Menu
What's new
By:
Filters Better Search

Port FW/IP tables

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Maurizio

Maurizio

Occasional Visitor
i hope the question fits the Forum... I have 2 WiFi Thermostats, Heatmiser, that i can control remotely, from LAN without issues, but only one from WAN.
The thermo have a fixed port that cannot be changed and there is an App thet can be configured to access just the IP or the remote IP, no port indication.
So, when at home, the App works ok, i can control both, using 2 IPs. From mobile connection, i can only control one, as i made a Port FW form port XXX external to The same internal for the first IP. Obviously, i cannot do the same for the second, as even if IP is different, the port is the same.
So i created another port forward, from YYY to XXX and second IP... But the App is not working. I can anyhow reach both from mobile using a web interface, as port forwarding works.
My question is: is there in Linux, using the Merlin Asus firmware capabilities, to make a lower level PF or something in the IPtables so that also the app will work?
Any suggestion is welcome, I have to tell I'm learning Linux now ...
Thanks
M
 
You don't have many choices. The only way you can distinguish between the two from the WAN side is by forwarding a different port. If your application doesn't let you select a port, then there's nothing else you can do about it.
 
can you tell us your Thermostats brand/model? maybe you can add port in the form of "ip : port" in your app. Another options is mod your current mobile app
 
Rather than punching holes in your firewall and depending on the security of the device, I think you should turn on VPN and use that to get access to your devices.
 
Thnaks for the answers...
It's not that easy. I can get around the Asus and the ports, np. But the app, it's an Ios one, no setup. Just put the IP and the WAN address and that's it. It works on LAN, it works on one from WAN as i made a PF to it, using the std port. But when i try portforwarding another port to the second IP it just don't go through. I tried with IPtables on the router, pre and post routing, mangle,etc. no joy.
Strange enough if i make a PF to the web interface (that i keep close for security reason) it works on the second, as the Heatmiser has a web interface (for now, they are going to remove it).
So it's the app that for whatever reason is not going through the PF. Or at least, in some strange way.
I tested with the asus firewall log and looks like the firewall let it go through correclty, natting the external port x to the std y into the second IP... But then it stops somewhere...
I start to think there is no way, i'll live with controlling 1 form remote and find a workaround (remotedesktop) for the second.

If you have other ideas... Still welcome!

Thx

M
 
Maurizio said:
...
It's not that easy. ...But the app, it's an IOS one ...
Click to expand...

Is not a Virtual Private Network (VPN) client built into your IOS device?

https://support.apple.com/en-ca/HT201550
https://support.apple.com/kb/PH11067?locale=en_US

Either PPTP or OpenVPN servers are available on the Asus router.
Merlin's Wiki has instructions to setup the OpenVPN server.

https://github.com/RMerl/asuswrt-merlin/wiki

When using the VPN you should get access to all your LAN devices by using their private IP address. (The VPN makes your private network accessible over the Internet via the encrypted tunnel.) Therefore your IOS app runs unchanged and you would use the LAN IP address to select which device you control.

A little more effort to setup, but you gain the security of the encryption, not depending on the software on your thermostat to protect your network, and no changes required to your app.
 
Fantastic !

it worked.

I created a PPTP server on the Asus, VPNed to that from the iphone, used the same access IP for LAN and WAN... works!

thanks, that was really helpful!

M
 
You must log in or register to reply here.

Similar threads

M
How to NAT traffic inbound to a specific host or network ?
Replies
6
Views
302
mekabe remain
M
adri
Firewall, Port Forwarding, and DoS Question
Replies
8
Views
544
ColinTaylor
C
R
RT-AX86U Pro LAN Port on Guest Network
Replies
9
Views
1K
Jherb
J
J
ASUS GT-AXE16000 CPU usage with VPN on lan machine
2
Replies
25
Views
974
Jerky_san
J
D
Issue with openVPN port forward in ASUS ac88u
Replies
4
Views
350
deeph203
D
Similar threads
Thread starter Title Forum Replies Date
A Splitting port via VLANs on AX88U Pro? Asuswrt-Merlin 3
N Forward only specific port's traffic to Wireguard VPN Asuswrt-Merlin 1
Muyfa666 XT12 ethernet port 3 yellow? Asuswrt-Merlin 25
V Does DNS director block port 53 and/or 853 outgoing? Asuswrt-Merlin 3
K Add/Remove Port Forwards on a schedule Asuswrt-Merlin 3
adri Firewall, Port Forwarding, and DoS Question Asuswrt-Merlin 8
R Disable Intranet access for a LAN port (not the WiFi Guest network)? Asuswrt-Merlin 13
ollimoe RT-BE88U and Dynamic WAN Port MAC? Asuswrt-Merlin 0
C Can port forwarding do failover to an alternative server? Asuswrt-Merlin 2
Yota How to enable port randomization in Asuswrt-Merlin? Asuswrt-Merlin 4

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 563 (members: 19, guests: 544)
Top