Hi, > Okay, so, I have a Linksys WRT54G running OpenWrt, serving as the > Internet router for our home. You know the drill — NAT, PPPoE, whatever. > > Router's LAN IP address is 192.168.0.1. Several port forwards are in > place (y'know — SSH, HTTP, SMTP, IMAP, and whatnot) that are already > working beautifully. > > I'm also wanting to forward TCP port 1240 on the WAN side to port 80 on > my box, 192.168.0.23, for running a test web server. (Oh, if only I > could give non-technical people a link to my IPv6 address instead.)
Heh.. :) > So here's the OpenWrt config I use to do this. Should look sane, even if > you've not used OpenWrt before: > > config 'redirect' > option 'src' 'wan' > option 'proto' 'tcp' > option 'src_dport' '1240' > option 'dest_ip' '192.168.0.23' > option 'dest_port' '80' > > And when you run `/etc/init.d/firewall restart`, it generates the > following iptables rule as a result: > > r...@openwrt:~# iptables -t nat -L | grep 1240 > DNAT tcp -- anywhere anywhere tcp dpt:1240 to:192.168.0.23:80 What about just dumping NAT table i.e., without the grep magic foo? NAT'ing 1240<->80 is fine but then as Dr. Peter Chubb mentions, 80<->(could_be_any_arbritrary_port_here) which you are obviously not listing it here. Right? > Which all worked fine for a week or two. But then for some mysterious > reason, when I try and access port 1240 from the WAN side, it started to > send traffic to port 95 on my LAN side! (Despite iptables still > reporting port 80.) > > I rebooted the router (to no avail), reset the firewall configs, ran > tcpdump, wireshark, and whatnot, and the mangling of the port is > definitely something that was happening on the router. (tcpdump showed > me packets exiting the LAN side bound for port 95; no pun intended.) > > So as a quick workaround, I made Apache on my box listen on port 95 as > well as port 80, which 'fixed' it. No biggie. > > Except now it's trying to access port 82 on my box when I hit 1240 on > the WAN site. I have not changed any configuration on the router, and if > I type `uptime` I can tell it hasn't even rebooted since it was last > going to port 95. > > This is so totally weird, and driving me absolutely insane. All other > port forwards work perfectly. Oh, somebody shut down the IPv4 Internet > already! One of my mate said he had the same issue (he fixed it but I don't know how he did it, I told him to type a little bit more using his fingers and choose lesser automagic foo configs in his wrt :-) I think it could be a bug in OpenWRT. What specific revision is it? Also, there's a ticket for it if you want to read https://dev.openwrt.org/ticket/2558 and it _seems_ that its related to nat specifically. Also, try newer revision as reported by one users success if you haven't (I do not have my wrtgl with me atm) :-) [...] -- Regards, Ishwor Gurung -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
