Adding entries to Virtual Server section

hxping7 / wl500g

Automatically exported from code.google.com/p/wl500g

0 stars 0 forks source link

Adding entries to Virtual Server section #378

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

What steps will reproduce the problem?
1. Log into WEB interface
2. Adding more than 24 entries to NAT Settings -> Virtual Server section leads 
to warning - "this table only allow 24 items!!!"
2.
3.

What is the expected output? What do you see instead?
I need more than 24 entries at least 50

What version of the product are you using?
Asus RT-N 16  on  1.9.2.7-rtn-r4667

Please provide any additional information below.
What cause of this limitation ?

Original issue reported on code.google.com by nixta...@gmail.com on 20 Jan 2013 at 10:33

Attachments:

1scrot.png

GoogleCodeExporter commented 9 years ago

Screen with exact this warning

Original comment by nixta...@gmail.com on 20 Jan 2013 at 10:38

Attachments:

3scrot.png

GoogleCodeExporter commented 9 years ago

It is a SOHO router. Use ranges & post-firewall script.

Original comment by lly.dev on 21 Jan 2013 at 6:25

Changed state: WontFix

GoogleCodeExporter commented 9 years ago

I tried ranges, don't know why, but not working for FTP passive ports 
connections. That's why defined each port individually.  
 Is it hardware limit or what ?

Original comment by nixta...@gmail.com on 21 Jan 2013 at 8:49

GoogleCodeExporter commented 9 years ago

You have to read iptables manual.

Original comment by lly.dev on 25 Jan 2013 at 6:32

GoogleCodeExporter commented 9 years ago

i will answer myself how to do that, the post-firewall script should look like 
that:

#create post-firewall script
echo "#!/bin/sh" > /usr/local/sbin/post-firewall

#Add ports forwarding from 100 to 150 to sample destination 192.168.1.180  
(replace with yours)
echo "iptables -t nat -A PREROUTING -p tcp --dport 100:150 -j DNAT 
--to-destination 192.168.1.180" >> /usr/local/sbin/post-firewall

#Allow these connections and commit to flashfs
echo "iptables -A FORWARD -s 192.168.1.180 -p tcp --dport 100:150 -j ACCEPT" >> 
/usr/local/sbin/post-firewall
flashfs save && flashfs commit && flashfs enable && reboot

Спасибо за помощь!

Original comment by nixta...@gmail.com on 31 Jan 2013 at 11:56

GoogleCodeExporter commented 9 years ago

wrong. use VSERVER chain

Original comment by themiron.ru on 7 Feb 2013 at 7:02

GoogleCodeExporter commented 9 years ago

It is working like a charm, why wrong ?

Original comment by nixta...@gmail.com on 7 Feb 2013 at 8:33

GoogleCodeExporter commented 9 years ago

 If i got two or more machines behind router and i need edit two or more groups of ports, how it is possible with VSERVER chain for 2 portgroups?

Original comment by nixta...@gmail.com on 7 Feb 2013 at 8:44

GoogleCodeExporter commented 9 years ago

wrong, because VSERVER is the chain for wan/lan->lan DNAT purposes only without 
additional checks that slow down overall packets processing.
what do you mean by 2 port groups? make it via web interface and check VSERVER 
chain for example to start with.

Original comment by themiron.ru on 8 Feb 2013 at 9:37