Bridge port forwarding

hi all,
I'm using openwrt v.21.02.1 on range pi PC and I need to use the board as a bridge for port forwarding.
I've installed a 2ns eth port (USB-LAN adapter--> mapped to eth1) and configured the bridge with erh0+eth1

the I need to forward incoming port TCP 502 with destination to port 510, so I create this rule

but there's not any port forward, incoming port 502 exit as 502 in stand of 510!! Am I wrong?

any suggestion is kindly appreciated

1 Like

Traffic on a bridge device (L2) does not go through the firewall, so your port forwarding cannot have any effect. In order to port forward, the traffic must be routed (ie from a different network, l3)


thkx psherman, do you have some sample/post I can read?

You can look if ebtables can help you with the hijacking you are trying.

1 Like

No, there is no example to follow unless you are port forwarding from an external network (wan) or a different subnet on your own network (ie VLANs)

hmm..idea was to not create WAN/LAN bust just a transparent bridge for port forward. Maybe I cannot realize with openWRT. I get this some years ago with zeroshell but that project is dismissed.
Then you can use your hijacking.

1 Like

Also note that redirecting to the same zone requires both DNAT and SNAT.


thanks a lot vgaetera!! it works!
I've already installed module kmod-br-netfilter , so just type code

# Configure kernel parameters
cat << EOF >> /etc/sysctl.conf
/etc/init.d/sysctl restart
1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.