FibreOP pushed me into replacing the Actiontec router with Asus, and now I'm here!
Thanks for the nice and conservative firmware. I like.
Previously I had cable ISP and a Linux firewall with NAT, PREROUTING and POSTROUTING.
This allowed me to have a domain I use with dyndns work locally in the LAN.
As of now, my domain works fine from outside the house, but inside, it just times out.
Here is an example of the iptables rules which did the job before on the
Debian Linux router.
The website is running on port 8900, on a local system at 192.168.0.3, and the router is 192.168.0.1. eth0 is the internal LAN, and eth1 faces the Internet.
-A FORWARD -p tcp -i eth1 -o eth0 -d 192.168.0.3 --dport 8900 -m state --state NEW -j ACCEPT
-A PREROUTING -i eth0 -p tcp -d 24.XXX.YYY.ZZZ --dport 8900 -j DNAT --to 192.168.0.3
-A POSTROUTING -s 192.168.0.0/16 -d 192.168.0.3 -p tcp --dport 8900 -j SNAT --to 192.168.0.1
That is a lot of rules to do something simple, but it worked well. I've seen some
routers where the same thing is achieved by only port forwarding and one checkbox
for the forwards to work internally as well.
How will I get the local LAN to see the same thing as the outside visitor? Will I need
iptables like above, or is there one simple feature in Asus-wrt Merlin I have not found yet?
Thanks for the nice and conservative firmware. I like.
Previously I had cable ISP and a Linux firewall with NAT, PREROUTING and POSTROUTING.
This allowed me to have a domain I use with dyndns work locally in the LAN.
As of now, my domain works fine from outside the house, but inside, it just times out.
Here is an example of the iptables rules which did the job before on the
Debian Linux router.
The website is running on port 8900, on a local system at 192.168.0.3, and the router is 192.168.0.1. eth0 is the internal LAN, and eth1 faces the Internet.
-A FORWARD -p tcp -i eth1 -o eth0 -d 192.168.0.3 --dport 8900 -m state --state NEW -j ACCEPT
-A PREROUTING -i eth0 -p tcp -d 24.XXX.YYY.ZZZ --dport 8900 -j DNAT --to 192.168.0.3
-A POSTROUTING -s 192.168.0.0/16 -d 192.168.0.3 -p tcp --dport 8900 -j SNAT --to 192.168.0.1
That is a lot of rules to do something simple, but it worked well. I've seen some
routers where the same thing is achieved by only port forwarding and one checkbox
for the forwards to work internally as well.
How will I get the local LAN to see the same thing as the outside visitor? Will I need
iptables like above, or is there one simple feature in Asus-wrt Merlin I have not found yet?