Help with issue for external port forwarding

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> General Questions
View previous topic :: View next topic  
Author Message
benbrockn
DD-WRT Novice


Joined: 19 May 2017
Posts: 11
PostPosted: Fri May 26, 2017 15:26    Post subject: Help with issue for external port forwarding Reply with quote
I have my setup like this:

System:
Linksys 1200AC
DD-WRT Build 30796





I have a windows box that I can connect using PuTTy, a Linux box using the "ssh user@IP -p ##" command, and also connectbot on android.

Note: I also made sure my LAN listening client (linux) has its sshd_config set to Port "BB" instead of Port 22

When I connect via internal LAN to my 192.x.x.x gateway on my router using the LAN IP & port "BB" of my listening client, I can SSH into my box just fine. When I try to connect via my WAN IP & port "AA" the router does not redirect, it errors out saying "No route to host" on any device that I use (wired windows/linux or wireless android)

I tried to troubleshoot by just making my Port Forwarding scheme from "BB" to "BB" but even that gives the same error.



I have iptables FORWARD rules set to DROP packets from certain ports, but none of those rules include these ports (AA & BB) that I am using.

I've also tried to experiment with the following settings on/off and none have worked either:

    Services->SSHd
    Security->Filter WAN NAT Redirection
    Security->Limit SSH Access


I'm out of ideas... Anyone have any experience with this?

Thanks
Back to top View user's profile Send private message
Sponsor
benbrockn
DD-WRT Novice


Joined: 19 May 2017
Posts: 11
PostPosted: Thu Jun 01, 2017 22:00    Post subject: Reply with quote
Can anyone help with this?
Back to top View user's profile Send private message
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6290
Location: Texas
PostPosted: Thu Jun 01, 2017 22:57    Post subject: Reply with quote
Just use 'Port Range Forwarding'
e.g. If client IP is 192.168.1.67 and has SSH open on port 54321

start = 54321 > end = 54321 > Protocol = TCP > IP Address = 192.168.1.67 > check Enable

of course you will have to hit it with that port -
ssh root@mydomainname.com -p 54321
ssh root@yourWAN IP -p 54321
Back to top View user's profile Send private message
benbrockn
DD-WRT Novice


Joined: 19 May 2017
Posts: 11
PostPosted: Thu Jun 01, 2017 23:04    Post subject: Reply with quote
mrjcd wrote:
Just use 'Port Range Forwarding'
e.g. If client IP is 192.168.1.67 and has SSH open on port 54321

start = 54321 > end = 54321 > Protocol = TCP > IP Address = 192.168.1.67 > check Enable

of course you will have to hit it with that port -
ssh root@mydomainname.com -p 54321
ssh root@yourWAN IP -p 54321


Thanks mrjcd, I'll try this out and see if that works.
Back to top View user's profile Send private message
benbrockn
DD-WRT Novice


Joined: 19 May 2017
Posts: 11
PostPosted: Fri Jun 02, 2017 0:45    Post subject: Reply with quote
mrjcd wrote:
Just use 'Port Range Forwarding'
e.g. If client IP is 192.168.1.67 and has SSH open on port 54321

start = 54321 > end = 54321 > Protocol = TCP > IP Address = 192.168.1.67 > check Enable

of course you will have to hit it with that port -
ssh root@mydomainname.com -p 54321
ssh root@yourWAN IP -p 54321


port range forwarding works less than regular port forwarding. Regular PF at least allows internal LAN forwarding, PRF does not erroring out with "connection refused".
Back to top View user's profile Send private message
benbrockn
DD-WRT Novice


Joined: 19 May 2017
Posts: 11
PostPosted: Fri Jun 02, 2017 0:54    Post subject: Reply with quote
Random internet guy on Youtube (here = https://www.youtube.com/watch?v=vGMKZWkFEmk) says to enter this command under Administration -> Commands -> Firewall to fix this issue. It was for an older build but others said that it works more recently to allow WAN to LAN port forwarding. Can anyone explain what this command does before I try it?

Code:
insmod ipt_mark
insmod xt_mark
iptables -t mangle -A PREROUTING -i ! `get_wanface` -d `nvram get wan_ipaddr` -j MARK --set-mark 0xd001
iptables -t nat -A POSTROUTING -m mark --mark 0xd001 -j MASQUERADE


EDIT: Random internet guy got it from official DD-WRT forums (here = http://www.dd-wrt.com/phpBB2/viewtopic.php?t=89353), but I still don't know exactly how it works...
Back to top View user's profile Send private message
benbrockn
DD-WRT Novice


Joined: 19 May 2017
Posts: 11
PostPosted: Fri Jun 02, 2017 2:36    Post subject: Reply with quote
I finally figured it out, and it's not that random guy's code, it's so dumb and simple...

I noticed earlier that the DD-WRT software does not like "all" or "both" commands when it comes to TCP & UDP ports.
You literally have to go into NAT/QoS -> Port Forwarding and do each port for TCP & UDP, NOT using the "both" selection. Just like this:

Code:
App_Name, "TCP", port#1, LAN_IP, same_port#1, "Enable"
App_Name, "UDP", port#1, LAN_IP, same_port#1, "Enable"

App_Name, "TCP", port#2, LAN_IP, same_port#2, "Enable"
App_Name, "UDP", port#2, LAN_IP, same_port#2, "Enable"


Hope this works for anyone else (and keeps working for me!)

- Ben
Back to top View user's profile Send private message
tarahenergy
DD-WRT Novice


Joined: 14 May 2016
Posts: 2
PostPosted: Wed Jun 14, 2017 15:52    Post subject: Reply with quote
  1. URL.
  2. URL
  3. URL
  4. URL
  5. URL
  6. URL
  7. URL
  8. URL
  9. URL
  10. URL
  11. URL
  12. URL
  13. URL
  14. URL
  15. URL
  16. URL
  17. URL
  18. URL
  19. URL
  20. URL
  21. URL
  22. URL
  23. URL
  24. URL
  25. URL
  26. URL
  27. URL
  28. URL
  29. URL
  30. URL
  31. URL
  32. URL
  33. URL
  34. URL
  35. URL - not working
  36. URL - not working
  37. URL - not working
  38. URL - not working
  39. URL - not working
  40. URL - not working
  41. URL - not working
  42. URL - not working
  43. URL - not working
  44. URL - not working
  45. URL - not working
  46. URL - not working
  47. URL - not working
  48. URL - not working
  49. URL - not working
  50. URL - not working
  51. URL - not working
  52. URL - not working
  53. URL - not working
  54. URL - not working
  55. URL - not working
  56. URL - not working
  57. URL - not working
  58. URL - not working
  59. URL - not working
  60. URL - not working
  61. URL - not working
  62. URL - not working
  63. URL - not working
  64. URL - not working
  65. URL - not working
  66. URL - not working
  67. URL - not working
  68. URL - not working
  69. URL - not working
  70. URL - not working
  71. URL - not working
  72. URL - not working
  73. URL - not working
  74. URL - not working
  75. URL - not working
  76. URL - not working
  77. URL - not working
  78. URL - not working
  79. URL - not working
  80. URL - not working
  81. URL - not working
  82. URL - not working
  83. URL - not working
  84. URL - not working
  85. URL - not working
  86. URL - not working
  87. URL - not working
  88. URL - not working
  89. URL - not working
  90. URL - not working
  91. URL - not working
  92. URL - not working
  93. URL - not working
  94. URL - not working
  95. URL - not working
  96. URL - not working
  97. URL - not working
  98. URL - not working
  99. URL - not working
  100. URL - not working
  101. URL - not working
  102. URL - not working
  103. URL - not working
  104. URL - not working
  105. URL - not working
  106. URL - not working
  107. URL - not working
  108. URL - not working
  109. URL - not working
  110. URL - not working
  111. URL - not working
  112. URL - not working
  113. URL - not working
  114. URL - not working
  115. URL - not working
  116. URL - not working
  117. URL - not working
  118. URL - not working
  119. URL - not working
  120. URL - not working
  121. URL - not working
  122. URL - not working
  123. URL - not working
  124. URL - not working
  125. URL - not working
  126. URL - not working
  127. URL - not working
  128. URL - not working
  129. URL - not working
  130. URL - not working
  131. URL - not working
  132. URL - not working
  133. URL - not working
  134. URL - not working
  135. URL - not working
  136. URL - not working
  137. URL - not working
  138. URL - not working
  139. URL - not working
  140. URL - not working
  141. URL - not working
  142. URL - not working
  143. URL - not working
  144. URL - not working
  145. URL - not working
  146. URL - not working
  147. URL - not working
  148. URL - not working
  149. URL - not working
  150. URL - not working
  151. URL - not working
  152. URL - not working
  153. URL - not working
  154. URL - not working
  155. URL - not working
  156. URL - not working
  157. URL - not working
  158. URL - not working
  159. URL - not working
  160. URL - not working
  161. URL - not working
  162. URL - not working
  163. URL - not working
  164. URL - not working
  165. URL - not working
  166. URL - not working
  167. URL - not working
  168. URL - not working
  169. URL - not working
  170. URL - not working
  171. URL - not working
  172. URL - not working
  173. URL - not working
  174. URL - not working
  175. URL - not working
  176. URL - not working
  177. URL - not working
  178. URL - not working
  179. URL - not working
  180. URL - not working
  181. URL - not working
  182. URL - not working
  183. URL - not working
  184. URL - not working
  185. URL - not working
  186. URL - not working
  187. URL - not working
  188. URL - not working
  189. URL - not working
  190. URL - not working
  191. URL - not working
  192. URL - not working
  193. URL - not working
  194. URL - not working
  195. URL - not working
  196. URL - not working
  197. URL - not working
  198. URL - not working
  199. URL - not working
  200. URL - not working
  201. URL - not working
  202. URL - not working
  203. URL - not working
  204. URL - not working
  205. URL - not working
  206. URL - not working
  207. URL - not working
  208. URL - not working
  209. URL - not working
  210. URL - not working
  211. URL - not working
  212. URL - not working
  213. URL - not working
  214. URL - not working
  215. URL - not working
  216. URL - not working
  217. URL - not working
Back to top View user's profile Send private message Visit poster's website
Display posts from previous:    Page 1 of 1
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum