PDA

Bekijk de volledige versie : Port Forwarding to router (ssh, custom ports)


thE_29
03-09-2007, 07:37
Hi!

I would like to forward the ssh (port 22) and the port 11280 to my router! So i added in the WebInterface the ports 22 and port 11280 to route to 192.168.0.1 (router ip).

When i take a look at the iptables -l -t nat it has these lines:


DNAT tcp -- anywhere anywhere tcp dpt:8029 to:192.168.0.1:80
DNAT tcp -- anywhere anywhere tcp dpt:ssh to:192.168.0.1:22
DNAT udp -- anywhere anywhere udp dpt:ssh to:192.168.0.1:22
DNAT tcp -- anywhere anywhere tcp dpt:11280 to:192.168.0.1:11280
DNAT udp -- anywhere anywhere udp dpt:11280 to:192.168.0.1:11280
DNAT tcp -- anywhere anywhere tcp dpt:telnet to:192.168.0.1:23

The WebRemote Interface works (port 8029 to port 80 on router). I can connect to the webinterface from the internet! But not with ssh or with the port 11280 (i have a program running listening on port 11280). Telnet also dont works! But the ftp works.. But i never say, that i want to forward the 21 port to WAN (but the ftp is ok for me).

So what is the problem? The WebInterface works correctly, but no other ports are forwarded to my router :(
thE_29
03-09-2007, 15:22
I found the solution!

The problem was that iptables blocks the ports to the router himself!

Removing the drop rules adding my custom rules (like ftp and www - which are inserted by the firmware) and adding the drop rule again!

Looks like this:


# Adding to iptables - cause of routing table, just port www/ftp is routed to asus router
# removing to drop any paket
iptables -D INPUT -j DROP
# Adding all tcp ports open for asus - should not be used because of security pr
# iptables -A INPUT -j ACCEPT --destination asus
# Adding custom ports to open for asus
# telnet access via port 23
# iptables -A INPUT -j ACCEPT -p tcp --dport 23 --destination asus
# ssh access via port 22
iptables -A INPUT -j ACCEPT -p tcp --dport 22 --destination asus
# MirtaLoader access via port XXX80
iptables -A INPUT -j ACCEPT -p tcp --dport XXX80 --destination asus
# Adding again to block any paket which is not in rule
iptables -A INPUT -j DROP

In german i have a better explanation why you have to do this.
http://wl500g.info/showthread.php?t=10512
If you dont speak german and you have the same problem, just PM me!