Jump to content
Not connected, Your IP: 18.226.248.17
AirVPN
bulbous_blues

Asuswrt Merlin Multiple Ports

By bulbous_blues, ... in Troubleshooting and Problems

Recommended Posts

bulbous_blues    0

bulbous_blues
Posted ...

Hi

 

I am having trouble forwarding multiple ports with the iptables on my asuswrt router.

 

Here is my script

 

#!/bin/sh

iptables -I FORWARD -i br0 -o tun11 -j ACCEPT
iptables -I FORWARD -i tun11 -o br0 -j ACCEPT
iptables -I FORWARD -i br0 -o vlan1 -j DROP
iptables -I INPUT -i tun11 -j REJECT
iptables -t nat -A POSTROUTING -o tun11 -j MASQUERADE

iptables -I FORWARD -i tun11 -p udp -d 192.168.1.99 --dport 57893 -j ACCEPT
iptables -I FORWARD -i tun11 -p tcp -d 192.168.1.99 --dport 57893 -j ACCEPT
iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 57893 -j DNAT --to-destination 192.168.1.99
iptables -t nat -I PREROUTING -i tun11 -p udp --dport 57893 -j DNAT --to-destination 192.168.1.99
iptables -I FORWARD -i tun11 -p udp -d 192.168.1.99 --dport 57895 -j ACCEPT
iptables -I FORWARD -i tun11 -p tcp -d 192.168.1.99 --dport 57895 -j ACCEPT
iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 57895 -j DNAT --to-destination 192.168.1.99
iptables -t nat -I PREROUTING -i tun11 -p udp --dport 57895 -j DNAT --to-destination 192.168.1.99

 

The first port 57893 is open but not 57895. What seems to be wrong?

Share this post

Link to post

Mikeyy    49

Mikeyy
Posted ...

iptables -I FORWARD -i tun11 -p udp -d 192.168.1.99 --match multiport --dports 57893,57895 -j ACCEPT
iptables -I FORWARD -i tun11 -p tcp -d 192.168.1.99 --match multiport --dports 57893,57895 -j ACCEPT
iptables -t nat -I PREROUTING -i tun11 -p tcp --match multiport --dports 57893,57895 -j DNAT --to-destination 192.168.1.99
iptables -t nat -I PREROUTING -i tun11 -p udp --match multiport --dports 57893,57895 -j DNAT --to-destination 192.168.1.99

Share this post

Link to post

Sevenz    3

Sevenz
Posted ...

Hi guys, sorry old thread, but I`m having the same problem as the first guy and finally 'almost' got it working. I`m using merlin asuswrt latest version.

 

Following the Mikeyy's method earlier this is my iptables

 

#!/bin/sh

iptables -I FORWARD -i tun11 -p udp -d 192.168.2.140 --match multiport --dports 24253,61477 -j ACCEPT
iptables -I FORWARD -i tun11 -p tcp -d 192.168.2.140 --match multiport --dports 24253,61477 -j ACCEPT
iptables -t nat -I PREROUTING -i tun11 -p tcp --match multiport --dports 24253,61477 -j DNAT --to-destination 192.168.2.140
iptables -t nat -I PREROUTING -i tun11 -p udp --match multiport --dports 24253,61477 -j DNAT --to-destination 192.168.2.140

Somehow only port 61477 is opened (qbittorrent using this port) and works, and port 24253 gets Error: 111 - Connection Refused. After sometime later (I changed qbittorrent port to 24253), port 24253 opened, 61477 closed. Both doesn't seem to open together. Now I`m not sure what's wrong with my setup.

 

Is there any log in merlin asuswrt where I can see and post so anyone can help?

 

Any help would be appreciated.

pvonnur reacted to this

Share this post

Link to post

KennethVPN    2

KennethVPN
Posted ...

This weekend I will be swapping out my Verizon MI424WR to a ASUS RT-N66U(W) and will be port forwarding some IPs; I hope there are good topics (in this forum) for beginners like me!

Share this post

Link to post

go558a83nk    364

go558a83nk
Posted ...

This weekend I will be swapping out my Verizon MI424WR to a ASUS RT-N66U(W) and will be port forwarding some IPs; I hope there are good topics (in this forum) for beginners like me!

 

You plan to run openvpn on the N66?  if so, I hope you're prepared for very slow speeds.

Share this post

Link to post

KennethVPN    2

KennethVPN
Posted ...

My new N66 is up and running. Now, I need to get my MacMini server and myCloud services online. I have not done any port forwarding with IPTables and OpenVPN. Any links or assistance will be appreciated. I am really confused as to how to assign ports with my IPs and the scripting language for the IPTables...???

 

Go558a83nk: Do I have a choice not to use OpenVPN? What kind of speeds am I expecting and are there any options for increasing speed performance? Thanks

Share this post

Link to post

go558a83nk    364

go558a83nk
Posted ...

My new N66 is up and running. Now, I need to get my MacMini server and myCloud services online. I have not done any port forwarding with IPTables and OpenVPN. Any links or assistance will be appreciated. I am really confused as to how to assign ports with my IPs and the scripting language for the IPTables...???

 

Go558a83nk: Do I have a choice not to use OpenVPN? What kind of speeds am I expecting and are there any options for increasing speed performance? Thanks

 

There seems to be a disconnect somewhere.  You talk of needing to forward ports on the router in an AirVPN forum.  Therefore, I assume that you'll be running openvpn on the router.  This is because the only reason to forward ports on the router while using AirVPN is if the router itself is the openvpn client for your whole "house".

 

If you are just going to use the Eddie client then DO NOT forward ports on the router.  You'll be decreasing your security if you do.

 

If you are asking if you can run some other kind of VPN on the router, the answer is yes.  But, AirVPN only provides openvpn.  You would have to find another VPN provider if you want to use the other VPN options Asus has.

Share this post

Link to post

KennethVPN    2

KennethVPN
Posted ...

Sorry for the confusion. I am using OpenVPN (on my new router, N66) and need to port forward to AIrVPN for my entire house. I am hosting my own website at home (on a MacMini server) and may also need to port forward. I am new to OpenVPN, do not understand the scripting language and using IPTable. I do not knowing how to do multiple ports forwarding using Asus-Wrt? 

Share this post

Link to post

crazyjoe    0

crazyjoe
Posted ...

Cannot get it working. Help appreciated!

 

​'ptables v1.4.14: Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.4.14: Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
"ptables v1.4.14: Bad IP address "192.168.1.*

 

​+ Edit/EOL Conversion/Unix in Notpad++ fixed it.

Share this post

Link to post

rgrdgr    0

rgrdgr
Posted ...

Is there a way to forward from one port on the VPN interface to a different port on eth0?

 

Specifically, I'd like to forward from a port on tun0 XXXXX to eth0 80, where Apache is listening, so I can get to ruTorrent.

Share this post

Link to post

moejoe    1

moejoe
Posted ...

Does anyone know, whats the equivalent for prerouting in open wrt ( uci, LUCI GUI ) is ?  

best regards 

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Go To Topic Listing
×
×
  • Create New...