Configure portmapping to other port

**BigOooze** · 20-09-2004, 22:44

Hi,

How do I proceed in mapping an internet facing port 5080 to port 80 of another server in my LAN ?

I have spent hours on Google, on this and other forums, but can't find any clue...

The set-up: my server (100.100.100.110) runs a webserver on port 80, I want to access it via the internet facing address of my WL500G router (e.g. 81.83.48.01).

I tried via the virtual server page, but problem is that I can't specify the destination port...

example: "100.100.100.110 5080 TCP/UDP Webserver"

I'm running a standard WL500G router, in Home Gateway mode, firmware 1.6.5.3.

Thanks,

Stef

**Styno** · 20-09-2004, 22:54

Oh, come on, can't you read or are you just lazy

**BigOooze** · 20-09-2004, 23:04

... but maybe a bit stupid ;-)

I really can't figure it out...

Can you help this poor man ?

Big O

**Styno** · 06-10-2004, 10:09

Ok, so you've done some homework, good. I restored your topic.

First: Upgrade to firmware 1.7.5.9 preferably CR5, the firmware you're using now is old and buggy.

Second: After upgrading, reset to factory defaults and reconfigure the router.

Third: Configure the port forwarding using Virtual Server. Read the manual on how-to setup that one. Note that the external port (5080) is the same port on the 'virtual server', so configure your webserver to run on port 5080 as well.

I hope this helps...

**lexi** · 06-10-2004, 10:24

I don't think that will help him, as he explicitly asked how to redirect the external port 5080 to the internal port 80.

**BigOooze** · 06-10-2004, 18:30

Sorry, I might not have been detailed enough.

Lexi is right; my problem is that the *internal* port (80) cannot be put the same as the *external* port (5080)... It is a black-boxed device with a fixed port 80.

Is there really no way to set it up like this:
81.83.48.01:5080 ----> [router] ----> 100.100.100.110:80 ?

re: the firmware upgrade ("1.7.5.9 preferably CR5"), does it only fix stability issues or also portmapping-related issues ?

Thanks a lot Styno & Lexi

**wtzm** · 06-10-2004, 19:19

I really don't know if this is possible using the web-interface, but you can simply issue the following command (via telnet or ssh):

Code:

iptables -t nat -A PREROUTING -i ppp0 -d 81.83.48.01 -p tcp --dport 5080 -j DNAT --to-destination 100.100.100.110:80

(assuming you are connected to the internet on ppp0)
If this works, add it to your /usr/local/init/post-firewall (or post-boot) script.

**Styno** · 06-10-2004, 20:31

I concur with wtzm. His option will do. If you upgrade to 1.7.5.9 CR5 then you'll have:
-telnet
-flashfs-boot
-post-boot scripts
-vi
-Lots of bugs fixed

Which will make it easyer to implement wtzm' solution.

**BigOooze** · 04-11-2004, 10:07

Hi,

thanks all for the tips. I've finally found time to upgrade the firmware to 1.8.1.7, and I must say, it works nice (I especially like the telnet service)

Now, to come back to my problem of mapping an "outside" port 5080 to an "inside" port 80 on one of the machines in my LAN: I can't get it to work...

I want to connect to my router's WAN address (via dyndns.org) on port 5080 and have all (HTTP) traffic redirected to 100.100.100.110 port 80. Note: For technical reasons, I cannot change the port 80 into something else.

Here's what I tried:

iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 5080 -j DNAT --to 100.100.100.110:80
iptables -A FORWARD -d 100.100.100.10 -p tcp --dport 5080 -j ACCEPT

What am I doing wrong here ?

**Oleg** · 04-11-2004, 10:10

Originally Posted by BigOooze

Hi,

thanks all for the tips. I've finally found time to upgrade the firmware to 1.8.1.7, and I must say, it works nice (I especially like the telnet service)

Now, to come back to my problem of mapping an "outside" port 5080 to an "inside" port 80 on one of the machines in my LAN: I can't get it to work...

I want to connect to my router's WAN address (via dyndns.org) on port 5080 and have all (HTTP) traffic redirected to 100.100.100.110 port 80. Note: For technical reasons, I cannot change the port 80 into something else.

Here's what I tried:

iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 5080 -j DNAT --to 100.100.100.110:80
iptables -A FORWARD -d 100.100.100.10 -p tcp --dport 5080 -j ACCEPT

What am I doing wrong here ?

Check entire iptables state, to see if your rules are in effect.

**BigOooze** · 04-11-2004, 10:20

Oleg,

thanks for your quick reply !!

Here's what I did:

[admin@telenetPC root]$ iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 5080 -j DNAT --to 100.100.100.110:80
[admin@telenetPC root]$ iptables -A FORWARD -d 100.100.100.110 -p tcp --dport 5080 -j ACCEPT

Here's the check:

[admin@telenetPC root]$ iptables -t nat -nL
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 81.83.48.26 tcp dpt:5631 to:100.100.100.100
DNAT udp -- 0.0.0.0/0 81.83.48.26 udp dpt:5631 to:100.100.100.100
DNAT tcp -- 0.0.0.0/0 81.83.48.26 tcp dpt:5632 to:100.100.100.100
DNAT udp -- 0.0.0.0/0 81.83.48.26 udp dpt:5632 to:100.100.100.100
DNAT tcp -- 0.0.0.0/0 81.83.48.26 tcp dpt:5800 to:100.100.100.100
DNAT udp -- 0.0.0.0/0 81.83.48.26 udp dpt:5800 to:100.100.100.100
DNAT tcp -- 0.0.0.0/0 81.83.48.26 tcp dpt:5900 to:100.100.100.100
DNAT udp -- 0.0.0.0/0 81.83.48.26 udp dpt:5900 to:100.100.100.100
NETMAP udp -- 0.0.0.0/0 81.83.48.26 udp spt:6112 100.100.100.0/24
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5080 to:100.100.100.110:80

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
NETMAP udp -- 100.100.100.0/24 0.0.0.0/0 udp dpt:6112 81.83.48.26/32
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
MASQUERADE all -- 100.100.100.0/24 100.100.100.0/24

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

[admin@telenetPC root]$ iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 100.100.100.17 tcp dpt:7573
ACCEPT udp -- 0.0.0.0/0 100.100.100.17 udp dpt:11634
ACCEPT tcp -- 0.0.0.0/0 100.100.100.214 tcp dpt:7730
ACCEPT udp -- 0.0.0.0/0 100.100.100.214 udp dpt:15308
ACCEPT tcp -- 0.0.0.0/0 100.100.100.10 tcp dpt:5080

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[admin@telenetPC root]$
[admin@telenetPC root]$ iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 100.100.100.214 udp dpt:13675
ACCEPT tcp -- 0.0.0.0/0 100.100.100.110 tcp dpt:5080

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

**Oleg** · 04-11-2004, 10:25

Well, yet another question - have you used external address to connect to this server (i mean access from WANm not LAN)?

**BigOooze** · 04-11-2004, 10:29

Yes, I used the dyndns.org address:

http://blabla.dyndns.org:5080

btw, the dyndns.org address works just fine because I now using it to VNC and PCAnywhere into another box behind the router.

Thanks,

BigO

**BigOooze** · 09-11-2004, 21:27

Oleg,

Sorry, I have not been very clear aparently. Mea culpa.

The wl-500g router I've been talking about is located at another physical location outside my LAN.

This is the set-up:

[my PC]--[router]----(internet)----[wl-500g]---[webserver port 80]
+--[file server port 5631,5632]

The file server is accessible over the internet via PCAnywhere and VNC, *through* the router, so the wl-500g is working just fine (at least for same port to same port mapping...)

So I have tested this indeed from the internet.

Big O.

**Oleg** · 10-11-2004, 07:08

Works fine for me (but I've disabled local firewall on the PC, otherwise it blocks external traffic):

Code:

[root@wl500g root]$ iptables -vnL -t nat
Chain PREROUTING (policy ACCEPT 431 packets, 31992 bytes)
 pkts bytes target     prot opt in     out     source               destination

    3   180 DNAT       tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0
       tcp dpt:443 to:192.168.1.4:3389

Chain POSTROUTING (policy ACCEPT 4097 packets, 246K bytes)
 pkts bytes target     prot opt in     out     source               destination

  314 18385 MASQUERADE  all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0

   84 16982 MASQUERADE  all  --  *      br0     192.168.1.0/24       192.168.1.0
/24

Chain OUTPUT (policy ACCEPT 4206 packets, 264K bytes)
 pkts bytes target     prot opt in     out     source               destination

[root@wl500g root]$ iptables -vnL FORWARD
Chain FORWARD (policy ACCEPT 16612 packets, 11M bytes)
 pkts bytes target     prot opt in     out     source               destination

    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0
       state INVALID
    0     0 ACCEPT     all  --  br0    br0     0.0.0.0/0            0.0.0.0/0

  557 32224 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
       tcp flags:0x06/0x02 tcpmss match 1453:65535TCPMSS set 1452
  223 12744 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
       tcp flags:0x16/0x02 limit: avg 1/sec burst 5
   73  2920 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
       tcp flags:0x17/0x04 limit: avg 1/sec burst 5
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
       limit: avg 1/sec burst 5 icmp type 8
    2   112 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.1.4
       tcp dpt:3389

Also, looks like ACCEPT in the FORWARD chain is not needed at all.

Thread: Configure portmapping to other port

Thread Tools

Rate This Thread

Display

Configure portmapping to other port

I'm not lazy !

problem is more complicated than that

advanced portmapping - the sequel...

I tested it from the internet and it doesn't work

Similar Threads

How to configure Firewall/iptables

configure the wan to lan filter

Problem Configure FTP server

How to configure the usb-printserver for Linux?

configure shared bandwidth

Posting Permissions