I'm running one script to forward ports through the VPN but over time when I check the log I am seeing multiple entries.
Destination Proto. Port range Redirect to Local port Chain
ALL UDP 8095 192.168.1.181 8095 PREROUTING
ALL TCP 8095 192.168.1.181 8095 PREROUTING
ALL UDP 8090 192.168.1.39 8090 PREROUTING
ALL TCP 8090 192.168.1.39 8090 PREROUTING
ALL UDP 7000 192.168.1.50 7000 PREROUTING
ALL TCP 7000 192.168.1.50 7000 PREROUTING
ALL UDP 5000 192.168.1.50 5000 PREROUTING
ALL TCP 5000 192.168.1.50 5000 PREROUTING
ALL UDP 8999 192.168.1.1 8999 PREROUTING
ALL TCP 8999 192.168.1.1 8999 PREROUTING
ALL UDP 8095 192.168.1.181 8095 PREROUTING
ALL TCP 8095 192.168.1.181 8095 PREROUTING
ALL UDP 8090 192.168.1.39 8090 PREROUTING
ALL TCP 8090 192.168.1.39 8090 PREROUTING
ALL UDP 7000 192.168.1.50 7000 PREROUTING
ALL TCP 7000 192.168.1.50 7000 PREROUTING
ALL UDP 5000 192.168.1.50 5000 PREROUTING
ALL TCP 5000 192.168.1.50 5000 PREROUTING
ALL UDP 8999 192.168.1.1 8999 PREROUTING
ALL TCP 8999 192.168.1.1 8999 PREROUTING
ALL UDP 8095 192.168.1.181 8095 PREROUTING
ALL TCP 8095 192.168.1.181 8095 PREROUTING
ALL UDP 8090 192.168.1.39 8090 PREROUTING
ALL TCP 8090 192.168.1.39 8090 PREROUTING
ALL UDP 7000 192.168.1.50 7000 PREROUTING
ALL TCP 7000 192.168.1.50 7000 PREROUTING
ALL UDP 5000 192.168.1.50 5000 PREROUTING
ALL TCP 5000 192.168.1.50 5000 PREROUTING
ALL UDP 8999 192.168.1.1 8999 PREROUTING
ALL TCP 8999 192.168.1.1 8999 PREROUTING
The code is,
#!/bin/sh
sleep 3
iptables -I FORWARD -i tun11 -p udp -d 192.168.1.1 --dport 8999 -j ACCEPT
iptables -I FORWARD -i tun11 -p tcp -d 192.168.1.1 --dport 8999 -j ACCEPT
iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 8999 -j DNAT --to-destination 192.168.1.1
iptables -t nat -I PREROUTING -i tun11 -p udp --dport 8999 -j DNAT --to-destination 192.168.1.1
iptables -I FORWARD -i tun11 -p udp -d 192.168.1.50 --dport 5000 -j ACCEPT
iptables -I FORWARD -i tun11 -p tcp -d 192.168.1.50 --dport 5000 -j ACCEPT
iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 5000 -j DNAT --to-destination 192.168.1.50
iptables -t nat -I PREROUTING -i tun11 -p udp --dport 5000 -j DNAT --to-destination 192.168.1.50
iptables -I FORWARD -i tun11 -p udp -d 192.168.1.50 --dport 7000 -j ACCEPT
iptables -I FORWARD -i tun11 -p tcp -d 192.168.1.50 --dport 7000 -j ACCEPT
iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 7000 -j DNAT --to-destination 192.168.1.50
iptables -t nat -I PREROUTING -i tun11 -p udp --dport 7000 -j DNAT --to-destination 192.168.1.50
iptables -I FORWARD -i tun11 -p udp -d 192.168.1.39 --dport 8090 -j ACCEPT
iptables -I FORWARD -i tun11 -p tcp -d 192.168.1.39 --dport 8090 -j ACCEPT
iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 8090 -j DNAT --to-destination 192.168.1.39
iptables -t nat -I PREROUTING -i tun11 -p udp --dport 8090 -j DNAT --to-destination 192.168.1.39
iptables -I FORWARD -i tun11 -p udp -d 192.168.1.181 --dport 8095 -j ACCEPT
iptables -I FORWARD -i tun11 -p tcp -d 192.168.1.181 --dport 8095 -j ACCEPT
iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 8095 -j DNAT --to-destination 192.168.1.181
iptables -t nat -I PREROUTING -i tun11 -p udp --dport 8095 -j DNAT --to-destination 192.168.1.181
chmod a+rx /jffs/scripts/*
The port forwarding fails eventually.
Any ideas?
Dave
Destination Proto. Port range Redirect to Local port Chain
ALL UDP 8095 192.168.1.181 8095 PREROUTING
ALL TCP 8095 192.168.1.181 8095 PREROUTING
ALL UDP 8090 192.168.1.39 8090 PREROUTING
ALL TCP 8090 192.168.1.39 8090 PREROUTING
ALL UDP 7000 192.168.1.50 7000 PREROUTING
ALL TCP 7000 192.168.1.50 7000 PREROUTING
ALL UDP 5000 192.168.1.50 5000 PREROUTING
ALL TCP 5000 192.168.1.50 5000 PREROUTING
ALL UDP 8999 192.168.1.1 8999 PREROUTING
ALL TCP 8999 192.168.1.1 8999 PREROUTING
ALL UDP 8095 192.168.1.181 8095 PREROUTING
ALL TCP 8095 192.168.1.181 8095 PREROUTING
ALL UDP 8090 192.168.1.39 8090 PREROUTING
ALL TCP 8090 192.168.1.39 8090 PREROUTING
ALL UDP 7000 192.168.1.50 7000 PREROUTING
ALL TCP 7000 192.168.1.50 7000 PREROUTING
ALL UDP 5000 192.168.1.50 5000 PREROUTING
ALL TCP 5000 192.168.1.50 5000 PREROUTING
ALL UDP 8999 192.168.1.1 8999 PREROUTING
ALL TCP 8999 192.168.1.1 8999 PREROUTING
ALL UDP 8095 192.168.1.181 8095 PREROUTING
ALL TCP 8095 192.168.1.181 8095 PREROUTING
ALL UDP 8090 192.168.1.39 8090 PREROUTING
ALL TCP 8090 192.168.1.39 8090 PREROUTING
ALL UDP 7000 192.168.1.50 7000 PREROUTING
ALL TCP 7000 192.168.1.50 7000 PREROUTING
ALL UDP 5000 192.168.1.50 5000 PREROUTING
ALL TCP 5000 192.168.1.50 5000 PREROUTING
ALL UDP 8999 192.168.1.1 8999 PREROUTING
ALL TCP 8999 192.168.1.1 8999 PREROUTING
The code is,
#!/bin/sh
sleep 3
iptables -I FORWARD -i tun11 -p udp -d 192.168.1.1 --dport 8999 -j ACCEPT
iptables -I FORWARD -i tun11 -p tcp -d 192.168.1.1 --dport 8999 -j ACCEPT
iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 8999 -j DNAT --to-destination 192.168.1.1
iptables -t nat -I PREROUTING -i tun11 -p udp --dport 8999 -j DNAT --to-destination 192.168.1.1
iptables -I FORWARD -i tun11 -p udp -d 192.168.1.50 --dport 5000 -j ACCEPT
iptables -I FORWARD -i tun11 -p tcp -d 192.168.1.50 --dport 5000 -j ACCEPT
iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 5000 -j DNAT --to-destination 192.168.1.50
iptables -t nat -I PREROUTING -i tun11 -p udp --dport 5000 -j DNAT --to-destination 192.168.1.50
iptables -I FORWARD -i tun11 -p udp -d 192.168.1.50 --dport 7000 -j ACCEPT
iptables -I FORWARD -i tun11 -p tcp -d 192.168.1.50 --dport 7000 -j ACCEPT
iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 7000 -j DNAT --to-destination 192.168.1.50
iptables -t nat -I PREROUTING -i tun11 -p udp --dport 7000 -j DNAT --to-destination 192.168.1.50
iptables -I FORWARD -i tun11 -p udp -d 192.168.1.39 --dport 8090 -j ACCEPT
iptables -I FORWARD -i tun11 -p tcp -d 192.168.1.39 --dport 8090 -j ACCEPT
iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 8090 -j DNAT --to-destination 192.168.1.39
iptables -t nat -I PREROUTING -i tun11 -p udp --dport 8090 -j DNAT --to-destination 192.168.1.39
iptables -I FORWARD -i tun11 -p udp -d 192.168.1.181 --dport 8095 -j ACCEPT
iptables -I FORWARD -i tun11 -p tcp -d 192.168.1.181 --dport 8095 -j ACCEPT
iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 8095 -j DNAT --to-destination 192.168.1.181
iptables -t nat -I PREROUTING -i tun11 -p udp --dport 8095 -j DNAT --to-destination 192.168.1.181
chmod a+rx /jffs/scripts/*
The port forwarding fails eventually.
Any ideas?
Dave