Posted: Sat Mar 26, 2011 9:12 Post subject: port redirection help !!
I have a TP-link WR941ND running 16214 build. I have a asterisk server running behind dd-wrt.So clients from the internet register to server via udp 5060 port. But for some clients udp 5060 is blocked so i want to redirect a specific subnet from a random udp port say 1600 to udp 5060 so that the request they made using their open udp port (1600) ultimately seen coming from udp 5060 by asterisk thus allowing them to register.
I have already read the wiki but found no clue about redirection of ports from wan. Any ideas ?
Use port forwarding, it's on the wiki. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
192.168.1.5 is the local ip of my voice box
here from the client's subnet 113.231.122.0/24 the user requests to connect to my voip box 192.168.1.5 using port udp 1600 which is open for them. Router then redirect the udp 1600 traffic to udp 5060. Is that correct ? I guess i also have to add a rule for the outgoing packet too ? Also normal clients connect to my server by mentioning domain name which is the wan ip of my router. Do the specific user should use 192.168.1.5 as their register server or my wan ip ?
REDIRECT sends the traffic to the router itself. All you need to do is use the port forwarding options in the GUI. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
tried with source net 113.231.122.0 from udp 1600 to 5060 ip address 192.168.1.5 but not working. It needs two rule to accomplish this process i guess. Because the incoming packet comes to udp redirected to 5060 udp to asterisk but the asterisk sends reply to udp 5060 that should also be redirected to udp 1600 for the specific subnet. How to to that ? I guess some firewall script lines will be helpful.
Last edited by hellbound1988 on Tue Mar 29, 2011 17:07; edited 1 time in total
You need to include the subnet mask in the source net field, but the GUI is currently bugged to only allow 15 characters for an IP instead of 18 for inclusion of a CIDR netmask. With smaller IP's it can still be done but you're one character too short.
You don't need to do any reverse mapping, the kernel handles it.
This set of rules is what port forwarding would do:
iptables -t nat -I PREROUTING -s 113.231.122.0/24 -d `nvram get wan_ipaddr` -p udp --dport 1600 -j DNAT --to 192.168.1.5:5060
iptables -I FORWARD -d 192.168.1.5 -p udp --dport 5060 -j ACCEPT _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
thanks for the command. I have put that command as a firewall script but its not working. How can i effectively check whether my port redirection is actually working (for myself). As i have a TP-link WR941ND i dont have ip based bandwidth management so i have a pretty long firewall script already installed & working fine.
Wiki: port forwarding trubleshooting _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)