1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Port redirect

Discussion in 'HyperWRT Firmware' started by mre30, Feb 21, 2005.

  1. mre30

    mre30 Guest

    Hi all I am new to hyperwrt. I just downloaded and install today. The main reason I got it becuase my friend told me I can do port redirects. I really don't know how to do it that is why I am asking. I used to have a dlink router and it had a page for it. Well I have a couple of servers inside my network. I want port 20000 from the outside to redirect to port 10000 on 10.0.0.100. Also I want port 8080 from the outside to redirect to port 80 on 10.0.0.100. Thank you for all your help and time
     
  2. swinn

    swinn Network Guru Member

    In your firewall rules, add these lines:

    iptables -A FORWARD -p TCP -i vlan1 --dport 20000 -j ACCEPT
    iptables -t nat -A PREROUTING -p tcp -i vlan1 --dport 20000 --to-destination 10.0.0.100:10000

    iptables -A FORWARD -p TCP -i vlan1 --dport 8080 -j ACCEPT
    iptables -t nat -A PREROUTING -p tcp -i vlan1 --dport 8080 --to-destination 10.0.0.100:80

    The 'vlan1' depends on your version of router. I think if its prior to version 2, you have to put 'eth1' instead. Also this will only redirect incoming connections from outside your lan.
     
  3. hepp

    hepp Network Guru Member

    if you're using PPPoE dialin' you have to exchange 'vlan1' with 'ppp0'
    it costs me serveral hours of searching to find the fault. :roll:
     
  4. jaebird

    jaebird Guest

    I'm using the following in the Firewall script:

    /usr/sbin/iptables -A FORWARD -p tcp -i ppp0 --dport 8080 -j ACCEPT
    /usr/sbin/iptables -t nat -A PREROUTING -p tcp -i ppp0 --dport 8080 --to-destination 192.168.0.5:80

    It didn't seem to work so I enabled telnet and logged into the router and did each command by hand. The first one executed without errors, however the second responded with:

    iptables v1.2.7a: Unknown arg `--to-destination'

    I also tried the '--to' but that seems to be a different type of command...it also did not work.

    This is with the 2.1b1 HyperWRT firmware.

    Any help?

    Jae
     
  5. silviemeis

    silviemeis Network Guru Member

    I think I have kind of the same problem as you. Read my tread?
    http://www.linksysinfo.org/modules.php?name=Forums&file=viewtopic&t=2966

    My wish is a little different from yours but we may have the same source of our problems.
     
  6. silviemeis

    silviemeis Network Guru Member

    Try this?

    this is the help that I get for iptables:
    iptables --help
    iptables v1.2.7a

    Usage: iptables -[AD] chain rule-specification [options]
    iptables -[RI] chain rulenum rule-specification [options]
    iptables -D chain rulenum [options]
    iptables -[LFZ] [chain] [options]
    iptables -[NX] chain
    iptables -E old-chain-name new-chain-name
    iptables -P chain target [options]
    iptables -h (print this help information)

    Commands:
    Either long or short options are allowed.
    --append -A chain Append to chain
    --delete -D chain Delete matching rule from chain
    --delete -D chain rulenum
    Delete rule rulenum (1 = first) from chain
    --insert -I chain [rulenum]
    Insert in chain as rulenum (default 1=first)
    --replace -R chain rulenum
    Replace rule rulenum (1 = first) in chain
    --list -L [chain] List the rules in a chain or all chains
    --flush -F [chain] Delete all rules in chain or all chains
    --zero -Z [chain] Zero counters in chain or all chains
    --new -N chain Create a new user-defined chain
    --delete-chain
    -X [chain] Delete a user-defined chain
    --policy -P chain target
    Change policy on chain to target
    --rename-chain
    -E old-chain new-chain
    Change chain name, (moving any references)
    Options:
    --proto -p [!] proto protocol: by number or name, eg. `tcp'
    --source -s [!] address[/mask]
    source specification
    --destination -d [!] address[/mask]
    destination specification
    --in-interface -i [!] input name[+]
    network interface name ([+] for wildcard)
    --jump -j target
    target for rule (may load target extension)
    --match -m match
    extended match (may load extension)
    --numeric -n numeric output of addresses and ports
    --out-interface -o [!] output name[+]
    network interface name ([+] for wildcard)
    --table -t table table to manipulate (default: `filter')
    --verbose -v verbose mode
    --line-numbers print line numbers when listing
    --exact -x expand numbers (display exact values)
    [!] --fragment -f match second or further fragments only
    --modprobe=<command> try to insert modules using this command
    --set-counters PKTS BYTES set the counter during insert/append
    [!] --version -V print package version.

    I think it's not --to-destination but --destination.
    Can you try this and confirm that it works?

    [edit]
    try reading this tread also? http://www.linksysinfo.org/modules.php?name=Forums&file=viewtopic&t=1965&highlight=iptables

    I'm not experimenting any further because I want an linux routing expert to have a look at this before I kill my router.
    [/edit]
     
  7. swinn

    swinn Network Guru Member

    Hmm it seems the example I gave above was missing a parameter.. try this and see if it works (based off my rules that work fine):

    iptables -A FORWARD -p TCP -i vlan1 --dport 20000 -j ACCEPT
    iptables -t nat -A PREROUTING -p tcp -i vlan1 --dport 20000 -j DNAT --to-destination 10.0.0.100:10000

    iptables -A FORWARD -p TCP -i vlan1 --dport 8080 -j ACCEPT
    iptables -t nat -A PREROUTING -p tcp -i vlan1 --dport 8080 -j DNAT --to-destination 10.0.0.100:80

    Course the vlan1/eth1/ppp0 information still applies. Change as necessary. That just specifies which nic is the WAN adapter.
     
  8. silviemeis

    silviemeis Network Guru Member

  9. sillygoose

    sillygoose Network Guru Member

    br0 is the interface for all the inside ports unless you change the vlan and bridge settings.
     
  10. edalzell

    edalzell Network Guru Member

    Dumb question

    But how to I set the firewall rules? Do I have to telnet into my router?
     
  11. swinn

    swinn Network Guru Member

    Re: Dumb question

    In HyperWRT you do it on the Administration screen.. http://192.168.1.1/Management.asp
     

Share This Page