1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Port Forwarding Problem with v1.21

Discussion in 'Tomato Firmware' started by Majick, Nov 2, 2008.

  1. Majick

    Majick Addicted to LI Member

    Hi,

    I've recently purchased a WRT54GL and an ADSL2MUE modem for my home setup. There IP’s are 192.168.0.1 and 192.168.1.1 respectively.

    I’ve installed Tomato v1.21 on the router and everything seems to be working correctly apart from Port Forwarding. The two applications I’ve been trying to get to work are uTorrent and a Ventrilo server.

    For example: uTorrent is using port 15822 on running on a machine with ip 192.168.0.10, and I’ve set up the following in Port Forwarding.

    Code:
    On      Proto      Src Address      Ext Ports      Int Port      Int Address      Description
    On      Both                          15822                      192.168.0.10      utorrent
    
    However, when I use the uTorrent port forwarding checker, it informs me that that port isn’t forwarded, and I can’t work out why.

    I haven’t changed many of the default settings and QoS is turned off currently.

    My setup is as follows

    ADSL2MUE is using PPPoA
    WRT54GL is using Static with the modem set as the Gateway.

    Anyone have any suggestions as to what I’m doing wrong. I’ve tried searching for information in this forum and google and can’t seem to turn up any solution.

    Thanks for you help

    Edit: UPnP is enabled on both my router and uTorrent
    Edit: Modem is @ 192.168.1.1 not 192.168.0.1
     
  2. mstombs

    mstombs Network Guru Member

    With Linksys firmware on the modem you will be running double NAT, and as far as I can recall there is no way to enable dmz via the web interface. I assume one of the devices is at default 192.168.1.1? If your ISP supports pppoe you can put the modem in full bridge mode and use the Tomato pppoe client.

    If stuck with pppoa only:-

    With RouterTech firmware on the modem you will be able put the router in the modems dmz, or use the half-bridge script to bypass the nat routing/firewall in the modem completely (needs a small firewall script in tomato to work best).
     
  3. Majick

    Majick Addicted to LI Member

    Yea, my Modem is currently using 192.168.1.1 (not 192.168.0.1 as I mistyped above). My ISP doesnt support pppoe and i'm stuck with pppoa. Ill have a loot at this RouterTech firmware and see if it can solve my problem. Thanks for the help.
     
  4. Majick

    Majick Addicted to LI Member

    I've managed to get RouterTech on my modem, you mentioned a half-bridge script that I would need to install to bypass the modems firewall etc.

    You couldn't be so kinda to point me in the direction of how thats done :)

    Cheers

    Edit: Got it working using the DMZ, does the half bridge method offer any advantages?
     
  5. mstombs

    mstombs Network Guru Member

    The "experimental" Half-bridge script is built-in to the RouterTech firmware (hasn't changed since RT2.5) - see the ppphb.txt readme in the firmware download docs. The advantage is that it passes the ISP WANIP to the Tomato router, and can turn-off as much functionality as possible in the modem, no problems with unnecessary connection tracking running out of memory for example.

    The main downside is that this functionality is not built-in to the modem - its just an add-on (but it works for me....)

    Others are,

    1) Need a small firewall script to fix old Linksys udhcpc accept script bug (Gateway will not be in network defined by IP address and netmask)

    see

    http://www.linksysinfo.org/forums/showthread.php?p=301161

    and

    2) Need a short lease time for modem to pass on new WAN IP when IP changes - I don't know how to reliably tell Tomato to try a dhcpc renew when internet connection down, so can take a couple of minutes to settle down should the modem retrain.
     
  6. Majick

    Majick Addicted to LI Member

    So if I understand that correctly by using the half-bridge script, my Router will be able to manage my WAN connection, rather than the modem so the modem doesn’t have to forward the port to the router which forwards them again? Or am I completely off track there. (Networking has never been my strong point, I still have nightmares about the 6 months I spent working in networks :s)

    With performing the HB, I assume on the router I would:

    Go to system -> Run Command -> “pppHB.sh initâ€

    Then I would add the script to Tomato to run on Firewall start up?

    Would I need to do the final step if I have a static IP with my ISP?

    I’ve also noticed when I use my WRT + ADSL2MUE setup, I’m no long able to connect to World of Warcraft (freeze as soon as I’m authorised) and MSN Messager wont connect either (Port problem). However the utorrent port works fine :). Both WoW and MSN worked before I installed RouterTech. Is this likely to have anything to do with the setup using the DMZ and could the HB setup solve this, or is it more likely I’ve got some dubious setting somewhere?

    Thanks again for you help btw :D
     
  7. mstombs

    mstombs Network Guru Member

    Correct, the modem should just do the pppoa endpoint then only route to/from the router without the unnecessary connection tracking.

    That's one way - you should be able to use "pppHB.sh init -nofw" to disable the firewall in the modem, you should also first set a short lease time in the LAN dhcp setup, say 60 seconds, then saveall.

    Yes, copy and paste into the firewall script box, no harm in doing this before the previous step.

    Not sure for a single IP, may still have issue with Gateway and netmask. If you have a block of IP addresses you can give one to the modem and just run in no-NAT mode, then the router would specify the modem as its Gateway.

    Doesn't seem right double NAT + DMZ should work! Maybe an MTU problem, test by reducing MTU in the router to 1400, the default in RouterTech for pppoa is 1500, may have been lower in Linksys - you did reset to defaults after loading new firmware?
     
  8. Majick

    Majick Addicted to LI Member

    Cheers, that worked perfectly.

    Good call on the MTU size as well, was 1498 on the modem but 1500 on the router, changed that and MSN and WoW now connect.

    Thanks for all your help :) Finally I've got QoS working :)
     
  9. Majick

    Majick Addicted to LI Member

    Hmm, I think I spoke to soon :p

    The whole system was working great for about 2 hours, and then I seem to be having a problem with the modem consistanly disconnecting from my ISP. I switched back to my old router/modem and eveything works fine, but as soon as I go back to the ADSL2MUE it keeps DCing.

    I've noticed a few things in the System Log on the ADSL2MUE, and I'm wondering if these are something to do with the problem.

    Code:
    Oct  5 07:46:01 | DSL Carrier is up
    Oct  5 07:46:01 | sar read trained mode (1)(ADSL_G.dmt)
    Oct  5 07:46:02 | Couldn't increase MRU to 1500
    Oct  5 07:46:02 | pppHB.sh ip-down: Connect Time= 58 Bytes Sent= 1954 Rcvd= 185
    Oct  5 07:46:02 | pppHB.sh: udhcpd started with conf /var/tmp/pppHBdefault.conf 
    Oct  5 07:46:07 | PPPD Terminated Through Signal
    Oct  5 07:46:07 | Connection terminated.
    Oct  5 07:46:07 | pppd 2.4.1 started by root, uid 0
    Oct  5 07:46:07 | Connect: ppp0 {--} 
    Oct  5 07:46:07 | Couldn't increase MRU to 1500
    Oct  5 07:46:11 | DSL Carrier is down
    Oct  5 07:46:11 | PPPD Successfully Started 
    Oct  5 07:46:31 | DSL Carrier is up
    Oct  5 07:46:32 | sar read trained mode (1)(ADSL_G.dmt)
    Oct  5 07:46:32 | pppd 2.4.1 started by root, uid 0
    Oct  5 07:46:32 | Connect: ppp0 {--} 
    Oct  5 07:46:32 | Couldn't increase MRU to 1500
    Oct  5 07:46:38 | PPPD Successfully Started 
    Oct  5 07:46:41 | DSL Carrier is down
    Oct  5 07:47:01 | DSL Carrier is up
    Oct  5 07:47:01 | sar read trained mode (1)(ADSL_G.dmt)
    Oct  5 07:47:01 | pppd 2.4.1 started by root, uid 0
    Oct  5 07:47:01 | Connect: ppp0 {--} 
    Oct  5 07:47:01 | Couldn't increase MRU to 1500
    Oct  5 07:47:01 | Couldn't increase MTU to 32725
    Oct  5 07:47:01 | Couldn't increase MRU to 1500
    Oct  5 07:47:04 | Connection terminated.
    Oct  5 07:47:04 | pppd 2.4.1 started by root, uid 0
    Oct  5 07:47:04 | Connect: ppp0 {--} 
    Oct  5 07:47:04 | Couldn't increase MRU to 1500
    Oct  5 07:47:05 | modulation(0x1)
    Oct  5 07:47:08 | PPPD Successfully Started
    
    The MRU on the modem is set to 1450 and so is the Routeres MTU (I assumed these are both refering to the same thing, as I couldn't see a MTU setting on the ISP setup page). My concern is the modem seems to be trying to increase the MRU to 1500 and the MTU to 32725, which seems very odd to me.

    Any suggestions?
     
  10. mstombs

    mstombs Network Guru Member

    I've never seen this message before

    Code:
    Oct  5 07:47:01 | Couldn't increase MTU to 32725
    but the MRU messages are nothing to worry about - pppd can't set the MRU to 1500 because you have selected lower in the connection setup.

    You do need to sort out the disconnections - which RouterTech firmware file for the ADSL2MUE did you select? The 4MB flash version has an alternative DSP driver - I recall the default is 7.3 and the alternate 6.2 selected by "setenv dsp_ver dsp62A".

    The ADSL2MUE is not as robust a dsl modem as others I have even with same Ti AR7 chipset - I had a lot of problems with the stock Linksys firmware and there was a time when mine wouldn't sync in ADSL2+ with the Linksys 5V 1A PSU, but would work with the 5V 2A from my NSLU2 or fonera - but my repaired test one is working fine at the moment, hasn't dropped since I last fiddled with it

    Code:
    Firmware version:  	 RouterTech_3.6.0D_20081005_2.70 (20081005062914)
    WAN Uptime: 	22hr 8min 10sec ("TalkTalk") 
    
    Software Versions
    Gateway 	  	3.6.0D
    ATM Driver 	  	7.03.09.00
    DSL HAL 	  	7.03.00.01
    DSL Datapump 	  	7.03.01.00 Annex A
    
    var # cat /proc/avalanche/avsar_modem_stats
    
    AR7 DSL Modem Statistics:
    --------------------------------
    [DSL Modem Stats]
            US Connection Rate:     444     DS Connection Rate:     8124
            DS Line Attenuation:    18.4    DS Margin:              16.8
            US Line Attenuation:    9.3     US Margin:              0.4
            US Payload :            210144  DS Payload:             222240
            US Superframe Cnt :     4692769 DS Superframe Cnt:      4692769
            US Transmit Power :     12      DS Transmit Power:      19
            LOS errors:             0       SEF errors:             0
            Errored Seconds:        32      Severely Err Secs:      0
            Frame mode:             0       Max Frame mode:         0
            Trained Path:           0       US Peak Cell Rate:      1047
            Trained Mode:           16      Selected Mode:          1
            ATUC Vendor Code:       4946544E        ATUC Revision:  2
            Hybrid Selected:        1       Trellis:                1
            Showtime Count:         1       DS Max Attainable Bit Rate: 14488 kbps
            BitSwap:                1       US Max Attainable Bit Rate: 1040000 bps
            Annex:                  AnxA    psd_mask_qualifier: 0x0000
            ATUC ghsVid:  b5 00 49 46 54 4e 71 57
            T1413Vid: 00 00         T1413Rev: 00            VendorRev: 00
            ATUR ghsVid:  b5 00 54 53 54 43 00 00
            T1413Vid: 00 00 T1413Rev: 00    VendorRev: 00
    
            [Upstream (TX) Interleave path]
            CRC:    0       FEC:    0       NCD:    0
            LCD:    0       HEC:    0
    
            [Downstream (RX) Interleave path]
            CRC:    0       FEC:    0       NCD:    0
            LCD:    0       HEC:    0
    
            [Upstream (TX) Fast path]
            CRC:    0       FEC:    0       NCD:    0
            LCD:    0       HEC:    0
    
            [Downstream (RX) Fast path]
            CRC:    47      FEC:    0       NCD:    0
            LCD:    0       HEC:    0
    I suspect the entry "US Margin: 0.4" is a problem of compatibility/ reporting with my ISP due to capped line, but it behaved slightly differently with RT2.6 which used subtly different dsp 7.3 drivers.
     
  11. Majick

    Majick Addicted to LI Member

    I'm currently using "RouterTech_3.6.0D_20081005_2.70_AR7RD-1Port_psbl_firmware.upgrade.img" and not the 4mb version, should I look to updating the current version to the 4mb?

    You mention that the ASDL2MUE isn't too robust, would it be better looking at an alternate modem for my setup if I wanted something completely stable? I managed to get the ASDL2MUE quite cheap second hand, so its no great loss to ditch it now if need by.
     
  12. mstombs

    mstombs Network Guru Member

    If you intend to use only as half-bridge - the only extra feature I can recall in the 4MB version is the multiple DSP drivers, but I happen to be using the 2MB one as well at present. The ADSL2MUE (mine at least) is unusual in that it has 4MB flash 16MB ram so is useful to experiment with. You can enable a minix NVRAM and load extra drivers etc.

    If your ISP is ADSL1 only, it is worth trying the older 6.2 driver in the 4MB version, can also look at tweaks using the Routerstats logger :-

    http://www.routertech.org/viewtopic.php?t=1501

    But of course if it fails to do the basic job modem not much use - what chipset is the modem/router that works well on your line.
     
  13. Majick

    Majick Addicted to LI Member

    My current router/modem is the Netgear DG834Gv2 which i've had for quite a few years. I believe the chipset is Texas Instrument AR7, but thats just from looking it up on wikipedia :)

    I'll try the other version of the firmware after work tomorrow and let you know how I get on :)
     
  14. Majick

    Majick Addicted to LI Member

    OK, running with the older version of the firmware, so far so good. Ill see how it goes over night with the torrents running and see if it suffers from any DC's at all (fingers crossed) and report back.

    Thanks again for all your help :)

    For the benifit of anyone reading this thread in the future, I found how to change the DSP Driver here
     
  15. Majick

    Majick Addicted to LI Member

    Grrr, for some reason I appear to still have problems with this set up. The router seems to be ok for a period of time (maybe 3-6 hours) and then DC's and then continually connects and disconnects.

    However, when ever I use my DG834Gv2 it seems to be solid as a rock.

    One think I have noticed on my ADSL2MUE is it always has a red power light, and from reading around this seems to indicate a problem with my modem, although there seems to be no real confirmation of this from Linksys. With concerns about that, and also been unable to get the setup to work correctly for me, I’m considering just going for a new modem, and search around for one that offers a half-bridge mode by default. However, I was wondering it if I could do something with my DG and use my WRT for QoS still, and of course save getting a new modem.

    Would the following work:
    • Turn off the NAT on the DG.
    • Turn of the firewall on the DG.
    • Connect the DG to the WRT using the WAN port.

    Would make the DG basically act as a modem and allow my WRT to deal with NAT, Firewalling, QoS etc?
     
  16. mstombs

    mstombs Network Guru Member

    The red Led is a result of the default led conf in RouterTech, that can be fixed by setting an env var to use a customized ADSL2MUE led conf "setenv led_conf led.adsl2mue", this turns the red power led off when the internet is connected. (Can also turn it off with the command "Led power 1"). The power Led is red in hardware by default, with Linksys firmware a red Led alone indicates a major firmware problem.

    Do you have an alternative PSU you can try - the poorly regulated Linksys supplied 5V1A is barely sufficient, 5V2A rated ones can sometimes work better, but the weak point maybe the internal tiny 5V to 3.3V regulator.

    The DG834Gv2 is a similar Ti AR7 chipset, so your problem highlights how the so called "AR7 bug" is a complex issue of hardware/firmware and ADSL connection. I believe the dsp73A driver in RT2.6 was the same as the so called bug fixed Netgear version - but I recall some folk had problems with it.

    The DG834v2 should work with Tomato in double-NAT mode (+dmz). What you describe is basically what the RouterTech Half bridge script does - the Netgear has similar Linux kernel but different web gui and "core logic" I suspect you will have difficulty in getting it to work in no-NAT mode.

    See this thread for discussion of other Adsl modems for UK pppoa.

    http://www.linksysinfo.org/forums/showthread.php?t=59489

    I have no direct experience of the Draytek Vigor, but it is clearly designed to do the job with pppoa and routers. Speedtouch 536/546 (Broadcom chipset) are often very cheap on ebay. My ST546V6 seems to work well (but its not obviously Linux) - it has an 18V 1A rated psu don't know if that is significant!
     
  17. Domini

    Domini Addicted to LI Member

    Hay

    I have exatcly the same problem. Portforward doesnt working. I have WRT54GL v1.1 router connected to Iskratel Prospero modem, i have 20MB/20MB internet line.
    Pppoe connection established whit Linksy router, dhcp disabled, IPs added mannualy (static).
    If I flash Linksy whit DD WRT firmware Portforward works great, but it seems i cant get full upload speed whit DD WRT. If I use Tomato i can get full upload speed ( real 2,4 MB/s) but as i said Portforward doesnt work only UPNP work.
    I like Tomato very much, so if enybody knows how do i fix this issue, youre welcome ;)
     
  18. Domini

    Domini Addicted to LI Member

    Enybody?
     
  19. Majick

    Majick Addicted to LI Member

    Went for the Draytek Vigor in the end, worked straight out the box :) Hopefully it will hold up for longer than the ADSL2MUE. Thanks again for all your help :D

    Oh and for info for future readers, the Firewall script still needs to be installed for port forwarding to work correctly.

    @Domini the script might help with your issue, but as you can tell by this thread I'm no expert!
     
  20. baldrickturnip

    baldrickturnip LI Guru Member

    I thought I might add to this thread concerning a problem I seem to be having with port forwarding with tomato.

    I have noticed that the port forwarding configuration only allows 50 individual port entries , but I want to know if it will only allow 20 of those to be active concurrently.

    I have added a 54GL to my network with the WAN port facing an untrusted network and configured 30 ports to forward to the webservers of IPcams. I can only seem to have 20 of those cameras active at any one time through the WAN forwarded ports.
    I have tested that they will all work , but only a combination of 20 at any 1 time.

    is this correct and is there a change I can make to allow more ports to be concurrently active ?

    thanks
     
  21. mstombs

    mstombs Network Guru Member

    @Majick Are you using the pppoa to pppoe conversion in the Draytek? If so I don't see why you need the firewall script!

    @Domini I don't think your problem is the same, are you setting portforwards only to machines with dhcp reserved IP addresses?

    @baldrickturnip If the web gui allows 50 entries but only 20 active this suggests a bug, I suggest you check the output of

    Code:
    iptables -L -vn
    iptables -L -vn -t nat
    You should see your rules appear there, if not I suggest you report to the author Jon
     
  22. baldrickturnip

    baldrickturnip LI Guru Member

    I have done the iptables commands and posted the output below. I am not sure how to interpret it properly , but it looks correct as to the port forwarding I configured in the GUI for the 30 cameras. It still will only display 20 at a time. If I get a drop in the data stream ( some IP cams are wifi ) another camera will start and the dropped one will not restart - still only total 20 out of 30 are on at one time.

    I maybe should note that the 54GL is not the gateway configured on the webcams , but I have added a static route pointing to this 54GL as gateway for 192.168.1.0 range replies.

    some more info
    a netstat on the windows box running the multiviewer for the cameras shows all the ports for the webservers have an established TCP connection to them , but on the router QoS details page only the cameras that are displaying have 2 TCP ports open.

    any assistance appreciated :)

    Code:
    # cd ..
    # cd ..
    # ls
    etc   home  mnt   var
    # cd etc
    # iptables -L -vn
    Chain INPUT (policy DROP 46 packets, 6649 bytes)
     pkts bytes target     prot opt in     out     source               destination
        0     0 DROP       0    --  br0    *       0.0.0.0/0            192.168.1.12
        0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID
      864 81306 ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
       47  2813 ACCEPT     0    --  br0    *       0.0.0.0/0            0.0.0.0/0
       19  1140 ACCEPT     0    --  lo     *       0.0.0.0/0            0.0.0.0/0
        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.222.12      tcp dpt:80
    
    Chain FORWARD (policy DROP 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination
        0     0 ACCEPT     0    --  br0    br0     0.0.0.0/0            0.0.0.0/0
        0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID
        0     0 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 tcpmss match 1461:65535 TCPMSS set 1460
     405K  189M ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
       73  3504 wanin      0    --  vlan1  *       0.0.0.0/0            0.0.0.0/0
        5   284 wanout     0    --  *      vlan1   0.0.0.0/0            0.0.0.0/0
        5   284 ACCEPT     0    --  br0    *       0.0.0.0/0            0.0.0.0/0
    
    Chain OUTPUT (policy ACCEPT 1041 packets, 331K bytes)
     pkts bytes target     prot opt in     out     source               destination
    
    Chain wanin (1 references)
     pkts bytes target     prot opt in     out     source               destination
        3   144 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.222.21      tcp dpt:4421 2 96 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.222.22      tcp dpt:4422 2 96 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.222.23      tcp dpt:4423 2 96 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.222.24      tcp dpt:4424 2 96 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.222.25      tcp dpt:4425 2 96 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.222.26      tcp dpt:4426 3 144 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.222.51      tcp dpt:4451 2 96 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.222.52      tcp dpt:4452 2 96 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.222.53      tcp dpt:4453 3 144 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.222.54      tcp dpt:4454 3 144 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.222.55      tcp dpt:4455 3 144 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.222.56      tcp dpt:4456 3 144 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.222.57      tcp dpt:4457 3 144 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.222.58      tcp dpt:4458 3 144 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.222.59      tcp dpt:4459 3 144 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.222.66      tcp dpt:4466 3 144 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.222.67      tcp dpt:4467 3 144 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.222.68      tcp dpt:4468 3 144 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.222.69      tcp dpt:4469 3 144 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.222.70      tcp dpt:4470 2 96 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.222.71      tcp dpt:4471 2 96 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.222.72      tcp dpt:4472 2 96 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.222.73      tcp dpt:4473 2 96 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.222.96      tcp dpt:4496 2 96 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.222.97      tcp dpt:4497 2 96 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.222.98      tcp dpt:4498 2 96 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.222.99      tcp dpt:4499 2 96 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.222.100     tcp dpt:4500 2 96 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.222.101     tcp dpt:4501 2 96 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.222.102     tcp dpt:4502
    
    Chain wanout (1 references)
     pkts bytes target     prot opt in     out     source               destination
    # iptables -L -vn -t nat
    Chain PREROUTING (policy ACCEPT 384 packets, 107K bytes)
     pkts bytes target     prot opt in     out     source               destination
        0     0 DROP       0    --  vlan1  *       0.0.0.0/0            192.168.222.0/24
        0     0 DNAT       icmp --  *      *       0.0.0.0/0            192.168.1.12        to:192.168.222.12
        0     0 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.12        tcp dpt:80 to:192.168.222.12:80
        3   144 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.12        tcp dpt:4421 to:192.168.222.21
        2    96 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.12        tcp dpt:4422 to:192.168.222.22
        2    96 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.12        tcp dpt:4423 to:192.168.222.23
        2    96 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.12        tcp dpt:4424 to:192.168.222.24
        2    96 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.12        tcp dpt:4425 to:192.168.222.25
        2    96 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.12        tcp dpt:4426 to:192.168.222.26
        3   144 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.12        tcp dpt:4451 to:192.168.222.51
        2    96 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.12        tcp dpt:4452 to:192.168.222.52
        2    96 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.12        tcp dpt:4453 to:192.168.222.53
        3   144 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.12        tcp dpt:4454 to:192.168.222.54
        3   144 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.12        tcp dpt:4455 to:192.168.222.55
        3   144 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.12        tcp dpt:4456 to:192.168.222.56
        3   144 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.12        tcp dpt:4457 to:192.168.222.57
        3   144 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.12        tcp dpt:4458 to:192.168.222.58
        3   144 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.12        tcp dpt:4459 to:192.168.222.59
        3   144 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.12        tcp dpt:4466 to:192.168.222.66
        3   144 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.12        tcp dpt:4467 to:192.168.222.67
        3   144 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.12        tcp dpt:4468 to:192.168.222.68
        3   144 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.12        tcp dpt:4469 to:192.168.222.69
        3   144 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.12        tcp dpt:4470 to:192.168.222.70
        2    96 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.12        tcp dpt:4471 to:192.168.222.71
        2    96 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.12        tcp dpt:4472 to:192.168.222.72
        2    96 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.12        tcp dpt:4473 to:192.168.222.73
        3   144 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.12        tcp dpt:4496 to:192.168.222.96
        2    96 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.12        tcp dpt:4497 to:192.168.222.97
        2    96 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.12        tcp dpt:4498 to:192.168.222.98
        2    96 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.12        tcp dpt:4499 to:192.168.222.99
        2    96 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.12        tcp dpt:4500 to:192.168.222.100
        2    96 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.12        tcp dpt:4501 to:192.168.222.101
        2    96 DNAT       tcp  --  *      *       0.0.0.0/0            192.168.1.12        tcp dpt:4502 to:192.168.222.102
    
    Chain POSTROUTING (policy ACCEPT 96 packets, 5085 bytes)
     pkts bytes target     prot opt in     out     source               destination
        0     0 SNAT       tcp  --  *      *       192.168.222.0/24     192.168.222.21      tcp dpt:4421 to:192.168.222.12
        0     0 SNAT       tcp  --  *      *       192.168.222.0/24     192.168.222.22      tcp dpt:4422 to:192.168.222.12
        0     0 SNAT       tcp  --  *      *       192.168.222.0/24     192.168.222.23      tcp dpt:4423 to:192.168.222.12
        0     0 SNAT       tcp  --  *      *       192.168.222.0/24     192.168.222.24      tcp dpt:4424 to:192.168.222.12
        0     0 SNAT       tcp  --  *      *       192.168.222.0/24     192.168.222.25      tcp dpt:4425 to:192.168.222.12
        0     0 SNAT       tcp  --  *      *       192.168.222.0/24     192.168.222.26      tcp dpt:4426 to:192.168.222.12
        0     0 SNAT       tcp  --  *      *       192.168.222.0/24     192.168.222.51      tcp dpt:4451 to:192.168.222.12
        0     0 SNAT       tcp  --  *      *       192.168.222.0/24     192.168.222.52      tcp dpt:4452 to:192.168.222.12
        0     0 SNAT       tcp  --  *      *       192.168.222.0/24     192.168.222.53      tcp dpt:4453 to:192.168.222.12
        0     0 SNAT       tcp  --  *      *       192.168.222.0/24     192.168.222.54      tcp dpt:4454 to:192.168.222.12
        0     0 SNAT       tcp  --  *      *       192.168.222.0/24     192.168.222.55      tcp dpt:4455 to:192.168.222.12
        0     0 SNAT       tcp  --  *      *       192.168.222.0/24     192.168.222.56      tcp dpt:4456 to:192.168.222.12
        0     0 SNAT       tcp  --  *      *       192.168.222.0/24     192.168.222.57      tcp dpt:4457 to:192.168.222.12
        0     0 SNAT       tcp  --  *      *       192.168.222.0/24     192.168.222.58      tcp dpt:4458 to:192.168.222.12
        0     0 SNAT       tcp  --  *      *       192.168.222.0/24     192.168.222.59      tcp dpt:4459 to:192.168.222.12
        0     0 SNAT       tcp  --  *      *       192.168.222.0/24     192.168.222.66      tcp dpt:4466 to:192.168.222.12
        0     0 SNAT       tcp  --  *      *       192.168.222.0/24     192.168.222.67      tcp dpt:4467 to:192.168.222.12
        0     0 SNAT       tcp  --  *      *       192.168.222.0/24     192.168.222.68      tcp dpt:4468 to:192.168.222.12
        0     0 SNAT       tcp  --  *      *       192.168.222.0/24     192.168.222.69      tcp dpt:4469 to:192.168.222.12
        0     0 SNAT       tcp  --  *      *       192.168.222.0/24     192.168.222.70      tcp dpt:4470 to:192.168.222.12
        0     0 SNAT       tcp  --  *      *       192.168.222.0/24     192.168.222.71      tcp dpt:4471 to:192.168.222.12
        0     0 SNAT       tcp  --  *      *       192.168.222.0/24     192.168.222.72      tcp dpt:4472 to:192.168.222.12
        0     0 SNAT       tcp  --  *      *       192.168.222.0/24     192.168.222.73      tcp dpt:4473 to:192.168.222.12
        0     0 SNAT       tcp  --  *      *       192.168.222.0/24     192.168.222.96      tcp dpt:4496 to:192.168.222.12
        0     0 SNAT       tcp  --  *      *       192.168.222.0/24     192.168.222.97      tcp dpt:4497 to:192.168.222.12
        0     0 SNAT       tcp  --  *      *       192.168.222.0/24     192.168.222.98      tcp dpt:4498 to:192.168.222.12
        0     0 SNAT       tcp  --  *      *       192.168.222.0/24     192.168.222.99      tcp dpt:4499 to:192.168.222.12
        0     0 SNAT       tcp  --  *      *       192.168.222.0/24     192.168.222.100     tcp dpt:4500 to:192.168.222.12
        0     0 SNAT       tcp  --  *      *       192.168.222.0/24     192.168.222.101     tcp dpt:4501 to:192.168.222.12
        0     0 SNAT       tcp  --  *      *       192.168.222.0/24     192.168.222.102     tcp dpt:4502 to:192.168.222.12
        3   168 MASQUERADE  0    --  *      vlan1   0.0.0.0/0            0.0.0.0/0
    
    Chain OUTPUT (policy ACCEPT 22 packets, 1533 bytes)
     pkts bytes target     prot opt in     out     source               destination
    #
     

Share This Page