TheStork
Occasional Visitor
Hi,
I am trying to set up some iptables nat rules allowing port forwarding to only some source IP ranges (on my RT-AC87U, on Merlin-wrt 376.48_1 firmware), but am having some trouble. The forwarded ports work for devices that are outside the LAN (within the IP range I've defined port forwarding for), but when a device located inside the LAN tries to access the WAN IP and the forwarded port (either through DDNS or directly), the port does not appear open despite the external IP of the router being in the range of IPs for which port forwarding is set up.
Below is the format I've used for the iptables commands in the nat-start script:
iptables -t nat -I VSERVER 1 -p tcp -m tcp -s [xx.xx.xx.xx]/10 --dport [yyyy] -j DNAT --to 192.168.[zzz].[zzz]
The IP range xx.xx.xx.xx/10 refers to my ISP's dynamic IP pool, and I've checked my WAN IP is currently within that range, so I'm perplexed why the forwarding does not work from inside the LAN.
Is this an issue with NAT loopback, or an issue with my iptables port forwarding?
Thanks in advance.
I am trying to set up some iptables nat rules allowing port forwarding to only some source IP ranges (on my RT-AC87U, on Merlin-wrt 376.48_1 firmware), but am having some trouble. The forwarded ports work for devices that are outside the LAN (within the IP range I've defined port forwarding for), but when a device located inside the LAN tries to access the WAN IP and the forwarded port (either through DDNS or directly), the port does not appear open despite the external IP of the router being in the range of IPs for which port forwarding is set up.
Below is the format I've used for the iptables commands in the nat-start script:
iptables -t nat -I VSERVER 1 -p tcp -m tcp -s [xx.xx.xx.xx]/10 --dport [yyyy] -j DNAT --to 192.168.[zzz].[zzz]
The IP range xx.xx.xx.xx/10 refers to my ISP's dynamic IP pool, and I've checked my WAN IP is currently within that range, so I'm perplexed why the forwarding does not work from inside the LAN.
Is this an issue with NAT loopback, or an issue with my iptables port forwarding?
Thanks in advance.