OpenWrt Forum Archive

Topic: Forwarding ports from WAN with IP Tables

The content of this topic has been archived on 18 Mar 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
robot682
10 Apr 2009, 00:20

Hi,

I'm an openwrt newbie.  I am using an Openwrt router functioning as my gateway on my home network.  For the purpose of clarity i will say that the network uses an  address of 192.168.1.0/24.  The Openwrt router is at an address of 192.168.1.1/24.  My roommate has a Sonicwall VPN router connected to my network, via its WAN connection, with a static ip of 192.168.1.22/24. It is using my Openwrt router as its default gateway.

My roommate can VPN out, but would like to vpn back into his home pc.  His router is set up to forward the proper ports and it worked at his old apartment.  I need to forward port 500 from the WAN connection of the Openwrt router to 192.168.1.22.

I am having trouble finding or understanding the examples of how to perform this.  I would appreciate any assistance setting up the proper firewall and forwarding rules.

Thank You,
Sam

Post #2
Netzfetz
10 Apr 2009, 09:05

Hi,

that should be fairly easy. On OpenWRT Kamikaze add this to the file "/etc/config/firewall":

config redirect
    option src            wan
    option src_dport    500
    option dest            lan
    option dest_ip        192.168.1.22
    option dest_port    500
    option proto        tcp

On the older WhiteRussian use iptables directly in the file "/etc/firewall.user":

iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 500 -j DNAT --to 192.168.1.22
iptables        -A forwarding_rule -i $WAN -p tcp --dport 500 -d 192.168.1.22 -j ACCEPT

Notice: if your VPN uses udp instead of tcp you have to replace all "tcp" with "udp" in the code above.
If you don't know just try smile

The discussion might have continued from here.