User Tools

Site Tools


doc:howto:port.forwarding

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
doc:howto:port.forwarding [2013/04/23 01:25]
xerces8
doc:howto:port.forwarding [2016/01/03 21:58] (current)
Artyom clarification about config file syntax, need more help
Line 1: Line 1:
 +====== Port Forwarding ======
  
 +
 +Port forwarding can be used to open holes in the firewall, and forward external traffic to an internal host or service, commonly used for gaming applications,​ running a web service, or remote administration.
 +
 +The firewall configuration is located at [[doc:​uci:​firewall|/​etc/​config/​firewall]] and for reference, you can also review [[doc:​uci:​firewall:#​forwarding.ports.destination.natdnat|/​etc/​config/​firewall#​forwarding.ports.destination.natdnat]]
 +
 +A redirect rule is the simple way of forwarding traffic from an external port to an internal host. You can edit [[doc:​uci:​firewall|/​etc/​config/​firewall]] <​del>​or create your own user file [[doc:​uci:​firewall|/​etc/​firewall.user]]</​del>​
 +
 +In this example, we're taking traffic from the WAN interface, on port '​2222',​ and directing it to the host '​192.168.1.100'​ on the LAN interface.
 +
 +|{{:​meta:​icons:​tango:​48px-emblem-important.svg.png?​nolink}} Following configurations are actually for /​etc/​config/​firewall . /​etc/​firewall.user can't understand them, it is for raw iptables commands. [[https://​forum.openwrt.org/​viewtopic.php?​id=54100|related forum thread]]|
 +
 +<​code>​
 +config '​redirect'​
 +        option '​name'​ 'some awesome game'
 +        option '​src'​ '​wan'​
 +        option '​proto'​ '​tcpudp'​
 +        option '​src_dport'​ '​2222'​
 +        option '​dest_ip'​ '​192.168.1.100'​
 +        option '​target'​ '​DNAT'​
 +        option '​dest'​ '​lan'​
 +</​code>​
 +
 +You can also supply different ports to be forwarded. For example, external traffic on port '​5555'​ will be directed to the host '​192.168.1.100'​ on port '​22'​.
 +
 +<​code>​
 +config '​redirect'​
 +        option '​name'​ '​ssh'​
 +        option '​src'​ '​wan'​
 +        option '​proto'​ '​tcpudp'​
 +        option '​src_dport'​ '​5555'​
 +        option '​dest_ip'​ '​192.168.1.100'​
 +        option '​dest_port'​ '​22'​
 +        option '​target'​ '​DNAT'​
 +        option '​dest'​ '​lan'​
 +</​code>​
 +To apply the changes to the firewall, you'll need to run ''/​etc/​init.d/​firewall restart''​.