Dear users,
I've recently bought a new wireless router - RTAC66U, and set up ASUSWRT-Merlin build firmware. On my previous router, i was using tomato firmware, so setting the VPN client was a piece of cake.
The connection to privateinternetaccess VPN works flawlessly - except that I'm unable to redirect a given port. On tomato firmware, I used to do it via IPtables rules using web UI. On asuswrt, I have activated JFFS partition, and set up wan-start script as following:
#!/bin/sh
touch /tmp/000wan-start
iptables -I FORWARD -i br0 -o tun11 -j ACCEPT
iptables -I FORWARD -i tun11 -o br0 -j ACCEPT
iptables -I INPUT -i tun11 -j REJECT
iptables -t nat -A POSTROUTING -o tun11 -j MASQUERADE
iptables -t nat -I PREROUTING -p tcp --dport 34525 -j DNAT --to 192.168.0.6:34525
iptables -I FORWARD -p tcp -d 192.168.0.6 --dport 34525 -j ACCEPT
This is almost the same script I was using on tomato firmware. 34525 is the port to redirect to computer 192.168.0.6.
I know that the script is executed by looking to /tmp folder, but the port redirection does not work (this check is done on 192.168.0.6 computer: if the VPN is up, no redirection, if it's stopped, the redirection is OK).
Did I choose the right script ? How could i debug the script ?
Any help would be welcomed.
Regards.
I've recently bought a new wireless router - RTAC66U, and set up ASUSWRT-Merlin build firmware. On my previous router, i was using tomato firmware, so setting the VPN client was a piece of cake.
The connection to privateinternetaccess VPN works flawlessly - except that I'm unable to redirect a given port. On tomato firmware, I used to do it via IPtables rules using web UI. On asuswrt, I have activated JFFS partition, and set up wan-start script as following:
#!/bin/sh
touch /tmp/000wan-start
iptables -I FORWARD -i br0 -o tun11 -j ACCEPT
iptables -I FORWARD -i tun11 -o br0 -j ACCEPT
iptables -I INPUT -i tun11 -j REJECT
iptables -t nat -A POSTROUTING -o tun11 -j MASQUERADE
iptables -t nat -I PREROUTING -p tcp --dport 34525 -j DNAT --to 192.168.0.6:34525
iptables -I FORWARD -p tcp -d 192.168.0.6 --dport 34525 -j ACCEPT
This is almost the same script I was using on tomato firmware. 34525 is the port to redirect to computer 192.168.0.6.
I know that the script is executed by looking to /tmp folder, but the port redirection does not work (this check is done on 192.168.0.6 computer: if the VPN is up, no redirection, if it's stopped, the redirection is OK).
Did I choose the right script ? How could i debug the script ?
Any help would be welcomed.
Regards.