Jump to content
Not connected, Your IP: 54.221.110.87
Staff

How to forward ports in DD-WRT & Tomato with iptables

Recommended Posts

HOW TO FORWARD PORTS TO YOUR DEVICES WITH IPTABLES
 
You need to create a basic DNAT on your router. Remember that the router GUI forwards ports from the WAN to LAN. When connected to the VPN you must forward ports from TUN to LAN. Therefore, it is imperative that you do NOT forward ports in the GUI of the router.
 
Assuming that:

  • destIP is the IP address of the destination device
  • port is the port you wish to forward to that device
  • tun1 is the tun interface of your router (please check! on some routers it can be tun0, on Tomato it can be tun11)
  • you need to forward both TCP and UDP packets

you need to add the following rules. Please note that the following rules do NOT replace your already existing rules, you just have to add them.
 
iptables -I FORWARD -i tun1 -p udp -d destIP --dport port -j ACCEPT
iptables -I FORWARD -i tun1 -p tcp -d destIP --dport port -j ACCEPT
iptables -t nat -I PREROUTING -i tun1 -p tcp --dport port -j DNAT --to-destination destIP
iptables -t nat -I PREROUTING -i tun1 -p udp --dport port -j DNAT --to-destination destIP
 
Note: if your router firmware iptables supports the multiport module you can use --match option to make your rules set more compact. Please see here, thanks to Mikeyy https://airvpn.org/topic/14991-asuswrt-merlin-multiple-ports/?do=findComment&comment=31221
 
Kind regards

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...