Port Forwarding Problems w/ TP-Link WR-1043ND

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Atheros WiSOC based Hardware
Author Message
angello
DD-WRT Novice


Joined: 20 Nov 2011
Posts: 1

PostPosted: Sun Nov 20, 2011 17:15    Post subject: Port Forwarding Problems w/ TP-Link WR-1043ND Reply with quote
Hi guys,

i can't for the life of me get port forwarding to work properly

I need this for utorrent (port 51313), ftp server (port 2121), webserver (8888) and many others

I can't connect to any of these services from outside the lan.

Important things to mention:
1. i have a TP-Link WR-1043ND router with DD-WRT v24-sp2 (06/14/11) std / (SVN revision 17201)
2. i'm connecting to the internet using pppoe and i don't have a home modem or anything else.
3. WAN ip starts with 188.27. ...
4. i am 100% sure i am pointing to the correct ip (192.168.1.100 - static dhcp)
5. WAN port assigment: vlan2
6. the setup is as easy as it gets. connect to the internet using pppoe and give internet access to lan clients. no other routers/switches or anything
7. i used the 30-30-30 reset method before installing dd-wrt
8. MY ISP ISN'T BLOCKING THESE PORTS
9. i've tried connecting with the firewall disabled ... failed
10. i applied the loopback patch
Quote:
insmod ipt_mark
insmod xt_mark

iptables -t mangle -A PREROUTING -i ! `get_wanface` -d `nvram get wan_ipaddr` -j MARK --set-mark 0xd001
iptables -t nat -A POSTROUTING -m mark --mark 0xd001 -j MASQUERADE



Nmap results of forwarded ports:

Quote:
Nmap scan report for 188- ...
PORT STATE SERVICE
9/tcp filtered discard
9/udp open|filtered discard
-------------------------------------------------------------------------
PORT STATE SERVICE
2121/tcp filtered ccproxy-ftp
2121/udp open|filtered scientia-ssdb
-------------------------------------------------------------------------
PORT STATE SERVICE
51313/tcp filtered unknown
51313/udp open|filtered unknown
-------------------------------------------------------------------------
PORT STATE SERVICE
8888/tcp filtered sun-answerbook
8888/udp open|filtered unknown



Screenshot of port forwarding rules in dd-wrt gui


Output after running "iptables -t nat -vnL PREROUTING" and "iptables -vnL FORWARD"



... help :/
i'm really hoping i am missing smth stupid
Sponsor
air101
DD-WRT Novice


Joined: 28 Jul 2011
Posts: 9

PostPosted: Tue Dec 06, 2011 9:21    Post subject: Reply with quote
same problem here Sad
hatleyt
DD-WRT Novice


Joined: 06 Jan 2012
Posts: 6

PostPosted: Fri Jan 06, 2012 5:39    Post subject: Reply with quote
Running DD-WRT v24SP2-MULTI (10/31/11) std - build 17798 on Buffalo WZR-HP-G300NH2, stuck on same issue as previous two submitters. Running one internal web server on port 80, and that responds from outside requests as intended, yet have 3 other internal servers being mapped from other ports (3000, 3001, etc) to local_ip:80, and cannot get any response. Using ShieldsUP these ports showing STEALTH.

Have the same loopback script installed, all forwards showing in iptables/NAT; ISP not blocking. Definitely a noob Rolling Eyes here when comes to ipconfig, but after reading & trying to digest as much as possible, feel like everything is in place...

Code:
:~# iptables -vnL FORWARD
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     47   --  *      ppp0    192.168.0.0/24       0.0.0.0/0
    0     0 ACCEPT     tcp  --  *      ppp0    192.168.0.0/24       0.0.0.0/0           tcp dpt:1723
    0     0 ACCEPT     0    --  br0    br0     0.0.0.0/0            0.0.0.0/0
 5398  299K TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU
1646K 1603M lan2wan    0    --  *      *       0.0.0.0/0            0.0.0.0/0
1644K 1603M ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    3   156 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.0.180       tcp dpt:80
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.0.180       udp dpt:80
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.0.15        tcp dpt:80
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.0.15        udp dpt:80
    2   104 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.0.25        tcp dpt:80
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.0.25        udp dpt:80
    1    52 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.0.26        tcp dpt:80
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.0.26        udp dpt:80
    2   104 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.0.27        tcp dpt:80
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            192.168.0.27        udp dpt:80
    0     0 TRIGGER    0    --  ppp0   br0     0.0.0.0/0            0.0.0.0/0           TRIGGER type:in match:0 relate:0
 2732  162K trigger_out  0    --  br0    *       0.0.0.0/0            0.0.0.0/0
 2689  159K ACCEPT     0    --  br0    *       0.0.0.0/0            0.0.0.0/0           state NEW
   43  2738 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0


Code:
 iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       icmp --  anywhere             97-115-xxx-xxx.qwest.net to:192.168.0.1
DNAT       tcp  --  anywhere             97-115-xxx-xxx.qwest.net tcp dpt:www to:192.168.0.180:80
DNAT       udp  --  anywhere             97-115-xxx-xxx.qwest.net udp dpt:www to:192.168.0.180:80
DNAT       tcp  --  anywhere             97-115-xxx-xxx.qwest.net tcp dpt:2000 to:192.168.0.15:80
DNAT       udp  --  anywhere             97-115-xxx-xxx.qwest.net udp dpt:2000 to:192.168.0.15:80
DNAT       tcp  --  anywhere             97-115-xxx-xxx.qwest.net tcp dpt:3000 to:192.168.0.25:80
DNAT       udp  --  anywhere             97-115-xxx-xxx.qwest.net udp dpt:3000 to:192.168.0.25:80
DNAT       tcp  --  anywhere             97-115-xxx-xxx.qwest.net tcp dpt:3001 to:192.168.0.26:80
DNAT       udp  --  anywhere             97-115-xxx-xxx.qwest.net udp dpt:3001 to:192.168.0.26:80
DNAT       tcp  --  anywhere             97-115-xxx-xxx.qwest.net tcp dpt:3002 to:192.168.0.27:80
DNAT       udp  --  anywhere             97-115-xxx-xxx.qwest.net udp dpt:3002 to:192.168.0.27:80
TRIGGER    0    --  anywhere             97-115-xxx-xxx.qwest.net TRIGGER type:dnat match:0 relate:0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
SNAT       0    --  192.168.0.0/24       anywhere            to:97.115.xxx.xxx
RETURN     0    --  anywhere             anywhere            PKTTYPE = broadcast
MASQUERADE  0    --  anywhere             anywhere            MARK match 0xd001


Would sincerely appreciate any thoughts/ideas....
BentLogic
DD-WRT Novice


Joined: 19 Dec 2011
Posts: 14

PostPosted: Sat Jan 07, 2012 15:28    Post subject: Reply with quote
Try build 15962. Any build after this and port forward doesn't work on my WHR-HP-G300N.

Let me know if this works for you, I am curious if this affects all atheros based buffalo routers.
hatleyt
DD-WRT Novice


Joined: 06 Jan 2012
Posts: 6

PostPosted: Sat Jan 07, 2012 19:00    Post subject: Forwarding working on WZR-HP-G300NH2 v24SP2-MULTI (10/31/11) Reply with quote
I was able to resolve forwarding (actually confirmed it was working after I removed other issues in play) on DD-WRT v24SP2-MULTI (10/31/11) std WZR-HP-G300NH2, now have 4 internal devices all providing web content via forwarded ports. See http://www.dd-wrt.com/phpBB2/viewtopic.php?t=149158 for more details.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum