Topic: Accessing forwared ports interally

The content of this topic has been archived on 19 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Page 1 of 1

Post #1

xdentan

15 May 2007, 06:49

Hi, I have installed OpenWrt for my WRT54GL router. With the default firmware I was able to forward ports, such as port 80 to 192.168.1.100, and access the forwarded ports internally from my external IP. Now that I have OpenWrt installed I can no longer access the forwarded ports through my external IP, it still works externally though. Instead of getting my server at 192.168.1.100 I get the router configuration page.

How can I get my router to function as it did before and forward ports correctly if I try to access the ports from the same router?

Here is my configuration:

forward::192.168.1.1
forward:proto=tcp dport=543:192.168.1.100
forward:proto=tcp dport=80:192.168.1.100
forward:proto=tcp dport=443:192.168.1.100
forward:proto=tcp dport=10000:192.168.1.100
forward:proto=tcp dport=817:192.168.1.100
forward:proto=tcp dport=2000-2002:192.168.1.100

The first line I thought would fix the problem but it hasn't.

Thanks

Post #2

krnlcrash

15 May 2007, 12:57

I could use help on this issue aswell.

Like you I want to access my internal server 192.168.1.2:80 by using the external ip 200.200.200.220:80 from within the LAN. Port forwarding seems to work if you access the router from the WAN, but if traffic is comming from the LAN then the port forwarding doesn't work. Packets seem to be dropped.

I'm guessing that there are other routing rules that need to be added.

Post #3

krnlcrash

15 May 2007, 15:07

little snoopin, I found the answer:
http://forum.openwrt.org/viewtopic.php?id=7716

now look for the typo. --dports is supposed to be --dport (threw me for a while)

Post #4

Hobbes

21 Aug 2007, 21:31

hello. here is something i used to reroute all defined port forwards (/etc/config/firewall) to be accessible from the lan via the external ip.

'forwarding' section of /usr/bin/firewall.awk:

     for (o in _opt) {
         print "iptables -t nat -A prerouting_wan" _opt[o] str2ipt($2) target
         print "iptables        -A forwarding_wan" _opt[o] " -d " $3 fwopts " -j ACCEPT"
+        print "iptables -t nat -A prerouting_rule -i $LAN -d $WANIP" _opt[o] str2ipt($2) target
+        print "iptables        -A forwarding_rule -i $LAN" _opt[o] " -d " $3 fwopts " -j ACCEPT"
+        print "iptables -t nat -A postrouting_rule -o $LAN -s $LANIP/$LANNETMASK" _opt[o] " -d " $3 fwopts " -j SNAT --to-source $LANIP"
         print ""
     }
 }

additionally you will need to set and pass the environment variables used from the outside, i.e. /etc/init.d/S35firewall:

 
 . /etc/functions.sh
 WAN="$(nvram get wan_ifname)"
+WANIP="$(ip -f inet addr | grep $WAN | grep inet | grep -v grep | awk '{print $2;}')"
 WANDEV="$(nvram get wan_device)"
 LAN="$(nvram get lan_ifname)"
+LANIP="$(nvram get lan_ipaddr)"
+LANNETMASK="$(nvram get lan_netmask)"
 
 ## CLEAR TABLES
 for T in filter nat; do

and:

 
 ## USER RULES
 [ -f /etc/firewall.user ] && . /etc/firewall.user
-[ -e /etc/config/firewall ] && { awk -f /usr/lib/common.awk -f /usr/lib/firewall.awk /etc/config/firewall | ash }
+[ -e /etc/config/firewall ] && {
+    ( \
+      echo "LAN=$LAN" ; \
+      echo "LANIP=$LANIP" ; \
+      echo "LANNETMASK=$LANNETMASK" ; \
+      echo "WAN=$WAN" ; \
+      echo "WANIP=$WANIP" ; \
+      awk -f /usr/lib/common.awk -f /usr/lib/firewall.awk /etc/config/firewall \
+    ) \
+    | ash
+}

note: this is white russian, not kamikaze.

The discussion might have continued from here.

Page 1 of 1