Port forwarding from Guest network

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
lenovomen
DD-WRT Novice


Joined: 29 Jul 2022
Posts: 30

PostPosted: Fri Jul 29, 2022 15:45    Post subject: Port forwarding from Guest network Reply with quote
Hello,

I created two separated networks 192.168.1.1 (Not Guest) and 192.168.2.1 (Guest network). I have connected a device to the guest network with the IP address is: 192.168.2.205

How can I redirect/forwarding this ip address to the non-guest network
(192.168.2.205:8080 ---> 192.168.1.105:8080)
only the port 8080.
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Fri Jul 29, 2022 16:06    Post subject: Reply with quote
When you post we can give better support if you state router model and build number

See the forum guidelines with helpful pointers about how to research your router, where and what firmware to download, where and how to post and many other helpful tips:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

By default DDWRT does not isolate guest network(s) from the main network.

Do you have Net isolation turned on and want to make an exception for 192.168.2.205:8080 ---> 192.168.1.105:8080 ?

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
lenovomen
DD-WRT Novice


Joined: 29 Jul 2022
Posts: 30

PostPosted: Fri Jul 29, 2022 23:46    Post subject: Reply with quote
Yes. I want the two networks to be completely isolated from each other. It's fine if it's not a guest network, as long as it's isolated. I would like to redirect a device (for example camera) to the other network, but only the 8080 web port.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sat Jul 30, 2022 10:28    Post subject: Reply with quote
See the rules from @eibgrad:

https://pastebin.com/r4u62P0B

In your case you need something like
Code:
iptables -I FORWARD -i $GUEST_IF -s 192.168.2.105 -o br0 -p tcp -d 192.168.1.105 --dport 8080 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i $GUEST_IF -s 192.168.2.105 -o br0 -p udp -d 192.168.1.105 --dport 8080 -m state --state NEW -j ACCEPT


When net isolation is turned on the guest network 192.168.2.105 should be able to reach 192.168.1.105

For $GUEST_IF substitute your own guest interface

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
lenovomen
DD-WRT Novice


Joined: 29 Jul 2022
Posts: 30

PostPosted: Sat Jul 30, 2022 13:05    Post subject: Reply with quote
iptables -I FORWARD -i $wlan0.1 -s 192.168.2.105 -o br0 -p tcp -d 192.168.1.105 --dport 8080 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i $wlan0.1 -s 192.168.2.105 -o br0 -p udp -d 192.168.1.105 --dport 8080 -m state --state NEW -j ACCEPT

I changed the GUEST_IF interface label and ran the command. It did not redirect the connection from network 2 to network 1

No error was reported, I don't know what the problem is.
lenovomen
DD-WRT Novice


Joined: 29 Jul 2022
Posts: 30

PostPosted: Sat Jul 30, 2022 13:15    Post subject: Reply with quote
I messed up, sorry. It's not port 8080, it's just a simple web access to the device, port 80. But for some reason it doesn't work either.

iptables -I FORWARD -i $wlan0.1 -s 192.168.2.105 -o br0 -p tcp -d 192.168.1.105 --dport 80 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i $wlan0.1 -s 192.168.2.105 -o br0 -p udp -d 192.168.1.105 --dport 80 -m state --state NEW -j ACCEPT
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sat Jul 30, 2022 13:22    Post subject: Reply with quote
lenovomen wrote:
I messed up, sorry. It's not port 8080, it's just a simple web access to the device, port 80. But for some reason it doesn't work either.

iptables -I FORWARD -i $wlan0.1 -s 192.168.2.105 -o br0 -p tcp -d 192.168.1.105 --dport 80 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i $wlan0.1 -s 192.168.2.105 -o br0 -p udp -d 192.168.1.105 --dport 80 -m state --state NEW -j ACCEPT


You have to remove the $ before wlan0.1

It is possible there is no return route so if the above does not work, post output of:
iptables -vnL FORWARD

But I have no time to look at it today but I am sure somebody else will chime in Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
lenovomen
DD-WRT Novice


Joined: 29 Jul 2022
Posts: 30

PostPosted: Sat Jul 30, 2022 13:39    Post subject: Reply with quote
Okay, let's start by asking if I did the separated network right. According to this, I did it as described:

https://blog.flashrouters.com/2021/11/05/set-a-dd-wrt-guest-network-flashrouters-faq/
lenovomen
DD-WRT Novice


Joined: 29 Jul 2022
Posts: 30

PostPosted: Sat Jul 30, 2022 14:36    Post subject: Reply with quote
How can I configure the two networks not to see each other's devices at all?
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sat Jul 30, 2022 16:08    Post subject: Reply with quote
For Flashrouters support ask at Flashrouters.

Setting up a VAP for Guest network is simple, isolation is even more simple just Enable Net isolation Smile

Attached my personal notes how I do it.

When Net isolation is enable the communication between br0 and guest network is blocked (if you have more VAP's or bridged you have to manually block between the VAP's/bridges), if you want specific communication you have to unblock it for that specific address/port that is what my earlier rules are trying to achieve Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum