[SLUG] Port forwarding weirdities

Tue, 27 Oct 2009 23:48:10 -0700 

G'day SLUG,

Okay, so, I have a Linksys WRT54G running OpenWrt, serving as the
Internet router for our home. You know the drill — NAT, PPPoE, whatever.

Router's LAN IP address is 192.168.0.1. Several port forwards are in
place (y'know — SSH, HTTP, SMTP, IMAP, and whatnot) that are already
working beautifully.

I'm also wanting to forward TCP port 1240 on the WAN side to port 80 on
my box, 192.168.0.23, for running a test web server. (Oh, if only I
could give non-technical people a link to my IPv6 address instead.)

So here's the OpenWrt config I use to do this. Should look sane, even if
you've not used OpenWrt before:

config 'redirect'                      
        option 'src' 'wan'  
        option 'proto' 'tcp'
        option 'src_dport' '1240'
        option 'dest_ip' '192.168.0.23'
        option 'dest_port' '80'  

And when you run `/etc/init.d/firewall restart`, it generates the
following iptables rule as a result:

r...@openwrt:~# iptables -t nat -L | grep 1240
DNAT  tcp  --  anywhere  anywhere  tcp dpt:1240 to:192.168.0.23:80

Which all worked fine for a week or two. But then for some mysterious
reason, when I try and access port 1240 from the WAN side, it started to
send traffic to port 95 on my LAN side! (Despite iptables still
reporting port 80.)

I rebooted the router (to no avail), reset the firewall configs, ran
tcpdump, wireshark, and whatnot, and the mangling of the port is
definitely something that was happening on the router. (tcpdump showed
me packets exiting the LAN side bound for port 95; no pun intended.)

So as a quick workaround, I made Apache on my box listen on port 95 as
well as port 80, which 'fixed' it. No biggie.

Except now it's trying to access port 82 on my box when I hit 1240 on
the WAN site. I have not changed any configuration on the router, and if
I type `uptime` I can tell it hasn't even rebooted since it was last
going to port 95.

This is so totally weird, and driving me absolutely insane. All other
port forwards work perfectly. Oh, somebody shut down the IPv4 Internet
already!

Signed,
Thief of the last 60 seconds of your time.

Attachment: signature.asc
Description: This is a digitally signed message part

-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Reply via email to