Redirect LAN ip to WAN gateway ip

I'm using smartphone usb tethering that works fine

the android smartphone software is based on lineageos that dynamically changes the ip/gateway on boot, hence changing the default gateway provided to wan via usb tethering in openwrt

accessing webui of some apps on the android phone is possible using the gateway with specific ports eg:- plex media server android app web ui

the problem is after a reboot of the android phone I have to manually enter the new gateway generated by the phone, everywhere I use it, which is many places eg:- browsers, roku, remote controls

I'd like to have a fixed lan ip pointing to the wan gateway ip via

Network > Routing

or

Network > DHCP and DNS > Static leases

or

Network > Firewall > NAT Rules

To be clear- the IP is changing on your LineageOS Android, but you're asking OpenWrt for a solution?

This is possible, but you still need to edit the DST IP in the redirect rule each time.

I would suggest solving the issue with your Android's IP changing instead.

1 Like

This is possible, but you still need to edit the DST IP in the redirect rule each time.

Could you please 'redirect' me :slight_smile: in the right direction

I tried this, but it takes me back to the router, not the gateway

Changing the destination ip in one place is far better than everywhere :confused:

I would suggest solving the issue with your Android's IP changing instead.

It involves rooting which I'm not too fond of

Thanks

Hi

i am try to understood your network topology but ... :slight_smile:
maybe a some schematic ?

1 Like

not good at drawing so no topography :slight_smile:

maybe this will help?

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option igmp_snooping '1'
	option ipaddr '192.168.1.1'
	option ipv6 '0'
	option delegate '0'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 6t'

config interface 'wwan'
	option ipv6 '0'
	option type 'bridge'
	option proto 'dhcp'
	option device 'usb0'

still not clear, from where you want to access what ?
without drawing ... or some explanation ...

2 Likes

Dynamic IP/Gateway --------------------Fixed IP--------------------------------Need Fixed IP not Dynamic
Android Phone USB tether ----------> Openwrt-Router-Wifi--------------->Roku (plex webui)

you want to share internet connection on Android phone AND from this same phone you want to access Roku behind OpenWRT ???

or

you want your LAN on right side to access your phone on left side ?

1 Like
  • Use hotplug to update the config dynamically.
  • Use local DNS to abstract over the target IP.

https://openwrt.org/docs/guide-user/advanced/hotplug_extras

uci -q delete dhcp.gw
uci set dhcp.gw="domain"
uci set dhcp.gw.name="gw"
uci commit dhcp
mkdir -p /etc/hotplug.d/online
cat << "EOF" > /etc/hotplug.d/online/10-gw-dns
. /lib/functions/network.sh
network_flush_cache
network_find_wan NET_IF
network_get_gateway NET_GW "${NET_IF}"
uci set dhcp.gw.ip="${NET_GW}"
/etc/init.d/dnsmasq reload
EOF
cat << "EOF" >> /etc/sysupgrade.conf
/etc/hotplug.d/online/10-gw-dns
EOF
/etc/init.d/network restart
nslookup gw.lan localhost
2 Likes

lol

I want internet via wifi, which I a getting on roku, laptop and phone

I want openwrt to redirect fixed ip to android dynamic gateway ip

I can already access everything but it is using a dynamic gateway ip, I want a fixed ip so i dont have to keep changing it everytime i reboot android

I have edited the image please have a look again

now i am confused

if your OpenWRT is a ROUTER, and you have DHCP server on your OpenWRT, and you have masquerading on OpenWRT / WAN zone
why you need to change anything for GW ?

your LAN (right side) will always have OpenWRT as GW

1 Like

you got it.

I want to use the gateway of the phone not of openwrt.

The gateway of the phone is dynamic, it keeps changing on reboot of phone.

I need to keep putting the new gateway in all clients manually.

I want openwrt to redirect from lan ip to gateway, so I can change gateway in openwrt and not have to change in all the clients

masquerading is working for router ip not gateway

ok, but why ?

if your OpenWRT is configured as it should be, then your right side (LAN) will be on 192.168.1.x
OpenWRT will be on 192.168.1.1, as GW for LAN

and WAN (WWAN) port of OpenWRT will act as a DHCP client with masquerading, this way, your LAN will hit OpenWRT and then router will translate these request and send toward Android, and nobody care what IP Android giving on USB

1 Like

and WAN (WWAN) port of OpenWRT will act as a DHCP client with masquerading, this way, your LAN will hit OpenWRT and then router will translate these request and send toward Android, and nobody care what IP Android giving on USB

I care, because, the webui of the apps on android can be accessed only via IP android is giving, not only the ip but more specifically the gateway of USB/Wan(left side)

There is a way to redirect a fixed ip of openwrt to a specified gateway, I just dont know how to do it
either using

Network > Routing

or

Network > DHCP and DNS > Static leases

or

Network > Firewall > NAT Rules

One thought which springs to mind is something along these lines:

If you're trying to get OpenWRT to use your phone as its upstream router (its Internet gateway), then how about this?

  • Set OpenWRT's WAN interface to use DHCP, so it picks up whatever IP address and default route your phone gives it
  • If needed, obtain the WAN interface's IP address programmatically, using ifconfig eth0 | awk -F'[ \t:]' '/inet / {print $13;}' - replace the interface name and array index if necessary, according to your own setup.
  • If needed, obtain the router's WAN default gateway (the phone's IP address) programmatically, using route | awk '/default/ {print $2;}' - replace the array index if necessary, according to your own setup.

If you can obtain those details programmatically, you can then use them in any other scripts you may wish to execute, to control traffic flow to your desired applications.

1 Like

thanks, appreciate the input

I currently use
ip route | grep default | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | tail -1
for mounting a ftp drive that is on android

There are other places I need to manually enter the ip and can't do it programmatically, but it s what it is :slight_smile:

So let's try to think around the problem.

As I understand it, from your original description and your subsequent diagram, your Android phone is both your Internet gateway and a host for some applications that you want to access from other devices on the network:

Note, the LAN IP addresses are representative for the purpose of discussion; don't worry if yours are different.

If I understand correctly, one application hosted on your Android phone is Plex, and the Web UI listens on (I assume) port 8888. So your challenge is to be able to connect to http://x.x.x.x:8888/ but x.x.x.x changes every time.

You could, with some experimentation, configure OpenWRT to intercept http://192.168.1.1:8888/ and redirect the traffic to the Android phone.

The tethering gateway address isn't fixed every time, so port forwarding from OpenWRT's LAN interface to Android will be tricky to achieve directly. But what else could you do?

This is where obtaining the Android phone's IP address programmatically within OpenWRT might help, with a little bit of ingenuity.

One possibility which comes to mind is using iptables or nftables (depending on your OpenWRT version) to intercept and redirect traffic to the intended destination. If that approach is possible, it would involve some work with scripts on the command line.

One example, using iptables:

Detect the WAN gateway (next hop) once only, on OpenWRT boot:

/etc/rc.local:

# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.

GATEWAY=`route | awk '/default/ {print $2;}'`
iptables -t nat -A PREROUTING -p tcp -d 192.168.1.1 --dport 8888 -i eth0 -j DNAT --to-destination $GATEWAY:8888

exit 0

You may also find success using crontab to schedule a regular iptables command, but bear in mind that the above example will keep adding PREROUTING directives; you may need to spend some time working out how to remove unneeded PREROUTING directives so that you end up with only the one(s) you need. One possibility might be to restart the firewall service each time, which will flush the table, but that's a bit of a crude blunt instrument and might interfere with other traffic which is flowing at the same time.

You might have success with some form of link detection, so that iptables runs only when the WAN link status changes. Again, as above, you'll need to find a way to detect and remove unneeded iptables entries.

The latest versions of OpenWRT no longer use iptables, but use nftables. The syntax for nftables is different to iptables, and I have not yet spent enough time with nftables to be confident of offering specific advice on it. However, the principle (intercept 192.168.1.1:8888, redirect to Android phone) is the same, even if the exact syntax to achieve it is different.

It may be an exercise for the reader to learn nftables and, in turn, provide advice on nftables to the rest of the forum...

1 Like

sincerely appreciate the time you have spent in explaining this to me.

I have 3 ports,

Plex Media Server running on port 32400

Material files ftp server on port 2121

ttorrent app running on 1080 port

based on your input, I guess the following would work

GATEWAY=`route | awk '/default/ {print $2;}'`

iptables -t nat -A PREROUTING -p tcp -d 192.168.1.1 --dport 1080 -i usb0 -j DNAT --to-destination $GATEWAY:1080

iptables -t nat -A PREROUTING -p tcp -d 192.168.1.1 --dport 32400 -i usb0 -j DNAT --to-destination $GATEWAY:32400

iptables -t nat -A PREROUTING -p tcp -d 192.168.1.1 --dport 1080 -i usb0 -j DNAT --to-destination $GATEWAY:1080

I changed ports and interface to usb0 or should it be wan so lost :confused:

Anyway, rebooting to flush the iptables is not an issue.
I will try this.

I'm on the latest version of openwrt, so I'm guessing the 'iptables' won't work, but thank you for conceptually pointing me in the right direction!

Does this hardcoded way look correct?

The interface name in those code examples should be the interface name reported by the operating system (e.g. the output of "ifconfig" or "ip addr"), not the "lan"/"wan" names used to abstract their function.

The "-i" parameter in iptables indicates the incoming interface. If "-i" is used, then the rule will match on incoming traffic. The complementary option "-o" indicates the outgoing interface. But "-o" isn't necessary here, as it doesn't apply to this type of scenario.

So, if your LAN (i.e. incoming) interface is "usb0" then use "usb0" in those examples. But if your WAN is "usb0" then rethink which interface name you ought to use.

It may help to think of the problem this way:

  • You want to connect to port 32400 at an IP address that you do not know: the Android phone
  • One way to work around this is to connect to port 32400 at an IP address that you do know: the LAN interface to OpenWRT
  • To make this work, you'd need to implement PREROUTING NAT on OpenWRT's LAN interface, to catch any traffic destined for port 32400 and redirect it to the real destination (which OpenWRT does know, even if you don't).

Your examples contain two interceptions of port 1080, but no interceptions of port 2121. Your post indicated that you want ports 32400, 2121, and 1080.

No. You cannot achieve your stated goal (or, at least, what I believe your stated goal to be) with hard-coded NAT rules in the GUI. The GUI is good, and can do a lot, but it has some limitations where dynamic situations obtain.

Hard-coded NAT rules would work if you could guarantee that the phone's IP address (and therefore the router's upstream gateway) would never change. But, by your own admission, the phone's IP address does change, so your challenge is to be able to work with that limitation.

In addition, your rule is for Source NAT (SNAT), where the source of the traffic is - or should remain - unknown to the target. But your scenario calls for Destination NAT (DNAT), where the ultimate destination of the traffic is not the destination the client first tries to connect to.

1 Like