iptables Port Forwarding: Index of insertion too big

[forkbomb]

Hello,

Possibly more of a networking/Linux question that a Merlin-specific one, but:

I followed the iptables guide to allow traffic to a port from a specific IP, but after rebooting my RT-AC66U, the port was still blocked. I then tried executing the nat-start script manually and received an error message "iptables: Index of insertion too big".

Google is not helping me out much here, and it doesn't look like anyone has asked this question before in the forums. Does anyone have any suggestions?

Here's the shell output so you can see exactly what I did*:

admin@RT-AC66U:/jffs/scripts# ll
-rwxrwxrwx 1 admin root 306 Aug 21 19:04 nat-start*
admin@RT-AC66U:/jffs/scripts# cat nat-start
#!/bin/sh
iptables -t nat -I VSERVER 3 -p tcp -m tcp -s 10.10.10.10 --dport 3389 -j DNAT --to 192.168.1.100
admin@RT-AC66U:/jffs/scripts# sh nat-start
iptables: Index of insertion too big

*I removed my real IPs and ports to protect the innocent. Instead I copied and pasted Merlin's example from Github exactly, and even that returns the same error for me.

I do not have the same ports forwarded through the UI. Port forwarding and port triggering are disabled in the UI.

 

[RMerlin]

The following part:

iptables -t nat -I VSERVER 3

Means "insert this rule in third position in the chain". If you have less than 3 rules then this won't work and it will return the index error about the index being too big. See how many rules you have in that chain, and reduce the index position accordingly. You can probably safely use an index position of 1 in your case.

 

[forkbomb]

That fixed it, thanks much for the quick response.

Updated nat-start script:

#!/bin/sh

iptables -t nat -I VSERVER 1 -p tcp -m tcp -s 10.10.10.10 --dport 22 -j DNAT --to 192.168.0.2 
iptables -t nat -I VSERVER 2 -p tcp -m tcp -s 10.10.10.10 --dport 5900 -j DNAT --to 192.168.0.2