Author
Message
flakie DD-WRT User Joined: 23 Sep 2017 Posts: 229 Location: Swindon, UK
Posted: Sat Jun 22, 2019 14:51 Post subject: iptables port forward range
Very new to iptables (well, all things linux) and trying to learn but not so easy
iptables -t nat -I PREROUTING -p tcp -d $(nvram get wan_ipaddr) --dport 5000 -j DNAT --to 192.168.1.100:5000
iptables -I FORWARD -d 192.168.1.100 -p tcp --dport 5000 -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -d $(nvram get wan_ipaddr) --dport 5001 -j DNAT --to 192.168.1.100:5001
iptables -I FORWARD -d 192.168.1.100 -p tcp --dport 5001 -j ACCEPT
How to specify the above with a port range rather than as two separate entries?
I tried the below but it did not work:
iptables -t nat -I PREROUTING -p tcp -d $(nvram get wan_ipaddr) --dport 5000:5001 -j DNAT --to 192.168.1.100:500:5001
iptables -I FORWARD -d 192.168.1.100 -p tcp --dport 5000:5001 -j ACCEPT
Not a big issue here as just two ports in the range but have another to enter with a range of 30 ports and that starts to get a bit unwieldy.
Many thanks. _________________ Router Model: Netgear R8000
Firmware: DD-WRT v3.0-r41813 std (12/29/19)
Modem: Super Hub 3.0
ISP: Virgin Media 350/35 Mbps
Back to top
Sponsor
egc DD-WRT Guru Joined: 18 Mar 2014 Posts: 12812 Location: Netherlands
Posted: Sat Jun 22, 2019 15:47 Post subject:
No need to specify the WAN address (although you can do it), no need to specify the destination port if it is the same
Try this:
Code: iptables -t nat -I PREROUTING -p tcp --dport 5000:5001 -j DNAT --to 192.168.1.100
DNAT can accept port range but you have to separate it with a - so: 192.168.1.100:5000-5001 _________________ Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read): https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top
flakie DD-WRT User Joined: 23 Sep 2017 Posts: 229 Location: Swindon, UK
Posted: Sat Jun 22, 2019 16:13 Post subject:
Thanks egc
That worked.
Actually just changing the dnat, to a - from a : worked too.
Cheers. _________________ Router Model: Netgear R8000
Firmware: DD-WRT v3.0-r41813 std (12/29/19)
Modem: Super Hub 3.0
ISP: Virgin Media 350/35 Mbps
Back to top