Jump to content
Not connected, Your IP: 44.204.94.166
guppy

Port forwarding troubles [Tomato]

Recommended Posts

I'm having a bit of trouble getting port forwarding to work.

 

I run the VPN tunnel on my router ( Tomato firmware )

 

It's set up per the guide - with a few extras;

 

Firewall

 

iptables -I FORWARD -i br0 -o tun11 -j ACCEPT
iptables -I FORWARD -i tun11 -o br0 -j ACCEPT
iptables -I FORWARD ! -o tun11 -s 192.168.1.203 -j DROP
iptables -I FORWARD ! -o tun11 -s 192.168.1.204 -j DROP
iptables -I FORWARD ! -o tun11 -s 192.168.1.200 -j DROP
iptables -I INPUT -i tun11 -j REJECT
iptables -t nat -A POSTROUTING -o tun11 -j MASQUERADE 

 

associated up/down scripts;

 

root@unknown:/jffs# cat vpn1_up.sh 

 

#!/bin/sh
ip route flush table 200
ip route flush cache
ip rule add from 192.168.1.203 lookup 200
ip rule add from 192.168.1.204 lookup 200
ip rule add from 192.168.1.200 lookup 200
VPN_GW=`ifconfig tun11 | awk '/inet addr/ {split ($2,A,":"); print A[2]}'`
ip route add table 200 default via $VPN_GW dev tun11

 

root@unknown:/jffs# cat vpn1_down.sh 

 

#!/bin/sh
ip rule del from 192.168.1.203 lookup 200
ip rule del from 192.168.1.204 lookup 200
ip rule del from 192.168.1.200 lookup 200

 

Basically everything from 192.168.1.[200|203|204] is being forcefully redirected though vpn tunnel 1 and when the tunnel is down they are being denied access to the net.

 

This part works perfectly and has for quite some time - how ever I now want to forward a port to 204

 

I've gotten a port in the client area and set up port forwarding in the router like so;

  • PROTO: UDP+TCP
  • src addr: (blank = no limit)
  • external port: 12345  ( made up port, I obviously used the real one given in the client area )
  • internal port: 8088
  • internal addr: 192.168.1.204

 

The service ( a webserver ) is bound to 0.0.0.0:8088 

When I ;

  1. locally connect to 192.168.1.204:8088 it works
  2. connect to my external non vpn ip :12345 it doesn't work
  3. connect to air vpn 'Mapped to public IP' : 12345 it doesn't work

 

2. is not surprising since the service can't reply outside of the tunnel

 

3. is the problem - it should work as far as I can tell, unless there is something in my "extras" that prevents it from working. 

 

Sadly I'm not nearly as good at ip tables as I would like so that's entirely possible.

 

Any help solving this would be greatly appreciated.

Share this post


Link to post

 

 

Thanks I guess I'll have to dig into iptables documentations again to figure out how to forward to a different internal port

 

 

There's not much that hasn't been talked about at some point in these forums.  Just search for it as I know mapping to a different internal port has been discussed.

Share this post


Link to post

apparently you can optionally add a port like so;

 

iptables -t nat -I PREROUTING -i tun1 -p tcp --dport port -j DNAT --to-destination destIP:destPort

would be good if the guide could be edited to include that.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...