iptables port forward range

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
flakie
DD-WRT User


Joined: 23 Sep 2017
Posts: 229
Location: Swindon, UK

PostPosted: Sat Jun 22, 2019 14:51    Post subject: iptables port forward range Reply with quote
Very new to iptables (well, all things linux) and trying to learn but not so easy Wink

iptables -t nat -I PREROUTING -p tcp -d $(nvram get wan_ipaddr) --dport 5000 -j DNAT --to 192.168.1.100:5000
iptables -I FORWARD -d 192.168.1.100 -p tcp --dport 5000 -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -d $(nvram get wan_ipaddr) --dport 5001 -j DNAT --to 192.168.1.100:5001
iptables -I FORWARD -d 192.168.1.100 -p tcp --dport 5001 -j ACCEPT

How to specify the above with a port range rather than as two separate entries?

I tried the below but it did not work:

iptables -t nat -I PREROUTING -p tcp -d $(nvram get wan_ipaddr) --dport 5000:5001 -j DNAT --to 192.168.1.100:500:5001
iptables -I FORWARD -d 192.168.1.100 -p tcp --dport 5000:5001 -j ACCEPT

Not a big issue here as just two ports in the range but have another to enter with a range of 30 ports and that starts to get a bit unwieldy.

Many thanks.

_________________
Router Model: Netgear R8000
Firmware: DD-WRT v3.0-r41813 std (12/29/19)
Modem: Super Hub 3.0
ISP: Virgin Media 350/35 Mbps

Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12813
Location: Netherlands

PostPosted: Sat Jun 22, 2019 15:47    Post subject: Reply with quote
No need to specify the WAN address (although you can do it), no need to specify the destination port if it is the same

Try this:
Code:
iptables -t nat -I PREROUTING -p tcp --dport 5000:5001 -j DNAT --to 192.168.1.100


DNAT can accept port range but you have to separate it with a - so: 192.168.1.100:5000-5001

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
flakie
DD-WRT User


Joined: 23 Sep 2017
Posts: 229
Location: Swindon, UK

PostPosted: Sat Jun 22, 2019 16:13    Post subject: Reply with quote
Thanks egc Smile
That worked.
Actually just changing the dnat, to a - from a : worked too.
Cheers.

_________________
Router Model: Netgear R8000
Firmware: DD-WRT v3.0-r41813 std (12/29/19)
Modem: Super Hub 3.0
ISP: Virgin Media 350/35 Mbps

Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum