Waz
October 22, 2019, 7:12pm
1
Could someone help me, please? I'm having a problem with Linksys wrt1900acs. My aim is to have port forwarded from VPN to Lan IP server. I followed this link to get my vpn working
https://airvpn.org/forums/topic/20303-airvpn-configuration-on-openwrt-preventing-traffic-leakage-outside-tunnel/
Port forwarding is already configured on vpn provider. However using below link I am unsuccessful to get port forwarding working.
https://openwrt.org/docs/guide-user/firewall/firewall_configuration
This is the current config I added to etc/config/firewall
config redirect
option name 'port forward'
option src 'tun0'
option proto 'tcp'
option src_dport 'dest port'
option target 'DNAT'
option dest_ip 'server ip'
option dest_port 'server port'
option dest 'lan'
I searched the forums and found some information but it was hard for me to follow. I am new to linux and openwrt. Thanks in advance
Waz
October 22, 2019, 8:40pm
3
option src_dport '58460'
option dest_port '9091'
trendy
October 22, 2019, 9:50pm
4
Waz:
option src 'tun0'
This is the zone name, not the interface. Make sure you are using the correct source zone here.
2 Likes
Waz
October 22, 2019, 10:43pm
5
Thanks, I added interface name instead.
option src 'vpntun'
Still getting connection refused.
Is the firewall on your server configured to accept external connections?
If everything else fails, use "tcpdump" to see where are the packets being dropped.
2 Likes
trendy
October 23, 2019, 8:02am
7
Did you restart the firewall service after that?
If it is still not working verify that the server is not actually blocking something and that there are hits on the firewall
iptables -t nat -L -vn | grep 58460
Waz
October 23, 2019, 4:56pm
8
I rebooted the router after updating the config.
iptables -t nat -L -vn | grep 58460 on the router resulted with no output. The server OS is freenas, command iptables not found.
Waz
October 23, 2019, 5:24pm
9
No firewall on the server, it is running freenas.
I think it's time for "tcpdump
".
1 Like
Waz
October 23, 2019, 9:14pm
12
This output is from the router
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].network='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].network='wan' 'wan6'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].mtu_fix='1'
firewall.@zone[1].masq='0'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fc00::/6'
firewall.@rule[3].dest_ip='fc00::/6'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.@zone[2]=zone
firewall.@zone[2].name='exusfw'
firewall.@zone[2].input='REJECT'
firewall.@zone[2].output='ACCEPT'
firewall.@zone[2].forward='REJECT'
firewall.@zone[2].masq='1'
firewall.@zone[2].mtu_fix='1'
firewall.@zone[2].network='vpntun'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='exusfw'
firewall.@redirect[0]=redirect
firewall.@redirect[0].name='port forward'
firewall.@redirect[0].src='vpntun'
firewall.@redirect[0].proto='tcp'
firewall.@redirect[0].src_dport='58460'
firewall.@redirect[0].target='DNAT'
firewall.@redirect[0].dest_ip='192.168.1.13'
firewall.@redirect[0].dest_port='9091'
firewall.@redirect[0].dest='lan'
Waz
October 23, 2019, 9:16pm
13
Tcpdump only works on the server, how long do you want me to run it?
trendy
October 23, 2019, 10:13pm
14
I told you before that you need to use there the zone name and you keep using the interface name.
2 Likes
If you install the proper package, "tcpdump" works on the router, too.
2 Likes
Waz
October 24, 2019, 6:51pm
16
Ok now I understand what you mean. Thanks
Waz
October 24, 2019, 6:53pm
17
Thanks everyone for taking the time out and helping. Regards
2 Likes
system
Closed
November 3, 2019, 6:53pm
18
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.