, if I could figure out a way to do this single port forwarding then I could ditch the BEFSR41 and use the WRT54g as a Gateway)

  aputerguy

    aputerguy

    Alternatively, I saw somewhere else that I could always Telnet into the WRT54G and run 'iptables' with the apropriate input parameters to re-route the ports.

    iptables -t nat -I PREROUTING -p tcp -i eth1 -d <wan ip> --dport 80 -j DNAT --to <lan ip>:8080

    iptables -t nat -I PREROUTING -p udp -i eth1 -d <wan ip> --dport 80 -j DNAT --to <lan ip>:8080

    If you have a v2 or GS you need to replace eth1 with vlan1. For <wan ip> use the public ip assigned by your isp. The <lan ip> should be the internal ip address of the machine running remote desktop.

    The only problem that I saw with that is that it appears that you need to provide a specific WAN IP which of course can change over time. Not sure whether there is a way to specify the "generic" WAN IP.
  Avenger20

    Avenger20

    You can put iptable rules in AutoRun for now, HyperWRT v1.4 will have a seperate section for firewall rules :)
  aputerguy

    aputerguy

    Will HyperWRT 1.4 require you to know the WAN IP address or is there some way to just reference a variable name corresponding to the WAN IP address (this is important when you have dynamic IP addresses).

    Also any rough ETA on ver 1.4 arrival date?

  Taomyn

    Taomyn

    Sweet - can't wait :D
  emd

    emd


    So, how does one port forward to different ports?
