User Tools

Site Tools


doc:howto:port.forwarding

Port Forwarding

Port forwarding can be used to open holes in the firewall, and forward external traffic to an internal host or service, commonly used for gaming applications, running a web service, or remote administration.

The firewall configuration is located at /etc/config/firewall and for reference, you can also review /etc/config/firewall#forwarding.ports.destination.natdnat

A redirect rule is the simple way of forwarding traffic from an external port to an internal host. You can edit /etc/config/firewall or create your own user file /etc/firewall.user

In this example, we're taking traffic from the WAN interface, on port '2222', and directing it to the host '192.168.1.100' on the LAN interface.

Following configurations are actually for /etc/config/firewall . /etc/firewall.user can't understand them, it is for raw iptables commands. related forum thread

config 'redirect'
        option 'name' 'some awesome game'
        option 'src' 'wan'
        option 'proto' 'tcpudp'
        option 'src_dport' '2222'
        option 'dest_ip' '192.168.1.100'
        option 'target' 'DNAT'
        option 'dest' 'lan'

You can also supply different ports to be forwarded. For example, external traffic on port '5555' will be directed to the host '192.168.1.100' on port '22'.

config 'redirect'
        option 'name' 'ssh'
        option 'src' 'wan'
        option 'proto' 'tcpudp'
        option 'src_dport' '5555'
        option 'dest_ip' '192.168.1.100'
        option 'dest_port' '22'
        option 'target' 'DNAT'
        option 'dest' 'lan'
To apply the changes to the firewall, you'll need to run /etc/init.d/firewall restart.

doc/howto/port.forwarding.txt · Last modified: 2016/01/03 21:58 by Artyom