Posted: Fri May 26, 2017 15:26 Post subject: Help with issue for external port forwarding
I have my setup like this:
DD-WRT Build 30796
I have a windows box that I can connect using PuTTy, a Linux box using the "ssh user@IP -p ##" command, and also connectbot on android.
Note: I also made sure my LAN listening client (linux) has its sshd_config set to Port "BB" instead of Port 22
When I connect via internal LAN to my 192.x.x.x gateway on my router using the LAN IP & port "BB" of my listening client, I can SSH into my box just fine. When I try to connect via my WAN IP & port "AA" the router does not redirect, it errors out saying "No route to host" on any device that I use (wired windows/linux or wireless android)
I tried to troubleshoot by just making my Port Forwarding scheme from "BB" to "BB" but even that gives the same error.
I have iptables FORWARD rules set to DROP packets from certain ports, but none of those rules include these ports (AA & BB) that I am using.
I've also tried to experiment with the following settings on/off and none have worked either:
Security->Filter WAN NAT Redirection
Security->Limit SSH Access
I'm out of ideas... Anyone have any experience with this?
Random internet guy on Youtube (here = https://www.youtube.com/watch?v=vGMKZWkFEmk) says to enter this command under Administration -> Commands -> Firewall to fix this issue. It was for an older build but others said that it works more recently to allow WAN to LAN port forwarding. Can anyone explain what this command does before I try it?
iptables -t mangle -A PREROUTING -i ! `get_wanface` -d `nvram get wan_ipaddr` -j MARK --set-mark 0xd001
iptables -t nat -A POSTROUTING -m mark --mark 0xd001 -j MASQUERADE
I finally figured it out, and it's not that random guy's code, it's so dumb and simple...
I noticed earlier that the DD-WRT software does not like "all" or "both" commands when it comes to TCP & UDP ports.
You literally have to go into NAT/QoS -> Port Forwarding and do each port for TCP & UDP, NOT using the "both" selection. Just like this: