OpenWrt Forum Archive

Topic: Virtual Interface port forwarding with UCI

The content of this topic has been archived on 30 Mar 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
Mandadan
19 Jan 2010, 09:11

Platform used: 8.09.2 x86

What is the proper way to setup virtual interface port forwarding in Kamikaze 8.09.2?

I can setup a virtual interface in kamikaze using UCI by doing the following:

root@OpenWrt:/# uci add network alias
root@OpenWrt:/# uci set network.@alias[-1].interface=wan
root@OpenWrt:/# uci set network.@alias[-1].proto=static
root@OpenWrt:/# uci set network.@alias[-1].ipaddr=1.2.3.4
root@OpenWrt:/# uci set network.@alias[-1].netmask=255.255.255.0
root@OpenWrt:/# uci commit network
root@OpenWrt:/# reboot

My problem lies however in that I need to port forward from several Wan Alias IPs to several servers on the Lan side.
In UCI I see that it is possible to create a redirect using:

root@OpenWrt:~# uci add firewall redirect
root@OpenWrt:~# uci set firewall.@redirect[-1].src=wan
root@OpenWrt:~# uci set firewall.@redirect[-1].src_dport=80
root@OpenWrt:~# uci set firewall.@redirect[-1].dest=lan
root@OpenWrt:~# uci set firewall.@redirect[-1].dest_ip=192.168.1.4
root@OpenWrt:~# uci set firewall.@redirect[-1].proto=tcp
root@OpenWrt:~# uci commit firewall
root@OpenWrt:~# /etc/init.d/firewall restart

However from what I can see it is only possible to define a Wan destination port (src_dport) but there is no way of defining a Wan destination IP which would be necessary to differentiate between the different Aliases defined. Is there any way of doing this in UCI? or must it be done in some other way?

Simply put what I require is
Public IP  -->  Private IP
1.2.3.4:80  -->  192.168.1.4:80
1.2.3.5:80  -->  192.168.1.4:81
1.2.3.4:443  -->  192.168.1.5:443
1.2.3.5:443  -->  192.168.1.5:444

thanks for any help.

Dan

Post #2
Mandadan
19 Jan 2010, 15:09

Searching some more in the forum I came across the following post which seems to have a solution to the problem, i.e. a patch to apply to uci_firewall.sh

https://forum.openwrt.org/viewtopic.php?id=21301

I have not tried it yet but reading through the post, the patch seems simple and logical.

However I see that the patch has not yet been integrated into Kamikaze as of 8.09.2 it would be really great and useful to many if it gets integrated into future versions.

The discussion might have continued from here.