Given, this topic has been posted elsewhere, but the answers are not working for me for some reason. I have 6 static IP's coming into my office, and I want to use port forwarding to associate a given public IP with a private IP on an internal web server.
I have assigned each of the public IP's to the WAN interface by using vlan1:0, vlan1:1, vlan:2 etc.
In the example below, I am trying to redirect traffic coming in on interface vlan1:1 (209.223.7.36) to internal IP 192.168.1.2
First I tried specifying the incoming IP address directly in the rule, then i tried specifying the incoming interface vlan1:x.....which one is right?
This is supposed to be pretty straightforward but for whatever reason i can't get it going. Here is my firewall.user file with port forwarding rules and notations on bottom:
#!/bin/sh
. /etc/functions.sh
WAN=$(nvram get wan_ifname)
LAN=$(nvram get lan_ifname)
iptables -F input_rule
iptables -F output_rule
iptables -F forwarding_rule
iptables -t nat -F prerouting_rule
iptables -t nat -F postrouting_rule
### BIG FAT DISCLAIMER
### The "-i $WAN" literally means packets that came in over the $WAN interface;
### this WILL NOT MATCH packets sent from the LAN to the WAN address.
### NAT Rules going out to internet
iptables -t nat -A POSTROUTING -o $LAN -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A FORWARD -i eth1 -o vlan1 -j ACCEPT
### Allow SSH on the WAN interface
# iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j ACCEPT
# iptables -A input_rule -i $WAN -p tcp --dport 22 -j ACCEPT
### Port forwarding
#iptables -t nat -A PREROUTING -p tcp -d 209.223.7.36 --dport 80 -j DNAT --to 192.168.1.2 <---FIRST ATTEMPT
iptables -t nat -A PREROUTING -i vlan1:1 -j DNAT --to 192.168.1.2
<----CURRENT ATTEMPT is these 2 lines
iptables -A FORWARD -i vlan1:1 -d 192.168.1.2 -j ACCEPT
i can do this all day long on my shorewall linux box, but can't get it right on the WRT.
(Last edited by roninhockley on 19 Feb 2006, 08:32)