OpenWrt Forum Archive

Topic: Portforwarding just won't work

The content of this topic has been archived on 31 Mar 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
Manji
22 Feb 2008, 14:48

Hi !


I've already found some Posts here with a similar problem, where Portforwarding stopped working after a while.
But in my Configuration the Portforwarding won't work at all.

Never got a connection from WAN to the Cam Server sad

Here's my Setup :

ASUS - WL500gP             
Kamikaze 7.09 (no XWRT)

Behind that Router i have a CameraServer(192.168.101.150) which is accessible on Port 81.
In Addition to that the Router connects via OpenVPN to a Server in the HQ and i have eth0.0 & tap0 bridged in br-lan.
(might this be the problem?)

So here's what i changed in my config files :

in   /etc/firewall.user

iptables -t nat -A PREROUTING -i wan -p tcp --dport 81 -j DNAT --to 192.168.101.150
iptables        -A FORWARD -i wan -p tcp --dport 81 -d 192.168.101.150 -j ACCEPT

- i also tried with 192.168.101.150:81 at the end - no difference

in /etc/config/firewall 

forward:dport=81:192.168.101.150:81

~# iptables -L shows :

Chain FORWARD (policy DROP)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere            state INVALID
TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
forwarding_rule  all  --  anywhere             anywhere
forwarding_wan  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             192.168.101.150     tcp dpt:81
.
.
.
Chain forwarding_wan (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             192.168.101.150     tcp dpt:81
ACCEPT     udp  --  anywhere             192.168.101.150     udp dpt:81

any hints in this ?

Manji

Post #2
Tex-Twil
22 Feb 2008, 17:39

Hi,

Manji wrote:

Hi !
Never got a connection from WAN to the Cam Server sad

how do you check exactly that the port accepts connections ?

Tex

Post #3
Manji
25 Feb 2008, 12:47

Hi

On the CAM Server ?
When i try to connect to the Cam Server from within the local network it accepts connetions on port 81.

Manji

Post #4
kaporal
6 Mar 2008, 09:14

I have similar problem.
When i do a port forwarding or simply:
iptables -P FORWARD DROP

All connections that already forward my router works!.

Example:
If i do a ping through my router to google, and i put the policy of dropping all forwarding, this ping reach google. But if i do another ping, the new one does no reach google. I can have one ping reaching google and other (if i do it after the iptables rule) that can not reach google.

It is a iptables wrong behaviour????

If you do the same example to the router and the default policy for input chain is drop, works for the "new" pings and the older one!!!!
Why does not work with forwarding???

The same problem i have with the next rule:
/usr/sbin/iptables -t nat -I PREROUTING -p icmp -s $laptop -j DNAT --to-destination $AP

The ping done before the rule ignore it!!!!

Thanks.

The discussion might have continued from here.