port-forward iptables question

Discussion in 'Tomato Firmware' started by jan.n, Jul 16, 2009.

  1. jan.n

    jan.n LI Guru Member


    I want to forward WAN port XXX to internal machine port YYY. I know how to do it in the web interface and it works. How would I do that manually using an iptables command (for my knockd.conf)?

    I compared the output of iptables -L before and after forwarding the port (using the web interface), but all I noticed was a rule added to the "wanin" chain. Shouldn't there be something like a NAT setting?

    I'm afraid of doing something silly so I thought I ask the experts first :redface:
  2. mstombs

    mstombs Network Guru Member

    Look at what is also added to the nat PREROUTING table with

    iptables -nvL -t nat
  3. jan.n

    jan.n LI Guru Member


    Is this correct? It's meant to forward wan:443 to LAN:80...

    iptables -t nat -I PREROUTING -p tcp -d $(nvram get wan_ipaddr) --dport 443 -j DNAT --to 192.168.X.X:80
    iptables -I FORWARD -p tcp -d 192.168.X.X --dport 80 -j ACCEPT
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice