Port forwarding not working build18024

Post new topic   Reply to topic    DD-WRT Forum Index -> Ralink SoC based Hardware
Goto page Previous  1, 2, 3
Author Message
f00bar
DD-WRT Novice


Joined: 15 Nov 2013
Posts: 1

PostPosted: Fri Nov 15, 2013 16:56    Post subject: Reply with quote
roniez wrote:
This is a terrible solution to be honest.
This makes all incoming connections look like they are coming from the router it self.

IE.

TS3 server running on ip 192.168.1.69 on port 9987
You add port 9987 to port forwarding towards ip 192.168.1.69.

By default this will not work for some reason port forwarding is not forwarding connections correctly

If you use the following command "iptables -t nat -A POSTROUTING -j MASQUERADE" the portforwarding will work.
But if you look on a client connected to the TS3 server they will list as client ip "192.168.1.1:xxxxx"

This means that you will not see the actual ip of the connected client.
There must be a better way to fix the port forwarding.

FW used is DD-WRT v24-sp2 (07/20/12) std
(SVN revision 19519)

Also experianced on DD-WRT v24SP2- (03/25/13) std
(SVN revision 21061)


Remove the "-j MASQUERADE" and the correct external address will appear in the logs. (tested with Buffalo N600 w/Firmware: DD-WRT v24SP2-MULTI (11/04/12) std)
Sponsor
doktour
DD-WRT Novice


Joined: 06 Feb 2015
Posts: 4

PostPosted: Fri Mar 13, 2015 16:00    Post subject: Reply with quote
Worked for me!

Linksys WRT350N

DD-WRT v24-sp2 (08/07/10) mega
(SVN revision 14896)

Thanks
correzpond
DD-WRT Novice


Joined: 11 Jun 2011
Posts: 19

PostPosted: Mon Jun 08, 2015 7:24    Post subject: Reply with quote
Keep in mind that command iptables -t nat -A POSTROUTING -j MASQUERADE performs incoming Network Address Translation (NAT) and has the effect of translating (spoofing) all incoming external IP addresses into local IP addresses.

In my system this had the effect of making my Plex Media Server, which is designed to require authentication from external addresses but not local addresses, open to anyone who knew my external IP and the Plex Port.

In effect it opens a massive security hole into your system.
tazzman
DD-WRT Novice


Joined: 19 Aug 2008
Posts: 38

PostPosted: Fri Apr 15, 2016 19:19    Post subject: TEW-811DRU Reply with quote
No luck with my Router. Very frustrated any ideas?
pigtail
DD-WRT Novice


Joined: 26 Oct 2015
Posts: 22

PostPosted: Mon May 29, 2017 20:15    Post subject: Reply with quote
For ALL of you struggling on port forwarding not working, please TRY move your whole attempt to the "Port Range Forwarding" tab. It might sound stupid even when it's just a single port, but at least it works like a charm for me. And then you probably needn't worry the loophole that @roniez mentioned.

-----
Router Model: Netgear WNDR3700 v2
Firmware Version: DD-WRT v3.0-r31924 std (05/02/17)
Kernel Version: Linux 3.10.105 #31634 Tue May 2 03:53:54 CEST 2017 mips
-----

I spent two whole days to troubleshoot. Flashed different firmware versions, exchanged different routers, played DMZ settings, moved my target NAS between two cascade routers. And of course read the following URLs again and again...

https://www.dd-wrt.com/wiki/index.php/Port_Forwarding
https://www.dd-wrt.com/wiki/index.php/Port_Forwarding_Troubleshooting

What triggered me to work on the other tab? The setting of "Source Net" looks like a sting in my eye. What the hell does it actually mean?! So I give the "Range" a try.

I cannot create an account on the wiki to share my knowledge. So I might dupe post my find-out on several thread. Please don't ban.
Goto page Previous  1, 2, 3 Display posts from previous:    Page 3 of 3
Post new topic   Reply to topic    DD-WRT Forum Index -> Ralink SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum