What's new

Solved Help with portforwarding and IPTables

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

muffintastic

Senior Member
Hello,

I wonder if someone could guide I would like to forward the following ports with IPTables so am able to receive inbound/outbound connections via SoulSeek. rather not use the GUI method to enable port forwarding since it's suggested to be security risk and I want to lockdown my router as much as I can.

ports wanting to forward:
Code:
51355 - TCP
51356 - TCP
internal lan ip:
Code:
192.168.50.2
 
rather not use the GUI method to enable port forwarding since it's suggested to be security risk and I want to lockdown my router as much as I can.
There is no difference between using the GUI to create the forwarding rules or you writing them into the script. They're exactly the same rules. Any security risks are the same. Perhaps you're thinking of UPnP.
 
There is no difference between using the GUI to create the forwarding rules or you writing them into the script. They're exactly the same rules. Any security risks are the same. Perhaps you're thinking of UPnP.
I managed to figure it out with some Googling.

UPNP is off.
Port Forwarding is off.

Now my security assessment of the router is all in green.

Ports are both open the application when I run it.
 
If you're not using UPnP and you're not using Port Forwarding can you share your solution for the benefit of others?
 
If you're not using UPnP and you're not using Port Forwarding can you share your solution for the benefit of others?
Not sure if it's "correct" but it works.
Code:
iptables -t nat -A PREROUTING -p tcp --dport 51355 -j DNAT --to-destination 192.168.50.2
iptables -t nat -A PREROUTING -p tcp --dport 51356 -j DNAT --to-destination 192.168.50.2
When I run the programme on my machine and do a port forward test comes back as both open.
 
So this is the same as if you had used the GUI. If you look at System Log - Port Forwarding you should see your rules there.

I'm assuming that the "security assessment" you're referring to is from AiProtection. So by not using the GUI you have tricked it into not noticing the forwarding rule. So this isn't any more secure than if you had used the GUI.
 
Last edited:
So this is exactly the same as if you had used the GUI. If you look at System Log - Port Forwarding you should see your rules there.

I'm assuming that the "security assessment" you're referring to is from AiProtection. So by not using the GUI you have tricked it into not noticing the forwarding rule. So this isn't any more secure than if you had used the GUI.
Well, I have full control over what I want open. I know uTorrent doesn't work with my setup as the port I've used for that is blocked.

Personal preference.
Thanks for the feedback.
 
How are you preventing this rule from affecting any LAN-to-WAN traffic that wants to reach ports 51355-51356 on the internet? Might be low probability, but I don’t see where you limit the rule to inbound traffic only.
 
Last edited:
How are you preventing this rule from affecting any LAN-to-WAN traffic that wants to reach ports 51335-51336 on the internet? Might be low probability, but I don’t see where you limit the ruto inbound traffic only.
♂️
Just did some Googling used that format and according to canyouseeme both ports are open externally. When I close the programme down both ports are both closed.

I assume it works with how I've setup, all I know upnp is disabled, port triggering disabled and port forwarding.

Unless I've done something wrong?
 
I assume it works with how I've setup, all I know upnp is disabled, port triggering disabled and port forwarding.
It works for your intended purpose, but you haven’t considered the unintended consequences of following a random internet guide over the router’s GUI.

If you ever want to reach those same ports of another SoulSeek destination on the interweb, it’s going to redirect it to your internal host instead.
 
It works for your intended purpose, but you haven’t considered the unintended consequences of following a random internet guide over the router’s GUI.

If you ever want to reach those same ports of another SoulSeek destination on the interweb, it’s going to redirect it to your internal host instead.
@dave14305 What would be the correct code then?
 
Last edited:
Just use the webui. You don't need to enable UPnP to configure static port forwards.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top