Q) Router port forward for itself

[forumi0721]

Hi

I use ac68p with merlin firmware.

I want to use internal 80 port for web admin, and external 8000 port for web.

I've set port forward external 8000 to internal 192.168.1.1 80 but it does not work

So I did search iptables command, but it just open port.
# iptables -I INPUT -p tcp --destination-port 80 -j ACCEPT

So my question is, what can I do for use different port external, internal in router?

 

[Nullity]

I'm not sure I understand but if you are trying to expose the router's httpd GUI to the web, that's a very, very bad idea.

If you really want remote access, setup OpenVPN.

 

[forumi0721]

I'm not sure I understand but if you are trying to expose the router's httpd GUI to the web, that's a very, very bad idea.

If you really want remote access, setup OpenVPN.

OK
But it need other case tvheadend or udprxy...

Ia it impoasible open router port with other external port?

 

[Zirescu]

Like @Nullity said - bad idea to open the router to the outside. That being said you need to change the setting on the Administration->System tab -> Web Interface to make it accessible to the WAN.

 

[Marko Polo]

I have the same requirement. What about arbitrary port (e.g. 16000)? I wanna receive some data from dd via netcat

dd if=/dev/sda|bzip2 -c|nc router.com 16000

but I do not wanna set up complex port forwarding scenario for LAN machines or VMs. I want to save the data directly on USB SSD attached to router, alike

nc -l 16000|bzip2 -d|dd of=/mnt/SDA1/volume.img

How to achieve this?

 

[ColinTaylor]

I have the same requirement. What about arbitrary port (e.g. 16000)? I wanna receive some data from dd via netcat

I don't think your question is the same as this topic. The OP was asking how to get the router's web server to be accessible on two different ports (The answer was "there's a setting for that").

As I understand it you just want to open a port (16000) on the router's firewall. Or am I misunderstanding?

 

[Marko Polo]

As I understand it you just want to open a port (16000) on the router's firewall. Or am I misunderstanding?

Exactly.

The thread titled as "self-port-forwarding" which is the perfect fit for my requirement.
The OP just has a custom case of more generic requirement (he wants to open 8000, and I want to open 16000), in all the others our cases are the same.

 

[ColinTaylor]

What have you tried so far?

Are there any particular limitations with nc that are causing you problems? The built-in nc doesn't have a listen option so I assume you've installed a different version from somewhere.

 

[Marko Polo]

What have you tried so far?

I've tried to add 192.168.1.1 address in the standard port forwarding applet, but that didn't work. I thought there should be more handy way of doing this except manual editing IPTABLES.

The built-in nc doesn't have a listen option

Yes, I noticed that. Entware has netcat 0,7.1.1 which should solve the problem. Does Entware apps replace built-in Merlin binaries?
Which version of netcat would be called if both /opt and /usr/sbin folders are in $PATH?

 

[ColinTaylor]

Which version of netcat would be called if both /opt and /usr/sbin folders are in $PATH?

I don't use entware so I don't know how it's set up. But it will use what comes first in the PATH at the time of execution. So if you're calling it from a custom script at boot time it's possible that the path might not be set or that entware hasn't been loaded yet. Either way, if you need to use the entware version then it's best to specify the complete path to the command.

What interface is nc listening on?

 

[Marko Polo]

What interface is nc listening on?

WAN interface. I just put nc -l 16000|bzip2 -d|dd of=/mnt/SDA1/volume.img in SSH session. I suppose it should listen WAN by default.

 

[ColinTaylor]

I suppose it should listen WAN by default.

I wouldn't assume that. Why would it choose one interface over another, it doesn't understand what they're used for. Depending on the interface being used a different firewall rule will be required. Can you not specify the interface in the nc command ?

If it's listening on port 16000 then the following command should show it:

netstat -an | grep 16000