PDA

Bekijk de volledige versie : port forwarding disappears



IAmLeX
13-08-2006, 06:28
hi, i am new to linux and i don't understand why after a while my port forwarding settings disappear. i have in post-boot the following:
//#BEGIN post-boot
#!/bin/sh
dropbear
iptables -t nat -A POSTROUTING -p udp --sport 3202 -s 10.10.10.2 -d 192.168.0.0/22 -j SNAT --to 192.168.100.57:3202
iptables -t nat -A POSTROUTING -p tcp --sport 3202 -s 10.10.10.2 -d 192.168.0.0/22 -j SNAT --to 192.168.100.57:3202
iptables -t nat -A PREROUTING -p udp --dport 3202 -d 192.168.100.57 -j DNAT --to 10.10.10.2:3202
iptables -t nat -A PREROUTING -p tcp --dport 3202 -d 192.168.100.57 -j DNAT --to 10.10.10.2:3202
iptables -t nat -A POSTROUTING -p udp --sport 3204 -s 10.10.10.4 -d 192.168.0.0/22 -j SNAT --to 192.168.100.57:3204
iptables -t nat -A POSTROUTING -p tcp --sport 3204 -s 10.10.10.4 -d 192.168.0.0/22 -j SNAT --to 192.168.100.57:3204
iptables -t nat -A PREROUTING -p udp --dport 3204 -d 192.168.100.57 -j DNAT --to 10.10.10.4:3204
iptables -t nat -A PREROUTING -p tcp --dport 3204 -d 192.168.100.57 -j DNAT --to 10.10.10.4:3204
iptables -t nat -A POSTROUTING -p udp --sport 3205 -s 10.10.10.5 -d 192.168.0.0/22 -j SNAT --to 192.168.100.57:3205
iptables -t nat -A POSTROUTING -p tcp --sport 3205 -s 10.10.10.5 -d 192.168.0.0/22 -j SNAT --to 192.168.100.57:3205
iptables -t nat -A PREROUTING -p udp --dport 3205 -d 192.168.100.57 -j DNAT --to 10.10.10.5:3205
iptables -t nat -A PREROUTING -p tcp --dport 3205 -d 192.168.100.57 -j DNAT --to 10.10.10.5:3205
//#END post-boot

the problem is that after an hour or 2 after the ports are not utilized when i look in wl500 web interface/status & log/port forwarding/ the settings are no more (and my dc client doesn't work) and i have to run the post-boot script again :confused:
why is so???? why can't they just stay there :confused: :( :mad:

rogerrb
13-08-2006, 10:39
The firewall- and forwarding-rules are deleted whenever the DHCP-lease from you ISP is renewed/changed. When this happens, the /usr/local/sbin/post-firewall script will be run by the router.
You'll have to create the script if it doesn't exist and make it executable with 'chmod +x /usr/local/sbin/post-firewall'

jonolumb
27-08-2006, 17:12
If I have interpreted your question correctly, this guide on my wiki should help.

IPTables guide (http://www.sprayfly.com/wiki/IPtable_builder).

Jono