The content of this topic has been archived on 28 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.
Hi,
I want to route the 8000 port to an ip on the wrt's sublan, so i wrote that in firewall.user and executed it :
iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 8000 -j DNAT --to 192.168.2.148:8000
iptables -A forwarding_rule -i $WAN -p tcp --dport 8000 -d 192.168.2.148But it won't work :x
Can someone help ?
Thanks,
xiutecutli
My nvram show (my wrt is in Client mode (Bridge) )
root@OpenWrt:~# nvram show | less
wl_radius_port=1812
wl_mac_deny=
filter_dport_grp3=
filter_dport_grp4=
wl_ap_ssid=
filter_dport_grp5=
filter=on
wan_unit=0
wl0_net_mode=mixed
filter_dport_grp6=
os_ram_addr=80001000
filter_dport_grp7=
wl0_frameburst=off
filter_dport_grp8=
filter_dport_grp9=
ddns_username_2=
log_ipaddr=0
boardrev=0x10
il0macaddr=00:13:10:e6:14:4f
ppp_idletime=5
ppp_passwd=
ddns_enable=0
bootnv_ver=2
et0macaddr=00:13:10:E6:14:4D
qos_appport1=0
skip_intel_check=0
wl0_wep_buf=
qos_appport2=0
ddns_hostname_buf=
d11g_mode=1
wan_get_dns=
wl0_akm=none
wl_maxassoc=128
qos_appport3=0
boot_wait=on
watchdog=5000
wl0_macmode1=disabled
wl_phytypes=
filter_web_host1=
qos_appport4=0
action_service_arg1=
wl0_infra=1
filter_web_host2=
qos_appport5=0
wl0_country_code=ALL
wl0_key2=
pppoe_static_ip=
filter_mac_grp5=
wl_lazywds=1
sel_qossmtp=0
wl0_key3=
filter_mac_grp6=
sel_qospop3=0
wl0_key4=
filter_mac_grp7=
filter_mac_grp8=
filter_client0=
filter_mac_grp9=
filter_maclist=
pptp_pass=1
pptp_get_ip=
wl_auth_mode=none
ppp_demand=1
mtu_enable=0
ppp_keepalive=0
block_activex=0
d11g_rts=2347
remote_mgt_https=0
wl_wpa_psk=
http_passwd=admin
ag0=255
block_wan=1
lan_stp=0
wl0_wme_ap_vi=7 15 1 6016 3008 off
skip_amd_check=0
wl_mode=ap
wl0_plcphdr=long
wl0_rate=0
wl0_closed=0
wl_wpa_gtk_rekey=3600
d11g_rateset=default
wl0_macmode=disabled
wl0_radioids=BCM2050
lan_dhcp=0
wl0_wme_ap_vo=3 7 1 3264 1504 off
sel_qoshttp=0
wl0_phytype=g
wl0gpio2=0
dr_wan_rx=0
filter_tod_buf1=
wl0_lazywds=1
filter_port_grp6=
router_disable=0
ddns_username=
filter_port_grp7=
ddns_passwd=
pppoe_passwd=
filter_port_grp8=
filter_port_grp9=
ses_led_assertlvl=0
ppp_ac=
log_enable=1
sdram_config=0x0062
sel_qosftp=0
filter_web_url10=
wl0_country=Worldwide
wl_atten_bb=3
dmz_ipaddr=102
vlan1ports=0 5
security_mode_last=
wl_wds=
ddns_hostname_2=
scratch=a0180000
eou_private_key=a81be557d5543630af3be065dbf5d401060d9e6eaa9651b9b6ac2deb56c56fa5631418e10a8f7801db5c7978a53461826ab1c321ceefe16812a6cd25cbb313bf412b3137dcdb0fc8a56a576a1522e73e3dcde91c85b9e7b46010ea2800285b664f1e5c69c199878685cf4edc82ded5557455bdb396024310d612bff56e3863f1
filter_summary=0
ccode=0
wl0_rateset=default
wl0_wep_bit=64
port_flow_control_1=1
pppoe_idletime=5
wl_wme=off
port_flow_control_2=1
ping_times=5
eou_device_id=ZWP9JETZ
get_mac=00:13:10:E6:14:4D
port_flow_control_3=1
wan_primary=1
lan_ifname=br0
wl_wme_ap_vi=7 15 1 6016 3008 off
port_flow_control_4=1
filter_services=$NAME:003:DNS$PROT:003:udp$PORT:005:53:53< >$NAME:004:Ping$PROT:004:icmp$PORT:003:0:0< >$NAME:004:HTTP$PROT:003:tcp$PORT:005:80:80< >$NAME:005:HTTPS$PROT:003:tcp$PORT:007:443:443< >$NAME:003:FTP$PROT:003:tcp$PORT:005:21:21< >$NAME:004:POP3$PROT:003:tcp$PORT:007:110:110< >$NAME:004:IMAP$PROT:003:tcp$PORT:007:143:143< >$NAME:004:SMTP$PROT:003:tcp$PORT:005:25:25< >$NAME:004:NNTP$PROT:003:tcp$PORT:007:119:119< >$NAME:006:Telnet$PROT:003:tcp$PORT:005:23:23< >$NAME:004:SNMP$PROT:003:udp$PORT:007:161:161< >$NAME:004:TFTP$PROT:003:udp$PORT:005:69:69< >$NAME:003:IKE$PROT:003:udp$PORT:007:500:500< >
sdram_init=0x010b
filter_tod9=
aol_block_traffic=0
wl_ap_isolate=0
lan_wins=
vlan0hwname=et0
wl_tssi_result= 16
wl_mac_list=
lan_hwnames=
dl_ram_addr=a0001000
pppoe_demand=1
wl_wme_no_ack=off
wl0_radius_key=
filter_dport_grp10=
ddns_username_buf=
wl0_wme_ap_be=15 63 3 0 0 off
wl0_corerev=7
wl_key=1
wl0_channel=10
wl0_wds_timeout=1
dr_setting=0
upnp_enable=1
wl0_wme_ap_bk=15 1023 7 0 0 off
ddns_status=
filter_rule10=
wl_atten_ctl=48
ses_sw_btn_status=DEFAULTS
wl0_auth_mode=none
wl_closed=0
boot_ver=v3.4
autofw_port0=
wl0_crypto=tkip
boardnum=42
language=FR
wl0_ap_ip=
def_hwaddr=00:00:00:00:00:00
wl_delay=1
wl_bcn=100
wl_wep_buf=
eou_public_key=be8603ec13e7f9261bee86d9d727ac0128fe5e3927bb6db0578fefc673684b5509e393a9b6a299132bcf345588082a3e78eb98e20ca976ed6a78c65e08fe277414ab93bda53f2247e05fca7a7f800e0553acefd1ffde8496151684be5ad5a25f791244ae6e84ff71b89168391506c6b26c0c50d38ca314ddf10ebfa6ca9ff6d711
get_sn_index=0
wl_ap_ip=
filter_dport_grp1=
wl_antdiv=-1
filter_dport_grp2=Hi,
I want to route the 8000 port to an ip on the wrt's sublan, so i wrote that in firewall.user and executed it :
iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 8000 -j DNAT --to 192.168.2.148:8000 iptables -A forwarding_rule -i $WAN -p tcp --dport 8000 -d 192.168.2.148But it won't work :x
Can someone help ?
Thanks,
xiutecutli
Hi,
I think in the second rule you should tell iptables what to do:
iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 8000 -j DNAT --to 192.168.2.148:8000
iptables -A forwarding_rule -i $WAN -p tcp --dport 8000 -d 192.168.2.148 -j ACCEPTThis is just a guess, I have not tested it...
--
Mate
Won't work.
Thank you anyway
Could you post your whole /etc/firewall.user script?
--
Mate
#!/bin/sh
. /etc/functions.sh
WAN=$(nvram get wan_ifname)
LAN=$(nvram get lan_ifname)
iptables -F input_rule
iptables -F output_rule
iptables -F forwarding_rule
iptables -t nat -F prerouting_rule
iptables -t nat -F postrouting_rule
### BIG FAT DISCLAIMER
### The "-i $WAN" literally means packets that came in over the $WAN interface;
### this WILL NOT MATCH packets sent from the LAN to the WAN address.
### Allow SSH on the WAN interface
# iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j ACCEPT
# iptables -A input_rule -i $WAN -p tcp --dport 22 -j ACCEPT
### Port forwarding
# iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 30000 -j DNAT --to 192.168.2.133
iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 8000 -j DNAT --to 192.168.2.148:8000
iptables -A forwarding_rule -i $WAN -p tcp --dport 8000 -d 192.168.2.148 -j ACCEPT
### DMZ (should be placed after port forwarding / accept rules)
# iptables -t nat -A prerouting_rule -i $WAN -j DNAT --to 192.168.1.2
# iptables -A forwarding_rule -i $WAN -d 192.168.1.2 -j ACCEPT
# VPN
iptables -I INPUT -i tap0 -j ACCEPT
iptables -I OUTPUT -o tap0 -j ACCEPT
iptables -I FORWARD -i tap0 -j ACCEPT
iptables -I FORWARD -o tap0 -j ACCEPT
iptables -t nat -I POSTROUTING -o tap0 -j MASQUERADE
reup :x
### BIG FAT DISCLAIMER
### The "-i $WAN" literally means packets that came in over the $WAN interface;
### this WILL NOT MATCH packets sent from the LAN to the WAN address.
Read it carefully.
The changes will work, but they won't be visible from your side of the router; you will need to test it from another internet connection.
I've a client upstream my router in another sublan (the sublan of my modem which is a router too, it has a DMZ on my wrt) and when I try to reach it from the modem's sublan it won't too.
Modem --------------------- wifi ---------------- OpenWRT
192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
Two Clients. 4 Clients.
EDIT : I tried to ping my wrt from the modem's sublan and it timeout 
(Last edited by xiutecutli on 11 Feb 2006, 11:53)
The discussion might have continued from here.