Menu
What's new
By:
Filters Better Search

firewall-start script VS web UI port forwarding

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Joel Teixeira

Joel Teixeira

Occasional Visitor
Hey there,

I'm a little confused regarding port forwarding on my ASUS AC3200. I disabled uPnP since it seems to be related with some security concerns and mapped all ports manually. My main doubt is, do I need to use the firewall-start script if the rule is already on the "WAN - Virtual Server / Port Forwarding"?

If I create, for instance, a rule like:

UizXlXI.png


Do I still need to open the ports on firewall-start with:

mZO7r2X.png


Or/And I should redirect using the firewall-star as well (not sure the syntax below is correct):

UbDKpKy.png


Is there any preferred method? When I create a redirect on Web UI it automatically open/forwards the port without needing to tweak with the script? Or the script is prefered and I shoud forget about the web UI when it comes to port forwaring?

Thanks a lot!
 
Joel Teixeira said:
Or/And I should redirect using the firewall-star as well (not sure the syntax below is correct):

UbDKpKy.png


Or the script is prefered and I shoud forget about the web UI when it comes to port forwaring?
Click to expand...

FYI To exploit the Port Forwarding tables implemented by Asus, the rules are in the following format:
Code: 
iptables -t nat -I PREROUTING -d $(nvram get wan_ipaddr) -j VSERVER
iptables -t nat -I VSERVER -p udp -m udp --dport nnnnn -j DNAT --to-destination xxx.xxx.xxx.xxx:ppppp

Using a custom Port Forwarding script is useful in the following scenarios:

1. You exceed the Port forwarding rule limit in the GUI! :eek:

2. You wish to dynamically allow the Fort Forwarding only for a specific (limited) time period (using cron) or based on some other criteria/event such as port knocking etc.
 
Martineau said:
FYI To exploit the Port Forwarding tables implemented by Asus, the rules are in the following format:
Code: 
iptables -t nat -I PREROUTING -d $(nvram get wan_ipaddr) -j VSERVER
iptables -t nat -I VSERVER -p udp -m udp --dport nnnnn -j DNAT --to-destination xxx.xxx.xxx.xxx:ppppp

Using a custom Port Forwarding script is useful in the following scenarios:

1. You exceed the Port forwarding rule limit in the GUI! :eek:

2. You wish to dynamically allow the Fort Forwarding only for a specific (limited) time period (using cron) or based on some other criteria/event such as port knocking etc.
Click to expand...

Thanks a lot for the detailed explanation. Since I don't have so many rules to apply I'll just remove the firewall-start file completely.
 
You must log in or register to reply here.

Similar threads

C
IPv4 Firewall/Port-Forwarding - Appear to be the same thing on Asuswrt
Replies
4
Views
759
chrisisbd
C
John Tetreault
How to open ipv6 firewall to a port on the router?
Replies
4
Views
628
sfx2000
sfx2000
H
Solved Beginners firewall question.
Replies
6
Views
793
Henk-J
H
M
Firewall rule to allow only a specific domain name
Replies
13
Views
806
ColinTaylor
C
D
Is my port forwarding with WireGuard working properly or?
Replies
10
Views
1K
privacyguy123
P
Similar threads
Thread starter Title Forum Replies Date
H Does firewall-start Script Ever Run Twice With Same iptables Rules? Asuswrt-Merlin 13
fffddd URL filtering in the firewall does not take effect Asuswrt-Merlin 7
G Feature request: firewall url filter log Asuswrt-Merlin 0
B Firewall lan - vpn? Asuswrt-Merlin 0
John Tetreault How to open ipv6 firewall to a port on the router? Asuswrt-Merlin 4
C Port Forwarding and Firewall - not working as I expect Asuswrt-Merlin 4
C IPv4 Firewall/Port-Forwarding - Appear to be the same thing on Asuswrt Asuswrt-Merlin 4
colourofsound Asus-Merlin Firewall Asuswrt-Merlin 24
H Solved Beginners firewall question. Asuswrt-Merlin 6
S Cannot ping/skynet will not work while Firewall is Enabled. Asuswrt-Merlin 2

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,010 (members: 35, guests: 975)
Top