Jump to content


Photo

How to forward ports in DD-WRT & Tomato with iptables

DD-WRT Tomato port forwarding iptables OpenWRT

  • This topic is locked This topic is locked
No replies to this topic

#1 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 6791 posts

Posted 20 April 2013 - 12:08 AM

HOW TO FORWARD PORTS TO YOUR DEVICES WITH IPTABLES
 
You need to create a basic DNAT on your router. Remember that the router GUI forwards ports from the WAN to LAN. When connected to the VPN you must forward ports from TUN to LAN. Therefore, it is imperative that you do NOT forward ports in the GUI of the router.
 
Assuming that:

  • destIP is the IP address of the destination device
  • port is the port you wish to forward to that device
  • tun1 is the tun interface of your router (please check! on some routers it can be tun0, on Tomato it can be tun11)
  • you need to forward both TCP and UDP packets

you need to add the following rules. Please note that the following rules do NOT replace your already existing rules, you just have to add them.
 
iptables -I FORWARD -i tun1 -p udp -d destIP --dport port -j ACCEPT
iptables -I FORWARD -i tun1 -p tcp -d destIP --dport port -j ACCEPT
iptables -t nat -I PREROUTING -i tun1 -p tcp --dport port -j DNAT --to-destination destIP
iptables -t nat -I PREROUTING -i tun1 -p udp --dport port -j DNAT --to-destination destIP
 
Note: if your router firmware iptables supports the multiport module you can use --match option to make your rules set more compact. Please see here, thanks to Mikeyy https://airvpn.org/topic/14991-asuswrt-merlin-multiple-ports/#entry31221
 
Kind regards







0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Servers online. Online Users: 13820 - BW: 46163 Mbit/sYour IP: 54.80.29.228Guest Access.