OpenWrt Forum Archive

Topic: Backfire Firewall Config

The content of this topic has been archived on 25 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
napierzaza
2 Aug 2010, 15:28

Hi, I'm currently migrating from Kamikaze (earlier version) to Backfire. Can someone tell me how to work the UCI firewall? I read this document http://wiki.openwrt.org/doc/uci/firewall. It appears to have a method of forwarding a specific port to a specific IP, but it does not appear to have a method to change the port from something like "2222" at the gateway to "22" on the end device. This is a pretty basic need, since I want more than just the router's sshd to be available on the internet. Would this config work?

config redirect
        option src wan
        option src_dport 2222
        option proto tcp
        option dest_ip 192.168.1.10
        dest_port 22

I also wonder if this is valid for a range?
config redirect
        option src wan
        option src_dport 49150-49159
        option proto tcp
        option dest_ip 192.168.1.56

(Last edited by napierzaza on 2 Aug 2010, 15:36)

Post #2
napierzaza
3 Aug 2010, 16:23

Okay, so this does nothing.

It appears that my old "prerouting_wan" and "forwarding_wan" tables aren't there anymore. Does anyone know the new config?

iptables -t nat -A prerouting_wan -p tcp --dport 49150:49159 -j DNAT --to 192.168.1.56
iptables        -A forwarding_wan -p tcp --dport 49150:49159 -d 192.168.1.56 -j ACCEPT

The discussion might have continued from here.