What's new

help for open port in firewall

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Rooby

Regular Contributor
Hello

I need some help for opening a port in WAN firewall.
My situation is a router cacade
internet FritzBox (LAN range: 10.10.10.0) <-> WAN(10.10.10.10) Asus router (LAN range: 10.10.1.0)
Additionally on the Asus router OpenVPN is running which connects to other routers.
Now on the Fritzbox I have connected a raspberry (10.10.10.2) which I want to communicate to my NAS over the Asus router via OpenVPN.

Everything is working if I disable the WAN firewall on the Asus router but I do not want to disable it completely.
I want to make an exception only for for theRaspberry.
When Itry to mount my NAS (10.10.2.2) on the Raspberry then I get the Asus syslog entry:

May 15 22:15:17 kernel: DROP IN=eth0 OUT=tun21 MAC=a8:...... SRC=10.10.10.2 DST=10.10.2.2 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=47224 DF PROTO=TCP SPT=45328 DPT=445 SEQ=739216649 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (021405....) MARK=0x8000000

On the Asus router I configure port fowarding for SMB using TCP and port 445 to destination 10.10.2.2 but anfortunately this did not work.
Can someone help?
 
Last edited:
Where did 10.10.2.2 come from?! All I see from the initial part of the description is two local networks; 10.10.10.0/24 and 10.10.1.0/24 (at least I assume they're /24, you weren't specific).

I assume we're talking about OpenVPN *server* here as well.
 
Yes the Asus router is the server and 10.10.2.2 is LAN on a second Asus router connected via OpenVPN.
But this is not a problem. It is the WAN firewall which blocks the access.
The route is then

FriFritzBox (LAN range: 10.10.10.0) <-> WAN(10.10.10.10) Asus router (LAN range: 10.10.1.0) OpenVPN <-> Second Asus router (LAN range: 10.10.2.0)
Raspberry (10.10.10.2) <-> NAS (10.10.2.2)

But the problem is the WAN firewall when I disable it everything works well and the Raspberry cann connect to the NAS.
So I need to know how to enable this exception. Port forwarding seems not to work.
 
After a long search I find the solution.
I added WAN port fowarding of 445 (SMB).
And add the following iptable entry to accept fowarding of local adresses from eth0 to tun21:
iptables -Ie FORWARD 9 -t filter -i eth0 -o tun21 -p tcp -s 10.10.0.0/16 -d 10.10.0.0/16 -j ACCEPT
In my case I added this on the position 9 before the local chain "logdrop" where all unhandled packes gets dropped.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top