Closed GoogleCodeExporter closed 9 years ago
Screen with exact this warning
Original comment by nixta...@gmail.com
on 20 Jan 2013 at 10:38
Attachments:
It is a SOHO router. Use ranges & post-firewall script.
Original comment by lly.dev
on 21 Jan 2013 at 6:25
I tried ranges, don't know why, but not working for FTP passive ports
connections. That's why defined each port individually.
Is it hardware limit or what ?
Original comment by nixta...@gmail.com
on 21 Jan 2013 at 8:49
You have to read iptables manual.
Original comment by lly.dev
on 25 Jan 2013 at 6:32
i will answer myself how to do that, the post-firewall script should look like
that:
#create post-firewall script
echo "#!/bin/sh" > /usr/local/sbin/post-firewall
#Add ports forwarding from 100 to 150 to sample destination 192.168.1.180
(replace with yours)
echo "iptables -t nat -A PREROUTING -p tcp --dport 100:150 -j DNAT
--to-destination 192.168.1.180" >> /usr/local/sbin/post-firewall
#Allow these connections and commit to flashfs
echo "iptables -A FORWARD -s 192.168.1.180 -p tcp --dport 100:150 -j ACCEPT" >>
/usr/local/sbin/post-firewall
flashfs save && flashfs commit && flashfs enable && reboot
Спасибо за помощь!
Original comment by nixta...@gmail.com
on 31 Jan 2013 at 11:56
wrong. use VSERVER chain
Original comment by themiron.ru
on 7 Feb 2013 at 7:02
It is working like a charm, why wrong ?
Original comment by nixta...@gmail.com
on 7 Feb 2013 at 8:33
If i got two or more machines behind router and i need edit two or more groups of ports, how it is possible with VSERVER chain for 2 portgroups?
Original comment by nixta...@gmail.com
on 7 Feb 2013 at 8:44
wrong, because VSERVER is the chain for wan/lan->lan DNAT purposes only without
additional checks that slow down overall packets processing.
what do you mean by 2 port groups? make it via web interface and check VSERVER
chain for example to start with.
Original comment by themiron.ru
on 8 Feb 2013 at 9:37
Original issue reported on code.google.com by
nixta...@gmail.com
on 20 Jan 2013 at 10:33Attachments: