guppy 10 Posted ... I'm having a bit of trouble getting port forwarding to work. I run the VPN tunnel on my router ( Tomato firmware ) It's set up per the guide - with a few extras; Firewall iptables -I FORWARD -i br0 -o tun11 -j ACCEPT iptables -I FORWARD -i tun11 -o br0 -j ACCEPT iptables -I FORWARD ! -o tun11 -s 192.168.1.203 -j DROP iptables -I FORWARD ! -o tun11 -s 192.168.1.204 -j DROP iptables -I FORWARD ! -o tun11 -s 192.168.1.200 -j DROP iptables -I INPUT -i tun11 -j REJECT iptables -t nat -A POSTROUTING -o tun11 -j MASQUERADE associated up/down scripts; root@unknown:/jffs# cat vpn1_up.sh #!/bin/sh ip route flush table 200 ip route flush cache ip rule add from 192.168.1.203 lookup 200 ip rule add from 192.168.1.204 lookup 200 ip rule add from 192.168.1.200 lookup 200 VPN_GW=`ifconfig tun11 | awk '/inet addr/ {split ($2,A,":"); print A[2]}'` ip route add table 200 default via $VPN_GW dev tun11 root@unknown:/jffs# cat vpn1_down.sh #!/bin/sh ip rule del from 192.168.1.203 lookup 200 ip rule del from 192.168.1.204 lookup 200 ip rule del from 192.168.1.200 lookup 200 Basically everything from 192.168.1.[200|203|204] is being forcefully redirected though vpn tunnel 1 and when the tunnel is down they are being denied access to the net. This part works perfectly and has for quite some time - how ever I now want to forward a port to 204 I've gotten a port in the client area and set up port forwarding in the router like so;PROTO: UDP+TCPsrc addr: (blank = no limit)external port: 12345 ( made up port, I obviously used the real one given in the client area )internal port: 8088internal addr: 192.168.1.204 The service ( a webserver ) is bound to 0.0.0.0:8088 When I ;locally connect to 192.168.1.204:8088 it works connect to my external non vpn ip :12345 it doesn't work connect to air vpn 'Mapped to public IP' : 12345 it doesn't work 2. is not surprising since the service can't reply outside of the tunnel 3. is the problem - it should work as far as I can tell, unless there is something in my "extras" that prevents it from working. Sadly I'm not nearly as good at ip tables as I would like so that's entirely possible. Any help solving this would be greatly appreciated. Quote Share this post Link to post
go558a83nk 364 Posted ... https://airvpn.org/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables/?hl=%2Bport+%2Bforward+%2Btomato Quote Share this post Link to post
guppy 10 Posted ... https://airvpn.org/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables/?hl=%2Bport+%2Bforward+%2Btomato Thanks I guess I'll have to dig into iptables documentations again to figure out how to forward to a different internal port Quote Share this post Link to post
go558a83nk 364 Posted ... https://airvpn.org/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables/?hl=%2Bport+%2Bforward+%2Btomato Thanks I guess I'll have to dig into iptables documentations again to figure out how to forward to a different internal port There's not much that hasn't been talked about at some point in these forums. Just search for it as I know mapping to a different internal port has been discussed. Quote Share this post Link to post
guppy 10 Posted ... apparently you can optionally add a port like so; iptables -t nat -I PREROUTING -i tun1 -p tcp --dport port -j DNAT --to-destination destIP:destPort would be good if the guide could be edited to include that. 1 go558a83nk reacted to this Quote Share this post Link to post
Not connected, Your IP: 18.189.170.65
Online: 27744 users - 361716 Mbit/s total BW