Jump to content
Not connected, Your IP: 18.217.228.195
AirVPN
Sign in to follow this  
Followers 0
omgitslurch

Port forwarding issue AsusWRT

By omgitslurch, ... in Troubleshooting and Problems

Recommended Posts

omgitslurch    0

omgitslurch
Posted ...

Hi,

 

Have an Asus DSL-AC68U, so has the built in xDSL modem so limited to using the AsusWRT firmware. Have spent most the afternoon and even trying to get the port forwarding to work for Deluge via the OpenVPN client on the router, based on number of posts that have found on here, but don't appear to be able to get it to work correctly.

 

Using the port checker, before configuring get the expected "111 connection refused", once try setting the forwarding, it changes to a "110 connection timed out". Have UPNP and NAT-PMP disabled and the ports specified within Deluge. The current iptables commands I've applied are the following.

 

 

iptables -I FORWARD -i tun15 -p udp -d 192.168.1.2 --dport 58927 -j ACCEPT
iptables -I FORWARD -i tun15 -p tcp -d 192.168.1.2 --dport 58927 -j ACCEPT
iptables -t nat -I PREROUTING -i tun15 -p tcp --dport 58927 -j DNAT --to-destination 192.168.1.2:58927
iptables -t nat -I PREROUTING -i tun15 -p udp --dport 58927 -j DNAT --to-destination 192.168.1.2:58927
 

I did try the following below, but it appeared to kill access to the internet and had to end up power cycling the router.

 

 

iptables -I FORWARD -i br0 -o tun15 -j ACCEPT
iptables -I FORWARD -i tun15 -o br0 -j ACCEPT
iptables -I INPUT -i tun15 -j REJECT
iptables -t nat -A POSTROUTING -o tun15 -j MASQUERADE
iptables -I FORWARD -i tun15 -p udp -d 192.168.1.2 --dport 58927 -j ACCEPT
iptables -I FORWARD -i tun15 -p tcp -d 192.168.1.2 --dport 58927 -j ACCEPT
iptables -t nat -I PREROUTING -i tun15 -p tcp --dport 58927 -j DNAT --to-destination 192.168.1.2
iptables -t nat -I PREROUTING -i tun15 -p udp --dport 58927 -j DNAT --to-destination 192.168.1.2
 

 

Interface tun15 is correct going by the output of ifconfig

 

tun15      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
           inet addr:X.X.X.X  P-t-P:X.X.X.X  Mask:255.255.0.0
           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
           RX packets:3131923 errors:0 dropped:0 overruns:0 frame:0
           TX packets:3715792 errors:0 dropped:2122 overruns:0 carrier:0
           collisions:0 txqueuelen:100 

The relevant iptables NATs look like the following.

 

 

Chain PREROUTING (policy ACCEPT 10832 packets, 1026K bytes)
 pkts bytes target     prot opt in     out     source               destination         
  778 80692 DNAT       udp  --  tun15  any     anywhere             anywhere             udp dpt:58927 to:192.168.1.2:58927
  439 24168 DNAT       tcp  --  tun15  any     anywhere             anywhere             tcp dpt:58927 to:192.168.1.2:58927
55027 2960K VSERVER    all  --  any    any     anywhere             **hidden** 




Chain POSTROUTING (policy ACCEPT 1322 packets, 117K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 317K   28M MASQUERADE  all  --  any    tun15   192.168.1.0/24       anywhere            
    2   128 MASQUERADE  all  --  any    vlan3880 !**hidden**  anywhere            
 1240  468K MASQUERADE  all  --  any    br0     192.168.1.0/24       192.168.1.0/24      
    0     0 MASQUERADE  all  --  any    tun0    anywhere             anywhere            
10850  720K MASQUERADE  all  --  any    tun15   anywhere             anywhere     
 

The forward chain is the following.

 

Chain FORWARD (policy ACCEPT 22721 packets, 1760K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 1802 99556 ACCEPT     tcp  --  tun15  any     anywhere             192.168.1.2          tcp dpt:58927
78334 5566K ACCEPT     udp  --  tun15  any     anywhere             192.168.1.2          udp dpt:58927
1699K  877M ACCEPT     all  --  tun15  any     anywhere             anywhere            
3008K 1829M ACCEPT     all  --  any    any     anywhere             anywhere             state RELATED,ESTABLISHED
    0     0 DROP       all  --  !br0   vlan3880  anywhere             anywhere            
 5946  412K DROP       all  --  any    any     anywhere             anywhere             state INVALID
   32  3770 ACCEPT     all  --  br0    br0     anywhere             anywhere            
    0     0 SECURITY   all  --  vlan3880 any     anywhere             anywhere            
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere             ctstate DNAT  
 

Couple of the posts I found included similar iptables rules I set, where people have initially said they not work, and but later mention that they've got them working, but miss out saying what they did to get them working. Anyone know what is wrong / missing that could be preventing the forwarding from working as it should be?

  

Share this post

Link to post

zhang888    1066

zhang888
Posted ...

A few mistakes - your forwarding rules are wrong, 192.168.1.2 will not be present on the tunX interface, since it will

have only AirVPN internal IPs in it (from the 10.0.0.0/8 class).

 
Change your rules to:
 
iptables -I FORWARD -i tun15 -p udp --dport 58927 -j ACCEPT
iptables -I FORWARD -i tun15 -p tcp  --dport 58927 -j ACCEPT
iptables -t nat -I PREROUTING -i tun15 -p tcp --dport 58927 -j DNAT --to-destination 192.168.1.2:58927
iptables -t nat -I PREROUTING -i tun15 -p udp --dport 58927 -j DNAT --to-destination 192.168.1.2:58927

Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post

Link to post

omgitslurch    0

omgitslurch
Posted ...

Thanks zhang888,

 

Have made the change to the ones you mentioned, though currently still getting connection timeout errors when testing. iptables look is currently the following.

 

 

Chain FORWARD (policy ACCEPT 2646 packets, 200K bytes)
 pkts bytes target     prot opt in     out     source               destination         
  221 12664 ACCEPT     tcp  --  tun15  any     anywhere             anywhere             tcp dpt:58927
 7176  528K ACCEPT     udp  --  tun15  any     anywhere             anywhere             udp dpt:58927
1847K  930M ACCEPT     all  --  tun15  any     anywhere             anywhere            

 

and

 

Chain PREROUTING (policy ACCEPT 5197 packets, 475K bytes)
 pkts bytes target     prot opt in     out     source               destination         
  204 17677 DNAT       udp  --  tun15  any     anywhere             anywhere             udp dpt:58927 to:192.168.1.2:58927
  185 10332 DNAT       tcp  --  tun15  any     anywhere             anywhere             tcp dpt:58927 to:192.168.1.2:58927
 

 

Share this post

Link to post

omgitslurch    0

omgitslurch
Posted ...

Hi,

 

I noticed the packets just after I posted the reply, I know that there is no firewall running, currently looking to see if can see anything within Deluge itself which may be affecting it. As suspect that is now getting further now that made your earlier recommendation.

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...