What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

port forward (using iptables) woes

P

PedraSimon

New Around Here
Hi all,

Please help me with port forwarding with iptables, as port forwarding via web gui is not working.

Config:
I have 2 router in my setup.
RT-AC56S (IP addr: 172.17.2.1) as the gateway (GW), running asusWrt (3.0.0.4.376_3561).
RT-N16 (IP addr: 172.17.2.3) as access point (AP), running tomato shibby build 1.28.0000 MIPSR2-123.

I want to setup transmission (port:55115) to run on the AP. With my limited iptables knowledge, I think I need to add the following rules:-

iptables -I VSERVER --table nat -p tcp --dport 55115 -j DNAT --to 172.17.2.3:55115
iptables -I VSERVER --table nat -p udp --dport 55115 -j DNAT --to 172.17.2.3:55115
iptables -I FORWARD -d 172.17.2.3 -p tcp --dport 55115 -j ACCEPT
iptables -I FORWARD -d 172.17.2.3 -p udp --dport 55115 -j ACCEPT

The config page of Transmission still show the port 55115 as closed after adding the above rules. Online port tests also show the port as closed.

What did I do wrong?

Also, does anyone know why the data pkt passing through the VSERVER, ended up as counting 2 pkt in the FORWARD chain?

Code: 
--------------------------------------------------------------------------------------
admin@(none):/tmp/home/root# iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 174 packets, 15469 bytes)
 pkts bytes target     prot opt in     out     source               destination
 7791  578K VSERVER    all  --  *      *       0.0.0.0/0            xxx.xxx.xxx.xxx

Chain INPUT (policy ACCEPT 101 packets, 11591 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 111 packets, 8248 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 112 packets, 8308 bytes)
 pkts bytes target     prot opt in     out     source               destination
99389 6696K MASQUERADE  all  --  *      eth0   !xxx.xxx.xxx.xxx      0.0.0.0/0
 2391  244K MASQUERADE  all  --  *      br0     172.17.2.0/24        172.17.2.0/24

Chain LOCALSRV (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain VSERVER (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:55115 to:172.17.2.3:55115
[COLOR="Red"]    1    60[/COLOR] DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:55115 to:172.17.2.3:55115
 7784  578K VUPNP      all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain VUPNP (1 references)
 pkts bytes target     prot opt in     out     source               destination

admin@(none):/tmp/home/root# iptables  -L -v -n
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
 1175 59728 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVALID
 169K   25M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
 1113  202K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0            state NEW
 365K  185M ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0            state NEW
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:67 dpt:68
 7382  557K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT 87 packets, 4644 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            172.17.2.3           udp dpt:55115
[COLOR="red"]    2   120[/COLOR] ACCEPT     tcp  --  *      *       0.0.0.0/0            172.17.2.3           tcp dpt:55115
  12M 6521M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
    0     0 DROP       all  --  !br0   eth0    0.0.0.0/0            0.0.0.0/0
 7426  395K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVALID
  164 12805 ACCEPT     all  --  br0    br0     0.0.0.0/0            0.0.0.0/0
    0     0 DROP       icmp --  eth0   *       0.0.0.0/0            0.0.0.0/0
  325 16612 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate DNAT

Chain OUTPUT (policy ACCEPT 275 packets, 33362 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FUPNP (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain PControls (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain logaccept (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW LOG flags 7 level 4 prefix "ACCEP                                                                 T "
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain logdrop (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW LOG flags 7 level 4 prefix "DROP                                                                  "
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0
--------------------------------------------------------------------------------------
 
You must log in or register to reply here.

Similar threads

N
Skynet SkyNet/Firewall blocking all ping requests, including outbound
Replies
6
Views
1K
nearlyheadlessarvie
N
octopus
  • Locked
Solved Can you connect to Wireguard server from wan side?
Replies
17
Views
2K
octopus
octopus
A
Policy-based port routing to bypass NordVPN client
Replies
10
Views
2K
Don->
D
spacemanspiff
RT-AX86U running Merlin serving DNS - possible Malware infection
2
Replies
31
Views
2K
ColinTaylor
C
v.y.k
iptables pkts & bytes numbers are too low on Merlin 3004.388
Replies
13
Views
1K
v.y.k
v.y.k
Similar threads
Thread starter Title Forum Replies Date
S please guide me i buy managed switch to limit port speed and keep hardware acceleration or use QOS on router ASUS Wi-Fi 2
K Ethctl for lan port? Can't find interface name ASUS Wi-Fi 1
M Asus AiMesh Node port tagging? ASUS Wi-Fi 4
P Anyone successfully using Parental Controls - Time Scheduling on an ASUS router right now? ASUS Wi-Fi 0
H How do I access the Asus router settings using Linux Mint? ASUS Wi-Fi 13
N Asus Routers Extension Proper Set-up Using Ethernet Cable ASUS Wi-Fi 9
B Can't connect Widows 10 machine to ASUS RT-AX58U using IPSec ASUS Wi-Fi 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 704 (members: 20, guests: 684)
Back
Top