help for open port in firewall

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Rooby

Regular Contributor
Hello

I need some help for opening a port in WAN firewall.
My situation is a router cacade
internet FritzBox (LAN range: 10.10.10.0) <-> WAN(10.10.10.10) Asus router (LAN range: 10.10.1.0)
Additionally on the Asus router OpenVPN is running which connects to other routers.
Now on the Fritzbox I have connected a raspberry (10.10.10.2) which I want to communicate to my NAS over the Asus router via OpenVPN.

Everything is working if I disable the WAN firewall on the Asus router but I do not want to disable it completely.
I want to make an exception only for for theRaspberry.
When Itry to mount my NAS (10.10.2.2) on the Raspberry then I get the Asus syslog entry:

May 15 22:15:17 kernel: DROP IN=eth0 OUT=tun21 MAC=a8:...... SRC=10.10.10.2 DST=10.10.2.2 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=47224 DF PROTO=TCP SPT=45328 DPT=445 SEQ=739216649 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (021405....) MARK=0x8000000

On the Asus router I configure port fowarding for SMB using TCP and port 445 to destination 10.10.2.2 but anfortunately this did not work.
Can someone help?
 
Last edited:

eibgrad

Very Senior Member
Where did 10.10.2.2 come from?! All I see from the initial part of the description is two local networks; 10.10.10.0/24 and 10.10.1.0/24 (at least I assume they're /24, you weren't specific).

I assume we're talking about OpenVPN *server* here as well.
 

Rooby

Regular Contributor
Yes the Asus router is the server and 10.10.2.2 is LAN on a second Asus router connected via OpenVPN.
But this is not a problem. It is the WAN firewall which blocks the access.
The route is then

FriFritzBox (LAN range: 10.10.10.0) <-> WAN(10.10.10.10) Asus router (LAN range: 10.10.1.0) OpenVPN <-> Second Asus router (LAN range: 10.10.2.0)
Raspberry (10.10.10.2) <-> NAS (10.10.2.2)

But the problem is the WAN firewall when I disable it everything works well and the Raspberry cann connect to the NAS.
So I need to know how to enable this exception. Port forwarding seems not to work.
 

Rooby

Regular Contributor
After a long search I find the solution.
I added WAN port fowarding of 445 (SMB).
And add the following iptable entry to accept fowarding of local adresses from eth0 to tun21:
iptables -Ie FORWARD 9 -t filter -i eth0 -o tun21 -p tcp -s 10.10.0.0/16 -d 10.10.0.0/16 -j ACCEPT
In my case I added this on the position 9 before the local chain "logdrop" where all unhandled packes gets dropped.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top