I'm running openwrt (kamikaze bleeding edge r17821, kernel 2.6.30.8) with X-WRT webif2 (r4827)
on a WRT54GS-TM
with the default vlan configuration:
one WAN port plus one 4-port LAN switch (4 remaining ports bridged with wifi)

config 'switch' 'eth0'
        option 'vlan0' '0 1 2 3 5*'
        option 'vlan1' '4 5*'      

config 'interface' 'loopback'
        option 'ifname' 'lo' 
        option 'proto' 'static'
        option 'ipaddr' '127.0.0.1'
        option 'netmask' '255.0.0.0'

config 'interface' 'lan'
        option 'proto' 'static'
        option 'netmask' '255.255.255.0'
        option 'type' 'bridge'
        option 'dns' ' 192.168.1.254 68.238.112.12 71.252.0.12'
        option 'ifname' 'eth0.0'
        option 'ipaddr' '192.168.1.2'
        option 'gateway' '192.168.1.1'

config 'interface' 'wan'
        option 'ifname' 'eth0.1'
        option 'defaultroute' '1'
        option 'netmask' '255.255.255.0'
        option 'proto' 'static'
        option 'ipaddr' '192.168.2.1'

For testing my router's configuration,
I've connected a laptop to the WAN port
and configured the router's WAN interface to be 192.168.2.1/255.255.255.0
and the router's LAN interface to be 192.168.1.2/255.255.255.0
and the laptop's eth0 to be 192.168.2.3/255.255.255.0 with a route to 192.168.1.0/24 via eth0
I have another router serving as internet gateway with internal ip of 192.168.1.1/24

My laptop's eth0 configuration:

ifconfig eth0 192.168.2.3 netmask 255.255.255.0 broadcast 192.168.2.255
route add -net 192.168.1.0 netmask 255.255.255.0 gateway 192.168.2.3 eth0

I would like to setup port forwarding on my X-WRT router so that if I connect from my laptop
to the router's WAN on port 8080, I get redirected to a webserver at 192.168.1.44:8080

So I configured this minimal /etc/config/firewall

config 'defaults'
        option 'syn_flood' '1'
        option 'input' 'ACCEPT'
        option 'output' 'ACCEPT'
        option 'forward' 'REJECT'

config 'zone'
        option 'name' 'lan'
        option 'input' 'ACCEPT'
        option 'output' 'ACCEPT'
        option 'forward' 'REJECT'

config 'zone'
        option 'name' 'wan'
        option 'input' 'REJECT'
        option 'output' 'ACCEPT'
        option 'forward' 'REJECT'
        option 'masq' '1'

config 'forwarding'
        option 'src' 'lan'
        option 'dest' 'wan'
        option 'mtu_fix' '1'

#config 'include'
#       option 'path' '/etc/firewall.user'

config 'rule'
        option 'target' 'ACCEPT'
        option 'src' 'wan'
        option '_name' 'ping'
        option 'proto' 'icmp'
        option 'icmp_type' '8'
        option 'dest' ''
        option 'src_ip' ''
        option 'dest_ip' ''
        option 'dest_port' ''

config 'redirect' 'http'
        option 'src' 'wan'
        option 'src_dport' '8080'
        option 'dest' 'lan'
        option 'dest_ip' '192.168.1.44'
        option 'dest_port' '8080'
        option 'proto' 'tcpudp'

I can ping my X-WRT router's WAN from my laptop
but browsing to http://192.168.2.1:8080 times out
with following dmesg

forwarding_rule:DROP IN=eth0.1 OUT=br-lan SRC=192.168.2.3 DST=192.168.1.44 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=60820 DF PROTO=TCP SPT=1945 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0

What's the easiest way to configure simple port forwarding WAN:8080 -> internal_host:8080 ?
Can this be achieved using the latest webif2 firewall page?
Or do I need to manually edit /etc/config/firewall or use uci?
Or do I need manual /etc/firewall.user rules?


# uci show firewall.http

firewall.http=redirect
firewall.http.src=wan
firewall.http.src_dport=8080
firewall.http.dest=lan
firewall.http.dest_ip=192.168.1.44
firewall.http.dest_port=8080
firewall.http.proto=tcpudp

Or am I maybe missing some kernel module?
# opkg list_installed|grep kmod

kmod-b43 - 2.6.30.8+2009-08-20-2 -
kmod-b43legacy - 2.6.30.8+2009-08-20-2 -
kmod-crc-ccitt - 2.6.30.8-1 -
kmod-crypto-aes - 2.6.30.8-1 -
kmod-crypto-arc4 - 2.6.30.8-1 -
kmod-crypto-core - 2.6.30.8-1 -
kmod-diag - 2.6.30.8-5 -
kmod-ebtables - 2.6.30.7-1 -
kmod-ebtables-ipv4 - 2.6.30.8-1 -
kmod-ebtables-ipv6 - 2.6.30.8-1 -
kmod-ip6-tunnel - 2.6.30.8-1 -
kmod-ip6tables - 2.6.30.7-1 -
kmod-ipt-conntrack - 2.6.30.8-1 -
kmod-ipt-conntrack-extra - 2.6.30.7-1 -
kmod-ipt-core - 2.6.30.8-1 -
kmod-ipt-extra - 2.6.30.7-1 -
kmod-ipt-ipopt - 2.6.30.7-1 -
kmod-ipt-nat - 2.6.30.8-1 -
kmod-ipt-nat-extra - 2.6.30.7-1 -
kmod-ipt-nathelper - 2.6.30.8-1 -
kmod-iptunnel6 - 2.6.30.8-1 -
kmod-ipv6 - 2.6.30.7-1 -
kmod-mac80211 - 2.6.30.8+2009-08-20-2 -
kmod-ppp - 2.6.30.8-1 -
kmod-pppoe - 2.6.30.8-1 -
kmod-sit - 2.6.30.7-1 -
kmod-switch - 2.6.30.8-2 -

# opkg list_installed|grep iptables

iptables - 1.4.4-2 -
iptables-mod-conntrack - 1.4.4-2 -
iptables-mod-nat - 1.4.4-2 -
iptables-utils - 1.4.4-2 -

I upgraded from kamikaze 8.09 to snapshot
because http://forum.x-wrt.org/index.php/topic, … ml#msg5984
reported that port forwarding was broken in 8.09 but fixed in trunk.

THANKS.

(Last edited by redwood on 7 Oct 2009, 05:30)