Jump to content
Not connected, Your IP:

Sudden port forwarding problem with Tomato

Recommended Posts

Hi, I am a bit stumped at the sudden failure I'm seeing with port forwarding that I have had working for about 2 years on AirVPN. I have changed nothing I can think of. My system works with a Tomato router and a few extra iptable rules in the firewall script. The port is forwarded to a VMWare Windows XP-Pro system running Vuse The Vuse network test fails as does the test from the AirVPN end. 


I'd be very grateful if anyone has any idea of what may have happened.


Here is the firewall script:


# VPN port forwarding
/usr/sbin/iptables -I FORWARD -i tun11 -p udp -d --dport 46222 -j ACCEPT
/usr/sbin/iptables -I FORWARD -i tun11 -p tcp -d --dport 46222 -j ACCEPT

/usr/sbin/iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 46222 -j DNAT --to-destination  

/usr/sbin/iptables -t nat -I PREROUTING -i tun11 -p udp --dport 46222 -j DNAT --to-destination


Share this post

Link to post

Might be related to routing policy integration introduced in v129, i have similar set of iptables for port forwarding and it ceased to work on upgrade (R7000).



All versions:
– All images are now compressed to ZIP file.
– OpenVPN: Routing policy integration and GUI
– GUI: add Wireless Temperature on Status page – thx Hyzzom (BWQ)
– GUI: OpenVPN – add „Ignore Redirect Gateway (route-nopull)”
– GUI: Bittorrent – allow set download and upload speed to 0
– GUI: Allow users to decide which NTFS driver they want to use: Tuxera (AC56, AC68) or Paragon (N18, Netgears) or NTFS-3G (all routers)
– GUI: Fix OpenVPN TAP server – Server won`t start when TAP has been bridged with br1/2/3 and „Client address pool” has been set manually (not from DHCP)
– Add /mmc directory to „root” tree – required by Tomatoware project
– NTFS-3G driver update to 2015.3.14
– OpenVPN: remove „enable-small” parameter. This is required by some VPN providers.



– GUI: fix Backip and Restore Comfiguration from file
– IPset
* update to 6.24 – attention! This version has different kernel modules and different syntax of command. If you are using IPSet, you have to fix your scripts.

* backport ipset kernel modules from Kernel 3.0
* add library libmnl – required by newer ipset
* fixed support IPSet with Dnsmasq
– add Entware install script for ARM – just run command entware-install.sh
– compile fat/vfat as module
– add Tuxera NTFS driver for AC56/68 routers
– lot of fixed and improvements in compilation proces – thx @edrikk
– fix TOR compilation
* update to v0.2.5.12
* enable threads support for openssl and tor
* change gcc optimization level from Os to O2 – thx RMerlin
* enable TOR feature in all AIO builds
– Updated Blink Function – thx @chazikai24
– add ASUS RT-AC68P support the same image as for AC68U/R – thx @tvlz
– add Linksys EA6500v2 and EA6700 support – thx @Yongqiang Qin
– fix WS880 leds – thx @xvortex




source: http://tomato.groov.pl/?page_id=78

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Security Check
    Play CAPTCHA Audio
    Refresh Image

  • Create New...