I am coming from a Cisco E1200 running DD-WRT to Asus TM-AC1900 running FW for RT-68U.
In DD-WRT there was a way to allow access to ports only from certain IP. Is there a way to duplicate the functionality in Asus?
You will have to use a custom firmware, and manually create the iptables rules through a script.
iptables -t nat -I VSERVER 3 -p tcp -m tcp -s x.x.x.x --dport 22 -j DNAT --to y.y.y.y
ACCEPT IN=eth0 OUT=br0 SRC=x.x.x.x DST=y.y.y.y LEN=48 TOS=0x00 PREC=0x00 TTL=47 ID=9907 DF PROTO=TCP SPT=17479 DPT=22 SEQ=1828100141 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020404EC01010402)
Going by your post and guides, I defined the following:
Code:iptables -t nat -I VSERVER 3 -p tcp -m tcp -s x.x.x.x --dport 22 -j DNAT --to y.y.y.y
I see that the firewall rule is working fine:
Code:ACCEPT IN=eth0 OUT=br0 SRC=x.x.x.x DST=y.y.y.y LEN=48 TOS=0x00 PREC=0x00 TTL=47 ID=9907 DF PROTO=TCP SPT=17479 DPT=22 SEQ=1828100141 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020404EC01010402)
But I am not able to connect to my SSH server. I know the server is working fine because I can connect to it from within my home network.
Any help is appreciated.
#!/bin/sh
touch /tmp/000wanstarted
iptables -t nat -I VSERVER 3 -p tcp -m tcp -s x.x.x.x --dport 22 -j DNAT --to y.y.y.y
-rwxrwxrwx 1 admin root 107 Sep 30 11:48 nat-start
Thanks. It was a new server that I was using (Raspberry Pi) which blocks all out of network traffic by default.
Finally, I have the following script:
Code:#!/bin/sh touch /tmp/000wanstarted iptables -t nat -I VSERVER 3 -p tcp -m tcp -s x.x.x.x --dport 22 -j DNAT --to y.y.y.y
I made it executable:
Code:-rwxrwxrwx 1 admin root 107 Sep 30 11:48 nat-start
I tested it by manually running it. I see the folder 000wanstarted created under /tmp and the rules in iptables but when I rebooted, the rules were not present. What am I doing wrong?
Make sure you did put it under /jffs/scripts/
admin@SnooNAS:/jffs/scripts# ls -lrt
-rwxrwxrwx 1 admin root 107 Sep 30 11:48 nat-start
Is the empty file created in tmp, or not even that? I can't see any reason why the script would work when run manually but not after a reboot. You do have NAT and Firewall enabled, correct?
I can't think of any other reason why this wouldn't work there then, while it does work if manually launched (which confirms that the script encoding is fine), sorry.
Can I run a cronjob to either run the script after reboot or add the rule in?
Also this is TM-AC1900 HW, can this be a bug since I am using RT-AC68U SW?
That'd surprise me. However that does bring something else... Are you still running my firmware on it, or stock? Those scripts won't work with the stock firmware.
I am running your build 376.47. Maybe I can try a fresh install. I went from stock T-Mobile to RT-AC68U to your build. Do you think a factory reset might be enough or a fresh firmware upgrade?
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!