How do I redirect the port on a Lan to Lan connection?

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Goto page 1, 2  Next
Author Message
mikeloeven
DD-WRT Novice


Joined: 04 Sep 2016
Posts: 7

PostPosted: Fri Aug 09, 2019 15:57    Post subject: How do I redirect the port on a Lan to Lan connection? Reply with quote
I am not all that familiar with advanced router config however I have a android file sharing server that uses SMB but cannot listen on 445. I need to somehow have the router direct all traffic on both lan and wan interfaces going to 192.168.1.200:445 to 192.168.1.200:2005.

I cannot find a obvious interface in the GUI that would allow me to accomplish this

I did find this post here but I am not entirely sure I understand the commands used or what is going on

https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1073533
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 4334
Location: Netherlands

PostPosted: Fri Aug 09, 2019 16:54    Post subject: Reply with quote
I do not know exactly what you are trying to accomplish but maybe NAT loopback can do the trick.
_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
mikeloeven
DD-WRT Novice


Joined: 04 Sep 2016
Posts: 7

PostPosted: Fri Aug 09, 2019 17:18    Post subject: Reply with quote
egc wrote:
I do not know exactly what you are trying to accomplish but maybe NAT loopback can do the trick.


Nah its not a loop back thing its a windows cant be told to connect to smb on anything other than port 445 so essentially ANY AND ALL traffic GOING TO 192.168.1.200 destined for port 445 needs to be redirected to port 2005 which is where the server is actually listening
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 2599
Location: Texas, USA

PostPosted: Fri Aug 09, 2019 18:10    Post subject: Reply with quote
Why not just reconfigure the SMB server to use the correct ports and block access to it from the WAN in your firewall?
portsup
DD-WRT User


Joined: 20 Oct 2018
Posts: 60

PostPosted: Fri Aug 09, 2019 19:48    Post subject: Reply with quote
iptables -t nat -I PREROUTING -p tcp -d 192.168.1.200 --dport 445 -j DNAT --to 192.168.1.200:2005

or


iptables -t nat -I PREROUTING -p tcp -d 192.168.1.200 --dport 445 -j REDIRECT --to-ports 2005


Last edited by portsup on Sat Aug 10, 2019 12:37; edited 1 time in total
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 5215
Location: Akershus, Norway

PostPosted: Fri Aug 09, 2019 20:10    Post subject: Reply with quote
In order to do NAT, the source and destination sub-net cannot be the same.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 2599
Location: Texas, USA

PostPosted: Fri Aug 09, 2019 20:34    Post subject: Reply with quote
Per Yngve Berg wrote:
In order to do NAT, the source and destination sub-net cannot be the same.


Except maybe for redirecting one port to another.

https://www.cyberciti.biz/faq/linux-port-redirection-with-iptables/
mikeloeven
DD-WRT Novice


Joined: 04 Sep 2016
Posts: 7

PostPosted: Sat Aug 10, 2019 0:23    Post subject: Reply with quote
kernel-panic69 wrote:
Why not just reconfigure the SMB server to use the correct ports and block access to it from the WAN in your firewall?


Blame it on Google for being stupid with Android permissions and then not allowing root access on Android devices. Android cannot listen on Port 445 without being rooted.

This whole thing is nothing more than my attempt to be able to access files on my device faster without having to deal with the god-awful MTP crap
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 2599
Location: Texas, USA

PostPosted: Sat Aug 10, 2019 0:37    Post subject: Reply with quote
With which SMB server app? .... EDIT: nvm, I see the issue. What a bunch of crap.
portsup
DD-WRT User


Joined: 20 Oct 2018
Posts: 60

PostPosted: Sat Aug 10, 2019 4:18    Post subject: Reply with quote
You can definitely redirect on the same subnet.
[url]
https://stackoverflow.com/questions/26488984/iptables-forward-port-from-one-host-to-another-inside-same-bridged-network[/url]

You might need the snat part although iptables is meant to do that part automatically. Here is the example from link


Code:
iptables -t nat -A PREROUTING -d 192.168.1.2 -p tcp --dport 2222 -j DNAT --to 192.168.1.3:22
iptables -t nat -A POSTROUTING -d 192.168.1.3 -p tcp --dport 22 -j SNAT --to-source 192.168.1.2
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 4334
Location: Netherlands

PostPosted: Sat Aug 10, 2019 6:44    Post subject: Reply with quote
In the same subnet routing is done in layer 2 so no ip routing is possible as packets do not cross the firewall.

So you must have packets crossing the firewall i.e. packets must go out on the WAN and come in again in that way they cross the firewall and you can do IP routing.

But wait what I just described is NAT loopback (see my first post) see https://en.m.wikipedia.org/wiki/Hairpinning

So everybody is right Smile

But now the possible bad news: I am not sure if the DDWRT implementation of NAT loopback supports this kind of trickery

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
portsup
DD-WRT User


Joined: 20 Oct 2018
Posts: 60

PostPosted: Sat Aug 10, 2019 8:31    Post subject: Reply with quote
How does nat work on vpn then? Packet goes to wan device then tunnel? Surely it's the other way round? Tunnel then the tunnel goes over wan.
mikeloeven
DD-WRT Novice


Joined: 04 Sep 2016
Posts: 7

PostPosted: Sat Aug 10, 2019 8:58    Post subject: Reply with quote
Thanks for posting those code samples but could you explain a bit on what those commands are actually doing and how to manage those lists in case I need to undo it at a later point in time. and can you give me the networking for dummies version Razz I am a bit out of my depth here
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 5215
Location: Akershus, Norway

PostPosted: Sat Aug 10, 2019 9:02    Post subject: Reply with quote
It does not have to be the WAN port. You can NAT between two LAN interfaces (two interfaces on the router, not two ports on the switch). You can move one of the devices to a 3. sub-net i.e 192.168.2.x
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 2599
Location: Texas, USA

PostPosted: Sat Aug 10, 2019 9:13    Post subject: Reply with quote
Per Yngve Berg wrote:
It does not have to be the WAN port. You can NAT between two LAN interfaces (two interfaces on the router, not two ports on the switch). You can move one of the devices to a 3. sub-net i.e 192.168.2.x


I guess even Debian is stupid: https://wiki.debian.org/Firewalls-local-port-redirection

The OP is trying to redirect a tcp or udp port from one to another on the same IP address. The redirect target is used for this, in the nat table. The only limiting factor is if DD-WRT kernels support this or not.
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum