Anyone have DD-WRT, PIA openvpn, and port forwarding working

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Goto page Previous  1, 2, 3, 4, 5, 6  Next
Author Message
bushant
DD-WRT Guru


Joined: 18 Nov 2015
Posts: 1377

PostPosted: Mon Feb 12, 2018 16:51    Post subject: Reply with quote
Ok, I have spent several hours trying about everything I can think of with no success. But I have learned some about jffs and opt.

Are there any variables in either of the two methods that need changed for my specific setup?
I have tried jffs and opt, I have changed internal ip and internal port to about all possible combinations.
I tried the scripts in /opt/etc/init.d as something I read says it will look there anyway.
I tried the sha256sum method @egc was suggesting.
I probably did not understand that well enough.
I am able to get the new pia port forward api to return a port# although I am guessing these scripts make this unnecessary.
I quit screwing around in jffs after it became unwriteable and I got that fixed.
I have enabled and disabled port forwarding in nat>port forwarding and dmz. (enabling kills internet connection with vpn client enabled until router is rebooted. Not sure if this is a bug.)

As a side note I have come to the conclusion that vpn providers probably don't want this setup to work as it enables all clients to use the vpn and bypasses their device limits thereby reducing income. Can't say that I blame them.
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 5920
Location: Netherlands

PostPosted: Mon Feb 12, 2018 17:14    Post subject: Reply with quote
Just wait till @Eibgrad finished his updated script. For that you do not need sha256sum.
You also do not need /jffs or /opt.
The script has to be placed in Administration/Commands Save as startup.
When the router starts everything is created.
I think that the description in the first lines is referring to an older build?
When I read the script I assumed it had to be placed in Administration/Commands and Saved as Startup and that is what I did and it worked Smile

Be sure to enable syslog

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard server setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Wireguard client setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324624
Wireguard Advanced setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324787
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 5920
Location: Netherlands

PostPosted: Tue Feb 13, 2018 13:45    Post subject: Reply with quote
Many thanks, It is working.
One question, what exactly is the sed doing at the end of the script?

One remark, I used notepad++ for windows but that introduced <CR> and that played havoc to the script. That was probably the reason I could not call it from the startup command, just pasting it in the startup command worked because that seemded to strip the <CR>

Again many thanks learned a lot from it

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard server setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Wireguard client setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324624
Wireguard Advanced setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324787
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 5920
Location: Netherlands

PostPosted: Tue Feb 13, 2018 14:49    Post subject: Reply with quote
eibgrad wrote:
As you've probably already noted, the script is actually two scripts. An outer script that creates the inner script. IOW, a script within a script. When executed, the outer script configures the inner script before placing it in /tmp/pia. The outer script then just falls away.

Notice the variables INTERNAL_IP and INTERNAL_PORT are defined in the outer script, when in fact they are used by the inner script. I do that so I can place those variables near the top, where the end-user would expect them, thus making them obvious and easy to modify. But that means I have to use sed at the end of the outer script to modified the inner script where those variables are actually used.

If I didn't do it this way, INTERNAL_IP and INTERNAL_PORT would be buried deep into the inner script, and the end-user would have to search for them.

It's just a design choice on my part to permit me to keep all end-user configuration changes in one place, near the top.

As far as notepad++, being a Windows app, I assume it default to Windows EOL chars. But that's incompatible w/ Linux. You need to make sure the current format in notepad++ is Unix/Linux before uploading the file.

Pasting to the startup script doesn't have this problem because the router is taking care of this for you.

FWIW, you can achieve similar results using Putty. Open a shell (telnet/ssh), then type "cat > /jffs/ddwrt-pia-port-forward.sh" (no quotes). The cursor will move to the far left, waiting for you to either type into the file, or paste. If you copy the file contents locally into the clipboard, you can either right-click or Shift-Insert to paste into the file. Then type Ctrl-C to close the file. Finally, mark it executable (chmod +x /jffs/ddwrt-pia-port-forward.sh). If you need to make minor changes on the router, use the vi editor (it pays to learn a few basic vi commands).


Thanks that clears it up great job.

I found out that Winscp can also be used to make a file and edit it without the Windows trouble, can also be used to make it executable Smile

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard server setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Wireguard client setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324624
Wireguard Advanced setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324787
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
bushant
DD-WRT Guru


Joined: 18 Nov 2015
Posts: 1377

PostPosted: Wed Feb 14, 2018 1:42    Post subject: Reply with quote
Give a monkey a crayon and he will eventually draw a picture!
Regarding:
Got it going today after struggling yesterday with intermittent results. Think it had to do with entware on usb. I unplugged that and learned some vi and it took off here on my home setup (Kubuntu).
Tried it at the shop (which is where port forwarding is actually going to be needed on Ubuntu pc) this evening using Windows pc Sad with no luck. I struggle with Windows. I had vnc connection for a few minutes then it quit and would not reconnect no matter what.I will switch to Ubuntu tomorrow and see what happens.

eibgrad: You have gone above and beyond with this. Be glad to send some dollars for your efforts. (I may not be done)
portsup
DD-WRT User


Joined: 20 Oct 2018
Posts: 85

PostPosted: Sat Oct 20, 2018 15:20    Post subject: Reply with quote
This post relates to PIA privateinternetaccess, DDWRT, transmission , portwoarding and OPENVPN

I am fairly new to this level of linux. It has taken me a while to work this all out from various snippets around the net. Interestingly the PIA forum was quite helpful and I was going to reply there but it's closed ! wow just one more hurdle. Linux and open source now seem immensely complicated but also immensely powerful. It seems you could do just about anything with it, and there is an infinite amount of ways to do things... anyway here is what I did and solved.

First the problems I solved.

-Simple Kill Switch
-Grabbing a forwarded port from PIA
-Insert the port into Transmission
-Limiting just Transmission to VPN while using PBR in OPENVPN, and get rest of net openwithout VPN.

Some problems I had to deal with.
-non persistent parts of DDWRT file system.
-OPENVPN not allowing traffic over the tunnel from directly run scripts from the OPENVPN binary
-peculiarities about the use of Captials in some things.
-stupid 2 minute limit to get a port with PIA
-complexity of Linux
-missing binaries
-outdated documentation for some linux commands.

Overall, it was quite a nightmare to deal with. Anyway here is what I did hopefully it helps someone else.

I will add comments inside ## #as i go along#
#you should delete them when making scripts#
#if any of the /paths are different you will need to change them also, any missing binaries you will need to install with opkg with the relevant packages#

#I entered an ip address in the 'policy based routing' or PBR section of /services/openvpn tab. This put the vpn setup into that mode. Which limits just the vpn to that IP but we can add to it later#

#I have both JFFS and OPT setup. For some reason running stuff from opt at openvpn launch seemed to not work, but from jffs on router flash was fine.#

#I made a copy of /tmp/openvpncl/ to /jffs/openvpncl/.
use the cmd#

Code:
cp -a  /tmp/openvpncl/* /jffs/openvpncl/


#i made a script at /jffs/portforward.sh it contained#

Code:

#!/bin/sh
cp -a  /jffs/openvpncl/* /tmp/openvpncl/


# this copies back the files to tmp. I added#

Code:

up /jffs/portforward.sh


#to an empty line in "additional config" in /services/vpn tab at openvpn. This will execute that script when openvpn starts and makes tun1 it's tunnel dev#

#I edit the scipts in /jffs/openvpncl/. First the route-up.sh script. It ends up containing this#

Code:
#!/bin/sh
iptables -D POSTROUTING -t nat -o tun1 -j MASQUERADE
iptables -I POSTROUTING -t nat -o tun1 -j MASQUERADE
iptables -D INPUT -i tun1 -j ACCEPT
iptables -D FORWARD -i tun1 -j ACCEPT
iptables -D FORWARD -o tun1 -j ACCEPT
iptables -I INPUT -i tun1 -j ACCEPT
iptables -I FORWARD -i tun1 -j ACCEPT
iptables -I FORWARD -o tun1 -j ACCEPT
for IP in `cat /tmp/openvpncl/policy_ips` ; do
    ip rule add from $IP table 10
done
ip rule add from $ifconfig_local table 10
ip route add default via $route_vpn_gateway table 10
ip route flush cache
echo $ifconfig_remote >>/tmp/gateway.txt
echo $route_vpn_gateway >>/tmp/gateway.txt
echo $ifconfig_local >>/tmp/gateway.txt
sed -i 's/.*bind-address-ipv4.*/    "bind-address-ipv4": "'$ifconfig_local'",/' /tmp/mnt/sdb1/torrents/config/settings.json
stopservice dnsmasq -f
startservice dnsmasq -f
cat /tmp/resolv.dnsmasq > /tmp/resolv.dnsmasq_isp
env | grep 'dhcp-option DNS' | awk '{ print "nameserver " $3 }' > /tmp/resolv.dnsmasq
cat /tmp/resolv.dnsmasq_isp >> /tmp/resolv.dnsmasq
sleep 2
touch /tmp/resolv.dnsmasq
/jffs/portforward1.sh


# the particular lines I add to that are 'ip rule add from $ifconfig_local table 10' which makes the vpn local ip address routable via the vpn. Also 'sed -i 's/.*bind-address-ipv4.*/ "bind-address-ipv4": "'$ifconfig_local'",/' /tmp/mnt/sdb1/torrents/config/settings.json' which adds the local vpn ip to the bind address in transmissions config. Note transmission should be stopped for this. What this does is restrict transmission to the local vpn address, which is then restricted to the vpn. If the vpn goes down it has no where to go. If the vpn address changes and transmission remains confiqured to the wrong address it also has no where to go. There is a slight risk with this that somehow the address could be bound to nothing which would then allow transmission to traverse over the regular net. Adding an if statement or instead configuring for fix address could fix that. But I also use other things to killswitch transmission#

#lastly I add '/jffs/portforward1.sh' to execute the next script which somehow separates it from the openvn process allowing it to pass packets over the tunnel#

#I also add to route-down.sh which looks like this#

Code:

#!/bin/sh
iptables -D INPUT -i tun1 -j ACCEPT
iptables -D POSTROUTING -t nat -o tun1 -j MASQUERADE
ip route flush table 10
killall transmission-daemon
sed -i 's/.*bind-address-ipv4.*/    "bind-address-ipv4": "192.168.168.168",/' /mnt/sdb1/torrents/config/settings.json


# the bottom 2 lines I added. The first 'killall transmission-daemon' kills transmission. The second 'sed -i 's/.*bind-address-ipv4.*/ "bind-address-ipv4": "192.168.168.168",/' /mnt/sdb1/torrents/config/settings.json' which writes a defunct address to transmission bind address. This all is kind of an extra killswitch, but you also need transmission stopped before the vpn restarts and runs all scripts again.#

#next script /jffs/portforward1.sh, simple I think this further separates from openvpn process. here it is.#

Code:
#!/bin/sh

/jffs/portforward2.sh &

exit 0



#next script /jffs/portforward2.sh, this is the business#

Code:

#!/bin/sh

/opt/bin/transmission-daemon --paused -g /tmp/mnt/sdb1/torrents/config
sleep 15
port=$(curl --interface tun1 "http://209.222.18.222:2000/?client_id=#insertyour sha256sum from calc here#" 2>/dev/null | awk -F ':' '{ print $2 }'| awk -F '}' '{ print $1 }')
echo $port>/tmp/port.txt
/opt/bin/transmission-remote 192.168.3.1 -p "$port"


#https://pastebin.com/zaiv6Fks careful the port= line is very long and my post splits it into 2 so use pastebin"

#line one loads transmission with -g for the config we have been editing and --paused so no torrents are going, extra safe if somehow script stuffs something and it can get to regular net. line 2 is a 15 second pause to allow open vpn to finish and pia servers to get ready to give a port.....Third line gets you a port and stores it in $port as just it's number. NOTE you will need to add your sha256sum where I say there you ain't getting mine Smile or you could use a command as found elsewhere to generate one... I like it more simple well in my head it is.Forth(third) line is actual part of the third line ,posting edited it like that... Fifth(forth) line is just for testing the port is gotten by sending it to a text file because with the fifth line I had heaps of trouble. I tried using the sed command to alter the transmission setting file, but for some reason I just couldn't get it to work in the script, very weird. I had the transmission starting after it ran of course, with delays and I tried many different things.. none worked. in the end you have the fifth line which changes the port on a running transmission-daemon, hence it is started earlier. If you have an user pass set in transmission you will need to add that to line five.#


#Wow long and complicated but hopefully that helps someone#

#As said, this gives killswitch for transmission, just vpn to transmission and well actually any address you put in PBR but not sure about killswitch for them. Port is all working when transmission is bound on the local vpn ip, so port open test from remote will work fine. Torrents will seed and upload fine! Overall I am quite happy and most important it works. Enjoy!#

Sorry for so long Sad
Chryses
DD-WRT User


Joined: 27 Jun 2018
Posts: 99

PostPosted: Wed Jun 26, 2019 21:01    Post subject: Reply with quote
Hi, I discovered this thanks to egc!

So, I'm new in PIA (just started, so I want to see if can works for me, I've 7days of try)

I'm trying to do this working (not yet reboot the router but I'll)

My actual configuration is:
Client running on router with suggested settings from pia
I redirect all vpn traffic only to one ip (NAS) I use egc's pbr script for this plus his dns leking prevenction
The NAS running transmission client and all others programs

Now I've some question about this script, because I think I not fully understand the script itself

I installed it like the pastebin say, run the command, but now I'm pretty confused

After a reboot, when the vpn connection is made, I'll find the port to the http://<router-ip>/user/pia/ext_port_forward.html, but I've to set this port inside transmission in my nas?
Reading the help seems that the port is used to make a forward from the pia port to the port I chose, so for example if I chose 12345 I "connect" the forward pia port to 12345, then I only need to set transmission to 12345 port. Am I right or I miss some?

I saw that pia use a more "intelligent" server selection, I only select the region. I think in this way if the server I'm connected go down, a new one from the same region came up, but what about the port? I've to do some?

And what about if the connection go down (a modem problem) then came up again, so the router have to make a new pia connection, I've to use a watchdog script or there's a constant check to see if the forward port is right?

Sorry for this questions, is pretty new for me this, I want to understand what I've to do.
Chryses
DD-WRT User


Joined: 27 Jun 2018
Posts: 99

PostPosted: Thu Jun 27, 2019 13:32    Post subject: Reply with quote
Ok thanks. I tried but I think I do some bad configuration.

My router is 10.0.0.1 and my nas is 10.0.0.100
Transmission is configured with port 54321

So I configured ddwrt-pia-port-forward.startup to have
/jffs/etc/config/ddwrt-pia-port-forward.sh --ip 10.0.0.100 --port 54321 --debug

But if I test the port from transmission, I got error, port closed

I've made no change to ddwrt-pia-port-forward.sh
to any BEGIN OPTIONS available, so internal port is
INTERNAL_PORT="80"

The funny is that if I put port 80 inside transmission (without reboot any) I got the port open

Ps, I don't have to put the script in Startup field on the router, right?

What I miss?
Chryses
DD-WRT User


Joined: 27 Jun 2018
Posts: 99

PostPosted: Thu Jun 27, 2019 16:32    Post subject: Reply with quote
Yep, all clear.

So to me seems all ok, but take a look to yourself.
The log is here https://pastebin.com/jwJ8FWPh

Consider that:
Transmission is over another pc, and Transmission is set to use UPnP.
Tried with 54321 port inside transmission:


Then, without restart transmission, I only changed the port to 80

The image is not english but is pretty clear, with 54321 give error, and with 80 the port is open

Here some settings from the router gui





Thanks, Jo

UPDATE:
With suggestion of egc, I disabled the UPnP but same results

This's my actual firewall rules inside the dd-wrt gui:
iptables -I FORWARD -s 10.0.0.100/32 -o $(nvram get wan_iface) -m state --state NEW -j REJECT
iptables -t nat -A POSTROUTING -o $(nvram get wan_iface) -j MASQUERADE
Can be here the problem?

Code:
root@DD-WRT:~# iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 7172 packets, 702K bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DNAT       tcp  --  tun1   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:45993 to:10.0.0.100:54321
    0     0 DNAT       udp  --  tun1   *       0.0.0.0/0            0.0.0.0/0           udp dpt:45993 to:10.0.0.100:54321
    0     0 DNAT       icmp --  *      *       0.0.0.0/0            192.168.1.50        to:10.0.0.1
  608 49300 TRIGGER    0    --  *      *       0.0.0.0/0            192.168.1.50        TRIGGER type:dnat match:0 relate:0

Chain INPUT (policy ACCEPT 989 packets, 66203 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 634 packets, 44852 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 191 packets, 31340 bytes)
 pkts bytes target     prot opt in     out     source               destination
 3588  262K MASQUERADE  0    --  *      tun1    0.0.0.0/0            0.0.0.0/0
 1018  202K SNAT       0    --  *      eth0    10.0.0.0/24          0.0.0.0/0           to:192.168.1.50
    0     0 MASQUERADE  0    --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x80000000/0x80000000
  603 40241 MASQUERADE  0    --  *      eth0    0.0.0.0/0            0.0.0.0/0
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 5920
Location: Netherlands

PostPosted: Thu Jun 27, 2019 18:36    Post subject: Reply with quote
Is this router behind another router (double nat)?
_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard server setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Wireguard client setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324624
Wireguard Advanced setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324787
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Chryses
DD-WRT User


Joined: 27 Jun 2018
Posts: 99

PostPosted: Thu Jun 27, 2019 19:33    Post subject: Reply with quote
My configuration is
Modem from my IPS with ip 192.168.2.1 and DMZ opened through 192.168.1.50
Router R7800 (the dd-wrt) with ip from wan 192.168.1.50 and dhcp enabled. Lan ip with 10.0.0.1

No firewall under the modem or on nas

Let me know if I can do any.

J
Chryses
DD-WRT User


Joined: 27 Jun 2018
Posts: 99

PostPosted: Thu Jun 27, 2019 19:39    Post subject: Reply with quote
I don't have dnsomatic.com so I don't have configured any username and password.

Maybe I've to put to egc's pbr script some other ip?

Actually I want only one Ip have to be under vpn so I used the egc's pbr script to do that, plus the kill-switch you see.
All the other lan's ip, except for the nas, is not under vpn

On the R7800 is also present a openvpn server over 10.8.0.1
Chryses
DD-WRT User


Joined: 27 Jun 2018
Posts: 99

PostPosted: Thu Jun 27, 2019 20:49    Post subject: Reply with quote
There's here some that can help to understand?
Code:
root@DD-WRT:~# iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
   18  1265 ACCEPT     0    --  tun1   any     anywhere             anywhere
4663K 4114M ACCEPT     0    --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED
    0     0 ACCEPT     udp  --  eth0   any     anywhere             anywhere            udp spt:bootps dpt:bootpc
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere            udp dpt:openvpn
    0     0 ACCEPT     0    --  tun2   any     anywhere             anywhere
    0     0 logdrop    udp  --  eth0   any     anywhere             anywhere            udp dpt:route
    0     0 logdrop    udp  --  br0    any     anywhere             anywhere            udp dpt:route
    0     0 ACCEPT     udp  --  any    any     anywhere             anywhere            udp dpt:route
    0     0 logdrop    icmp --  eth0   any     anywhere             anywhere
    0     0 logdrop    igmp --  any    any     anywhere             anywhere
   62  4000 ACCEPT     0    --  lo     any     anywhere             anywhere            state NEW
18599 3993K ACCEPT     0    --  br0    any     anywhere             anywhere            state NEW
 1885  182K logdrop    0    --  any    any     anywhere             anywhere

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     tcp  --  tun1   any     anywhere             10.0.0.100          tcp dpt:54321
3512K 2742M ACCEPT     udp  --  tun1   any     anywhere             10.0.0.100          udp dpt:54321
1854K  260M ACCEPT     0    --  any    tun1    anywhere             anywhere
1133K  995M ACCEPT     0    --  tun1   any     anywhere             anywhere
 1028  112K REJECT     0    --  any    eth0    10.0.0.100           anywhere            state NEW reject-with icmp-port-unreachable
6106K 7689M ACCEPT     0    --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED
    0     0 ACCEPT     gre  --  any    eth0    10.0.0.0/24          anywhere
    0     0 ACCEPT     tcp  --  any    eth0    10.0.0.0/24          anywhere            tcp dpt:1723
    0     0 ACCEPT     0    --  tun2   any     anywhere             anywhere
    0     0 ACCEPT     0    --  any    tun2    anywhere             anywhere
27825 6691K lan2wan    0    --  any    any     anywhere             anywhere
19477 4991K ACCEPT     0    --  br0    br0     anywhere             anywhere
    0     0 TRIGGER    0    --  eth0   br0     anywhere             anywhere            TRIGGER type:in match:0 relate:0
 8348 1699K trigger_out  0    --  br0    any     anywhere             anywhere
    0     0 TRIGGER    0    --  eth0   eth1    anywhere             anywhere            TRIGGER type:in match:0 relate:0
    0     0 trigger_out  0    --  eth1   any     anywhere             anywhere
    0     0 ACCEPT     0    --  eth1   any     anywhere             anywhere            state NEW
    0     0 TRIGGER    0    --  eth0   ath0    anywhere             anywhere            TRIGGER type:in match:0 relate:0
    0     0 trigger_out  0    --  ath0   any     anywhere             anywhere
    0     0 ACCEPT     0    --  ath0   any     anywhere             anywhere            state NEW
    0     0 TRIGGER    0    --  eth0   ath1    anywhere             anywhere            TRIGGER type:in match:0 relate:0
    0     0 trigger_out  0    --  ath1   any     anywhere             anywhere
    0     0 ACCEPT     0    --  ath1   any     anywhere             anywhere            state NEW
 7944 1679K ACCEPT     0    --  br0    any     anywhere             anywhere            state NEW
  404 20282 logdrop    0    --  any    any     anywhere             anywhere

Chain OUTPUT (policy ACCEPT 1945K packets, 420M bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain advgrp_1 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain advgrp_10 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain advgrp_11 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain advgrp_12 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain advgrp_13 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain advgrp_14 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain advgrp_15 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain advgrp_16 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain advgrp_17 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain advgrp_18 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain advgrp_19 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain advgrp_2 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain advgrp_20 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain advgrp_3 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain advgrp_4 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain advgrp_5 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain advgrp_6 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain advgrp_7 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain advgrp_8 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain advgrp_9 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain grp_1 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain grp_10 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain grp_11 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain grp_12 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain grp_13 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain grp_14 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain grp_15 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain grp_16 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain grp_17 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain grp_18 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain grp_19 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain grp_2 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain grp_20 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain grp_3 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain grp_4 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain grp_5 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain grp_6 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain grp_7 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain grp_8 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain grp_9 (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain lan2wan (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain logaccept (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     0    --  any    any     anywhere             anywhere

Chain logdrop (6 references)
 pkts bytes target     prot opt in     out     source               destination
  960 58104 LOG        0    --  any    any     anywhere             anywhere            state INVALID LOG level warning tcp-sequence tcp-options ip-options prefix `DROP '
 2289  202K DROP       0    --  any    any     anywhere             anywhere

Chain logreject (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 REJECT     tcp  --  any    any     anywhere             anywhere            reject-with tcp-reset

Chain trigger_out (4 references)
 pkts bytes target     prot opt in     out     source               destination

The egc's script is this one https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318662 and the rule I added is only this one
Code:
add_rule from 10.0.0.100/32 # NAS


What do you mean when you say
Quote:
When you use the defaults for the local port forward (no --ip argument, no --port argument), can you access the router's GUI? If so, that means at least the port forward works, in general.

Do you mean to edit the ddwrt-pia-port-forward.startup and modify this
/jffs/etc/config/ddwrt-pia-port-forward.sh --ip 10.0.0.100 --port 54321 --debug
with this
/jffs/etc/config/ddwrt-pia-port-forward.sh --debug
?

Sorry if I don't know much about iptables and routin.

J
Chryses
DD-WRT User


Joined: 27 Jun 2018
Posts: 99

PostPosted: Thu Jun 27, 2019 21:51    Post subject: Reply with quote
Ok, I'll make it in conjunction!

So now I change the .startup and I reboot the router, then I'll post the new log with PREROUTING and FORWARD

Two questions:
1. I've to set the port inside the .sh? INTERNAL_PORT="80" -> This one must be changed into 54321?

2. Why I see
tcp dpt:45993 to:10.0.0.100:54321
and not
tcp PIASERVERIP:45993 to:10.0.0.100:54321
? I only ask.

J
Chryses
DD-WRT User


Joined: 27 Jun 2018
Posts: 99

PostPosted: Thu Jun 27, 2019 22:20    Post subject: Reply with quote
Changed the .startup with no argument's
Code:
After a start this's the logs:
Jan  1 01:00:51 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + OVPN_PID=/tmp/var/run/openvpncl.pid
Jan  1 01:00:51 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + PFS_IP=209.222.18.222
Jan  1 01:00:51 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + PFS_PORT=2000
Jan  1 01:00:51 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + IP_CHECK_URL=http://ipinfo.io/ip
Jan  1 01:00:51 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + IP_CHECK_NET=216.239.0.0/16
Jan  1 01:00:51 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + which curl
Jan  1 01:00:51 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + GET_URL='curl -sLk'
Jan  1 01:00:51 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + SLEEP=10
Jan  1 01:00:51 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + pidof syslogd
Jan  1 01:00:51 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + :
Jan  1 01:00:51 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + cat /tmp/var/run/openvpncl.pid
Jan  1 01:00:51 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + '[' 973 '=='  ]
Jan  1 01:00:51 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + cat /tmp/var/run/openvpncl.pid
Jan  1 01:00:51 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + curr_pid=973
Jan  1 01:00:51 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + :
Jan  1 01:00:51 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + sed '1!G;h;$!d' /var/log/messages
Jan  1 01:00:51 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + grep -qi '\[973\].*[i]nitialization sequence completed'
Jan  1 01:00:51 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + ps
Jan  1 01:00:51 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + grep '^[ ]*973 '
Jan  1 01:00:51 DD-WRT user.debug ddwrt-pia-port-forward.[1404]:   973 root      3576 S    openvpn --config /tmp/openvpncl/openvpn.conf --route
Jan  1 01:00:51 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + sleep 10
Jun 27 23:59:29 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + :
Jun 27 23:59:29 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + grep -qi '\[973\].*[i]nitialization sequence completed'
Jun 27 23:59:29 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + sed '1!G;h;$!d' /var/log/messages
Jun 27 23:59:29 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + grep '^[ ]*973 '
Jun 27 23:59:29 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + ps
Jun 27 23:59:29 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + continue 2
Jun 27 23:59:29 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + :
Jun 27 23:59:29 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + cat /tmp/var/run/openvpncl.pid
Jun 27 23:59:29 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + '[' 1864 '==' 973 ]
Jun 27 23:59:29 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + cat /tmp/var/run/openvpncl.pid
Jun 27 23:59:29 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + curr_pid=1864
Jun 27 23:59:29 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + :
Jun 27 23:59:29 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + grep -qi '\[1864\].*[i]nitialization sequence completed'
Jun 27 23:59:29 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + sed '1!G;h;$!d' /var/log/messages
Jun 27 23:59:29 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + ps
Jun 27 23:59:29 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + grep '^[ ]*1864 '
Jun 27 23:59:29 DD-WRT user.debug ddwrt-pia-port-forward.[1404]:  1864 root      3700 S    openvpn --config /tmp/openvpncl/openvpn.conf --route
Jun 27 23:59:29 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + sleep 10
Jun 27 23:59:39 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + :
Jun 27 23:59:39 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + sed '1!G;h;$!d' /var/log/messages
Jun 27 23:59:39 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + grep -qi '\[1864\].*[i]nitialization sequence completed'
Jun 27 23:59:39 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + break 2
Jun 27 23:59:39 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + grep 209.222.18.222
Jun 27 23:59:39 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + ip route
Jun 27 23:59:39 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + ip route add 209.222.18.222 dev tun1
Jun 27 23:59:39 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + ping -qc1 -w3 209.222.18.222
Jun 27 23:59:39 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + ip route add 216.239.0.0/16 dev tun1
Jun 27 23:59:39 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + ip route flush cache
Jun 27 23:59:39 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + curl -sLk http://ipinfo.io/ip
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + vpn_public_ip=82.102.24.169
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + '[' 82.102.24.169 ]
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + ip route del 216.239.0.0/16 dev tun1
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + ip route flush cache
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + configure_port_forward
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + _get_external_port
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + nvram get openvpncl_pia_client_id
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + local 'client_id=adee22d98cc8d9371fe2e3e2133371b4f5da982fccbc66a0c76c56584849d120'
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + '[' '!' adee22d98cc8d9371fe2e3e2133371b4f5da982fccbc66a0c76c56584849d120 ]
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + date '+%s'
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + local 'start_time=1561672780'
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + :
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + curl -sLk 'http://209.222.18.222:2000/?client_id=adee22d98cc8d9371fe2e3e2133371b4f5da982fccbc66a0c76c56584849d120'
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + local 'json={"port":45993}'
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + '[' '{"port":45993}' ]
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + echo '{"port":45993}'
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + grep -o '[0-9]*'
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + return
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + local 'ext_port=45993'
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + '[' '!' 45993 ]
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + echo 'info: PIA external port has been established: 45993'
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: info: PIA external port has been established: 45993
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + _ipt -t nat -I PREROUTING -i tun1 -p udp --dport 45993 -j DNAT --to 10.0.0.1:80
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + iptables -t nat -D
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + iptables -t nat -I PREROUTING -i tun1 -p udp --dport 45993 -j DNAT --to 10.0.0.1:80
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + _ipt -I FORWARD -i tun1 -p udp -d 10.0.0.1 --dport 80 -j ACCEPT
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + iptables -D
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + iptables -I FORWARD -i tun1 -p udp -d 10.0.0.1 --dport 80 -j ACCEPT
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + _ipt -t nat -I PREROUTING -i tun1 -p tcp --dport 45993 -j DNAT --to 10.0.0.1:80
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + iptables -t nat -D
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + iptables -t nat -I PREROUTING -i tun1 -p tcp --dport 45993 -j DNAT --to 10.0.0.1:80
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + _ipt -I FORWARD -i tun1 -p tcp -d 10.0.0.1 --dport 80 -j ACCEPT
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + iptables -D
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + iptables -I FORWARD -i tun1 -p tcp -d 10.0.0.1 --dport 80 -j ACCEPT
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + publish_to_webserver 82.102.24.169 45993
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + local 'PIA_DIR=/www/user/pia/'
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + local 'PIA_PAGE=/www/user/pia//ext_port_forward.html'
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + '[' -d /www/user/pia/ ]
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + mkdir -p /www/user/pia/
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + cat
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + date
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + echo 'Thu Jun 27 23:59:40 CEST 2019: PIA external port forward: 82.102.24.169 : 45993'
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + echo 'info: PIA external port forward published'
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: info: PIA external port forward published
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + return 0
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + '[[' -a -a 82.102.24.169 ]]
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + update_ddns
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + local 'ddns_uri=@updates.dnsomatic.com/nic/update?myip=82.102.24.169&hostname='
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + local 'ddns_url_443=https://:@updates.dnsomatic.com/nic/update?myip=82.102.24.169&hostname='
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + local 'ddns_url_80=http://:@updates.dnsomatic.com/nic/update?myip=82.102.24.169&hostname='
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + local host
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + '[' all.dnsomatic.com ]
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + curl -sLk 'https://:@updates.dnsomatic.com/nic/update?myip=82.102.24.169&hostname=all.dnsomatic.com'
Jun 27 23:59:40 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + grep -iq good
Jun 27 23:59:41 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + curl -sLk 'http://:@updates.dnsomatic.com/nic/update?myip=82.102.24.169&hostname=all.dnsomatic.com'
Jun 27 23:59:41 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + grep -iq good
Jun 27 23:59:42 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + echo 'warning: ddns update failed: all.dnsomatic.com'
Jun 27 23:59:42 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: warning: ddns update failed: all.dnsomatic.com
Jun 27 23:59:42 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + '[' ]
Jun 27 23:59:42 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + :
Jun 27 23:59:42 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + cat /tmp/var/run/openvpncl.pid
Jun 27 23:59:42 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + '[' 1864 '==' 1864 ]
Jun 27 23:59:42 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + sleep 20
Jun 28 00:00:02 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + cat /tmp/var/run/openvpncl.pid
Jun 28 00:00:02 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + '[' 1864 '==' 1864 ]
Jun 28 00:00:02 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + sleep 20
Jun 28 00:00:22 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + cat /tmp/var/run/openvpncl.pid
Jun 28 00:00:22 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + '[' 1864 '==' 1864 ]
Jun 28 00:00:22 DD-WRT user.debug ddwrt-pia-port-forward.[1404]: + sleep 20


Code:
Chain PREROUTING (policy ACCEPT 2681 packets, 250K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DNAT       tcp  --  tun1   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:45993 to:10.0.0.1:80
    0     0 DNAT       udp  --  tun1   *       0.0.0.0/0            0.0.0.0/0           udp dpt:45993 to:10.0.0.1:80
    0     0 DNAT       icmp --  *      *       0.0.0.0/0            192.168.1.50        to:10.0.0.1
  132 15766 TRIGGER    0    --  *      *       0.0.0.0/0            192.168.1.50        TRIGGER type:dnat match:0 relate:0


Code:
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  tun1   *       0.0.0.0/0            10.0.0.1            tcp dpt:80
    0     0 ACCEPT     udp  --  tun1   *       0.0.0.0/0            10.0.0.1            udp dpt:80
 2337  239K ACCEPT     0    --  *      tun1    0.0.0.0/0            0.0.0.0/0           
 1825  357K ACCEPT     0    --  tun1   *       0.0.0.0/0            0.0.0.0/0           
 1404  108K REJECT     0    --  *      eth0    10.0.0.100           0.0.0.0/0           state NEW reject-with icmp-port-unreachable
49394  115M ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 ACCEPT     47   --  *      eth0    10.0.0.0/24          0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      eth0    10.0.0.0/24          0.0.0.0/0           tcp dpt:1723
    0     0 ACCEPT     0    --  tun2   *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  *      tun2    0.0.0.0/0            0.0.0.0/0           
 1468  299K lan2wan    0    --  *      *       0.0.0.0/0            0.0.0.0/0           
 1099  206K ACCEPT     0    --  br0    br0     0.0.0.0/0            0.0.0.0/0           
    0     0 TRIGGER    0    --  eth0   br0     0.0.0.0/0            0.0.0.0/0           TRIGGER type:in match:0 relate:0
  369 92678 trigger_out  0    --  br0    *       0.0.0.0/0            0.0.0.0/0           
    0     0 TRIGGER    0    --  eth0   eth1    0.0.0.0/0            0.0.0.0/0           TRIGGER type:in match:0 relate:0
    0     0 trigger_out  0    --  eth1   *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  eth1   *       0.0.0.0/0            0.0.0.0/0           state NEW
    0     0 TRIGGER    0    --  eth0   ath0    0.0.0.0/0            0.0.0.0/0           TRIGGER type:in match:0 relate:0


Then I changed the port inside transmission from 54321 to 80, here the new logs
Code:
Chain PREROUTING (policy ACCEPT 6147 packets, 522K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DNAT       tcp  --  tun1   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:45993 to:10.0.0.1:80
    0     0 DNAT       udp  --  tun1   *       0.0.0.0/0            0.0.0.0/0           udp dpt:45993 to:10.0.0.1:80
    0     0 DNAT       icmp --  *      *       0.0.0.0/0            192.168.1.50        to:10.0.0.1
  329 31374 TRIGGER    0    --  *      *       0.0.0.0/0            192.168.1.50        TRIGGER type:dnat match:0 relate:0


Code:
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  tun1   *       0.0.0.0/0            10.0.0.1            tcp dpt:80
    0     0 ACCEPT     udp  --  tun1   *       0.0.0.0/0            10.0.0.1            udp dpt:80
33273 2727K ACCEPT     0    --  *      tun1    0.0.0.0/0            0.0.0.0/0           
45519   44M ACCEPT     0    --  tun1   *       0.0.0.0/0            0.0.0.0/0           
 1404  108K REJECT     0    --  *      eth0    10.0.0.100           0.0.0.0/0           state NEW reject-with icmp-port-unreachable
 284K  487M ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 ACCEPT     47   --  *      eth0    10.0.0.0/24          0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      eth0    10.0.0.0/24          0.0.0.0/0           tcp dpt:1723
    0     0 ACCEPT     0    --  tun2   *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  *      tun2    0.0.0.0/0            0.0.0.0/0           
 2915  617K lan2wan    0    --  *      *       0.0.0.0/0            0.0.0.0/0           
 2141  452K ACCEPT     0    --  br0    br0     0.0.0.0/0            0.0.0.0/0           
    0     0 TRIGGER    0    --  eth0   br0     0.0.0.0/0            0.0.0.0/0           TRIGGER type:in match:0 relate:0
  774  165K trigger_out  0    --  br0    *       0.0.0.0/0            0.0.0.0/0           
    0     0 TRIGGER    0    --  eth0   eth1    0.0.0.0/0            0.0.0.0/0           TRIGGER type:in match:0 relate:0
    0     0 trigger_out  0    --  eth1   *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     0    --  eth1   *       0.0.0.0/0            0.0.0.0/0           state NEW
    0     0 TRIGGER    0    --  eth0   ath0    0.0.0.0/0            0.0.0.0/0           TRIGGER type:in match:0 relate:0


Seem the same.

Is normal that I don't see any port forward from the guy of dd-wrt?
Goto page Previous  1, 2, 3, 4, 5, 6  Next Display posts from previous:    Page 2 of 6
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum