Port forwarding can be used to open holes in the firewall, and forward external traffic to an internal host or service, commonly used for gaming applications, running a web service, or remote administration.
The firewall configuration is located at /etc/config/firewall and for reference, you can also review /etc/config/firewall#forwarding.ports.destination.natdnat
In this example, we're taking traffic from the WAN interface, on port '2222', and directing it to the host '192.168.1.100' on the LAN interface.
|Following configurations are actually for /etc/config/firewall . /etc/firewall.user can't understand them, it is for raw iptables commands. related forum thread|
config 'redirect' option 'name' 'some awesome game' option 'src' 'wan' option 'proto' 'tcpudp' option 'src_dport' '2222' option 'dest_ip' '192.168.1.100' option 'target' 'DNAT' option 'dest' 'lan'
You can also supply different ports to be forwarded. For example, external traffic on port '5555' will be directed to the host '192.168.1.100' on port '22'.
config 'redirect' option 'name' 'ssh' option 'src' 'wan' option 'proto' 'tcpudp' option 'src_dport' '5555' option 'dest_ip' '192.168.1.100' option 'dest_port' '22' option 'target' 'DNAT' option 'dest' 'lan'To apply the changes to the firewall, you'll need to run