OpenWrt Forum Archive

Topic: Forwarding port

The content of this topic has been archived on 28 Mar 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
claual
1 Mar 2006, 19:19

I have problem with forward an internal http server (8080) from openwrt.
Have reading every post here and made search in goggle on thi problem with no result to me.
I can do this with other firmware (linksys, sveasoft, dd-wrt or freinfunk) but not with openwrt, of course, I like openwrt because is stable when other have many bugs or directly hang on regular time, etc.

I do this with two lines in firewall.user file saying this:

iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 8080 -j DNAT --to  192.168.33.x
iptables -A forwarding_rule -i $WAN -p tcp --dport 8080 -d 192.168.33.x -j ACCEPT

x=LAN host forwarding port

But not work, I try to put the port on end --to 192.168.x.x:8080 with not result.
I can forward port to emule with similar lines (for tcp and udp) and YES, work fine.
I try put webif on 8080 and http server in port 80 but NOT, do not work.

My wrt have wan=dhcp, internal IP is 192.168.33.1 and dnsmasq is dhcp_start=100, dhcp_num=150, lan_ifnames=vlan1 eth1 eth2, lan_ifname=br0, no other complex config is in use.

Have read many time on BIG FAT, idiot config, other saying on forward br0 interface but nothing work, and forward internal port on internal host is one simple job that, I cant do.

Can anybody helpme to understand that is wrong?.

Thanks.

Claudio.

Post #3
arteqw
1 Mar 2006, 19:34
nbd wrote:

My latest snapshot at http://downloads.openwrt.org/people/nbd/whiterussian/ has a web interface page for seting up port forwarding...

When I use that forrward I get :

iptables v1.3.3: Need TCP or UDP with port specification
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.3.3: Unknown arg `--dport'
Try `iptables -h' or 'iptables --help' for more information.

Post #4
av2600
2 Mar 2006, 05:49

SimpleFirewall Really helped me through somthing like that....

Post #5
claual
4 Mar 2006, 18:40

I Stay using openwrt-wrt54g-squashfs.bin dated 19-Feb-2006  from http://downloads.openwrt.org/people/nbd/whiterussian/ and do NOT exist any web interface to forward port. I'm crazy or this is out of control.

Thanks at all, but nothing result.

Claudio

Post #6
alej00d
5 Mar 2006, 04:21

claual, i hope you get the answer soon, im in a similar situation here, im adding this comment just to keep track on this thread. /a

Post #7
av2600
5 Mar 2006, 16:50

try simple firewall

Post #8
claual
8 Mar 2006, 01:12

New build dated 06-Mar-2006 include web configuration to forward port.

This build save configuration in file /etc/config/firewall which is called from /etc/init.d/S45firewall, create temporal script in /tmp, execute this script and delete on exit.

The command is exactly same how I show in my original post, and of course, this do not work.

I have needed to redirect an internal web server and go again to DD-WRT but allways wait for one release of OpenWRT that make easy and effective forwarding ports.

I think that the problem is surely iptables and, if any guy like search by this thread, I put here the result on iptables -L command in DD-WRT (wich work ok...to day).

I redirect ports from insanity.lan (192.168.33.90) in this schemme (router=192.168.33.1).

tcp 8080
udp 3412
tcp 4500
tcp and udp range 6881:7000

no other exotic configuration is used.

~ # iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
DROP       udp  --  anywhere             anywhere            udp dpt:route
DROP       udp  --  anywhere             anywhere            udp dpt:route
ACCEPT     udp  --  anywhere             anywhere            udp dpt:route
DROP       icmp --  anywhere             anywhere           
DROP       igmp --  anywhere             anywhere           
ACCEPT     all  --  anywhere             anywhere            state NEW
logaccept  all  --  anywhere             anywhere            state NEW
DROP       all  --  anywhere             anywhere           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     gre  --  192.168.33.0/24      anywhere           
ACCEPT     tcp  --  192.168.33.0/24      anywhere            tcp dpt:1723
ACCEPT     all  --  anywhere             anywhere           
logdrop    all  --  anywhere             anywhere            state INVALID
TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN tcpmss match 1461:65535 TCPMSS set 1460
lan2wan    all  --  anywhere             anywhere           
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             insanity.lan        udp dpt:3412
ACCEPT     tcp  --  anywhere             insanity.lan        tcp dpt:4500
ACCEPT     tcp  --  anywhere             insanity.lan        tcp dpt:webcache
ACCEPT     tcp  --  anywhere             insanity.lan        tcp dpts:6881:bbs
ACCEPT     udp  --  anywhere             insanity.lan        udp dpts:6881:7000
TRIGGER    all  --  anywhere             anywhere            TRIGGER type:in match:0 relate:0
trigger_out  all  --  anywhere             anywhere           
ACCEPT     all  --  anywhere             anywhere            state NEW
DROP       all  --  anywhere             anywhere           

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain advgrp_1 (0 references)
target     prot opt source               destination         

Chain advgrp_10 (0 references)
target     prot opt source               destination         

Chain advgrp_2 (0 references)
target     prot opt source               destination         

Chain advgrp_3 (0 references)
target     prot opt source               destination         

Chain advgrp_4 (0 references)
target     prot opt source               destination         

Chain advgrp_5 (0 references)
target     prot opt source               destination         

Chain advgrp_6 (0 references)
target     prot opt source               destination         

Chain advgrp_7 (0 references)
target     prot opt source               destination         

Chain advgrp_8 (0 references)
target     prot opt source               destination         

Chain advgrp_9 (0 references)
target     prot opt source               destination         

Chain grp_1 (0 references)
target     prot opt source               destination         

Chain grp_10 (0 references)
target     prot opt source               destination         

Chain grp_2 (0 references)
target     prot opt source               destination         

Chain grp_3 (0 references)
target     prot opt source               destination         

Chain grp_4 (0 references)
target     prot opt source               destination         

Chain grp_5 (0 references)
target     prot opt source               destination         

Chain grp_6 (0 references)
target     prot opt source               destination         

Chain grp_7 (0 references)
target     prot opt source               destination         

Chain grp_8 (0 references)
target     prot opt source               destination         

Chain grp_9 (0 references)
target     prot opt source               destination         

Chain lan2wan (1 references)
target     prot opt source               destination         

Chain logaccept (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere           

Chain logdrop (1 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere           

Chain logreject (0 references)
target     prot opt source               destination         
REJECT     tcp  --  anywhere             anywhere            tcp reject-with tcp-reset

Chain trigger_out (1 references)
target     prot opt source               destination         
----

Sorry by this extensed post.

Post #9
Patrick Goering
17 Mar 2006, 14:45
claual wrote:

I do this with two lines in firewall.user file saying this:

iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 8080 -j DNAT --to  192.168.33.x
iptables -A forwarding_rule -i $WAN -p tcp --dport 8080 -d 192.168.33.x -j ACCEPT

Claudio.

maybe you should try something like this:

iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 80 -j DNAT --to  192.168.33.x:8080
iptables -A forwarding_rule -i $WAN -p tcp --dport 8080 -d 192.168.33.x -j ACCEPT

you are connecting to the default port 80 on the $WAN interface

Post #10
davo
1 May 2006, 03:12
arteqw wrote:
nbd wrote:

My latest snapshot at http://downloads.openwrt.org/people/nbd/whiterussian/ has a web interface page for seting up port forwarding...

When I use that forrward I get :

iptables v1.3.3: Need TCP or UDP with port specification
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.3.3: Unknown arg `--dport'
Try `iptables -h' or 'iptables --help' for more information.

I had the same errors and know "how to spell iptables".
Finally, I decided that there was a hint in the OpenWrtDocs - I quote:
"Before setting up any port forwarding, you'll have to install some OpenWRT packages first, such as iptables-nat and ip (any others?)."

Well, there are others needed -

I installed iptables-extra <which installs a bunch of stuff> and I installed iptables-utils

My port forwarding is now working as expected.

Thankyou OpenWrt team for an awesome project - this really ROX! >;-)

Post #11
jeez
20 Jun 2006, 16:31
davo wrote:

Well, there are others needed -

I installed iptables-extra <which installs a bunch of stuff> and I installed iptables-utils

My port forwarding is now working as expected.

Could you give me a list of the packages you have installed? I'm having trouble with my forwarding (forwarded traffic just disappears) and I think that might be due to a missing package.

The discussion might have continued from here.