Port forwarding in Tomato

Discussion in 'Tomato Firmware' started by andyd2k, Jan 16, 2009.

  1. andyd2k

    andyd2k LI Guru Member

    I want to be able to set up a TCP rule for incoming connections and a UDP rule for outgoing connections.

    The problem is that the incoming only needs me to set local ports - tomato requires that I set external ports for all rules. I can't even set a range of ports either.

    If I set all the ports in "ext", connections won't work.

    This is how it's set up in Kaspersky...

    Name=Allow Outbound

    Name=Allow Inbound
    LocalPort=7576-7577, 50000-50100

    Same goes with Utorrent. If I have to set the internal port to be the port that I have set in the application, what should I do for ext?
  2. FRiC

    FRiC LI Guru Member

    Port forwarding is for setting inbound connections only. So put TCP in the proto field, 7576-7577, 50000-50100 in the ext field, and your IP in the int address field.

    Outgoing connections is controlled by access restrictions, if you haven't specifically blocked them, then all ports are open.
  3. Planiwa

    Planiwa Network Guru Member

    Are you talking about port-forwarding or packet filtering?

    I suppose one might think that "forwarding packets based on source or destination port" is what "port forwarding" means. :)

    Port Forwarding actually means that packets coming in to the WAN IP for a particular port (server), will be routed to a particular host on the LAN which is the server for that service.

    A BT user who specifies 29876 in his BT client needs all traffic arriving from the NET at the router, for port 29876, to be directed to his machine.

    Read the explanations on the Port Forwarding page with that in mind.

    Outbound port-forwarding has no meaning. The router just sends outbound traffic out to the specified destination address and port. (Or not). It does no outbound network address translation. Usually.

    (A public access router may intercept unregistered traffic, for example, but that's not the question here.)

    So, I'm not sure if the question is an filter rule question or a port forward question.

    The latter is easy.

    Here is how one might use port forwarding and DDNS to get a Mac to speak alert messages about a Tomato router somewhere on the Net:

    The router that is being monitored sends an alert message like:

    1. echo "Router XYZ is tracking nnn connections" | nc foo.hopto.org 54321

    2. the router "foo.hopto.org" uses DDNS (no-ip.com) so that it can always be found as "foo.hopto.org", no matter what its IP address changes to when it re-WANs.

    3. this router also port-forwards 54321 to the admin's Mac.

    4. the Mac must of course allow the server nc in its firewall.

    5. finally, listen something like this:

    while :;do nc -l 54321|tee /dev/tty|say;date;echo;done

    Then, anytime anyone anywhere sends any text addressed to port 54321 at the address foo.hopto.org, the router will direct it to the Mac which will speak it.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice