What's new

Port forwarding query

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

TheStork

Occasional Visitor
Hi,

I am trying to set up some iptables nat rules allowing port forwarding to only some source IP ranges (on my RT-AC87U, on Merlin-wrt 376.48_1 firmware), but am having some trouble. The forwarded ports work for devices that are outside the LAN (within the IP range I've defined port forwarding for), but when a device located inside the LAN tries to access the WAN IP and the forwarded port (either through DDNS or directly), the port does not appear open despite the external IP of the router being in the range of IPs for which port forwarding is set up.

Below is the format I've used for the iptables commands in the nat-start script:

iptables -t nat -I VSERVER 1 -p tcp -m tcp -s [xx.xx.xx.xx]/10 --dport [yyyy] -j DNAT --to 192.168.[zzz].[zzz]

The IP range xx.xx.xx.xx/10 refers to my ISP's dynamic IP pool, and I've checked my WAN IP is currently within that range, so I'm perplexed why the forwarding does not work from inside the LAN.

Is this an issue with NAT loopback, or an issue with my iptables port forwarding?

Thanks in advance.
 
I may be "all wet" on this but if I understand what your attempting, I believe when your on your LAN anywhere within your routers firewall trying to access another LAN device that no port forwarding is needed and you just use it's local (LAN) IP.

I have similar results trying to see my LAN connected DVR that has working port forwarding using my routers WAN IP.

So I think what your seeing is "normal".

Hopefully someone will correct me if I'm wrong.

JoBo
 
Last edited:
Thanks JoBo,

I'd like to use the same address regardless whether I connect with a device within LAN or from WAN side. I assume your DVR/NVR example is very much what I'm trying to set up (i.e. remote access to my NVR/IP cameras), but I would like to use the same address (e.g. a DynDNS address and a specific port) on my mobile phone's CCTV monitoring app regardless whether I'm accessing the NVR from LAN or WAN side.

Do I need additional iptables lines to specify that traffic from inside the LAN addressed to specific ports of the WAN IP need to be routed somewhere else within the LAN?
 
Stork.

I see now what your trying to accomplish, keeping it simple.:eek:

I have not tackled the phone end of it yet:confused:

JoBo
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top