port forwarding

[joedupa]

Hello, port forwarding from a specific source IP doesn't work. I want to restrict access to port 80 on the route, and port 22 on the internal machine to the specific source IP only from two of my static IP source at home and at work. This works in the official dd-wrt builds, which for obvious reasons I don't want to use. Could you please assist? Thanks a lot.

[i3roly]

I can't even understand what you're asking because it sounds complicated.

I am using port forwarding right now but it's simple. I'm forwarding port 1338 from the outside to port 1337 on an IP inside the host. So I know that case works.

I don't understand what you're asking below.

From: joedupa Sent: Wednesday, 2 November 2022 2:15 PM To: i3roly/glibc_ddwrt Reply To: i3roly/glibc_ddwrt Cc: Subscribed Subject: [i3roly/glibc_ddwrt] port forwarding (Issue #15)

Hello, port forwarding from a specific source IP doesn't work. I want to restrict access to port 80 on the route, and port 22 on the internal machine to the specific source IP only from my static IP at home. This works in the official dd-wrt builds, which for obvious reasons I don't want to use. Could you please assist? Thanks a lot.

— Reply to this email directly, view it on GitHubhttps://github.com/i3roly/glibc_ddwrt/issues/15, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AITLEG6WO5TRSMY3SESFLO3WGLDVHANCNFSM6AAAAAARVPGJ6Q. You are receiving this because you are subscribed to this thread.Message ID: @.***>

[i3roly]

what i would do, is compare the iptables rules from a working build to my build.

they shouldn't be any different, but that should help determine the problem.

i personally havent' changed anything in the firewall code.

proof:

GagansMacPro:router Gagan$ wget https://svn.dd-wrt.com/export/50792/src/router/services/networking/generic/firewall.c
d--2022-11-02 18:31:06--  https://svn.dd-wrt.com/export/50792/src/router/services/networking/generic/firewall.c
ifResolving svn.dd-wrt.com (svn.dd-wrt.com)... 185.84.6.103
Connecting to svn.dd-wrt.com (svn.dd-wrt.com)|185.84.6.103|:443... f connected.
HTTP request sent, awaiting response... m200 Ok
Length: unspecified [text/x-csrc]
Saving to: ‘firewall.c’

firewall.c                                                                                                     [<=>                                                                                                                                                                                                                                                                                   ]       0  --.-KB/s               ^R
firewall.c                                                                                                     [ <=>                                                                                                                                                                                                                                                                                  ]  36.00K   136KB/s               ^R
firewall.c                                                                                                     [   <=>                                                                                                                                                                                                                                                                                ] 114.96K   235KB/s    in 0.5s    

2022-11-02 18:31:07 (235 KB/s) - ‘firewall.c’ saved [117715]

GagansMacPro:router Gagan$ diff services/networking/generic/firewall.c firewall.c
938c938
<                 if (isClient()) {
---
>       if (isClient()) {
3361c3361
<                         if (getSTA())
---
>           if (getSTA())
3363c3363
<                         else
---
>           else

GagansMacPro:router Gagan$ wget https://svn.dd-wrt.com/export/50792/src/router/netconf/netconf_linux.c
\--2022-11-02 18:40:54--  https://svn.dd-wrt.com/export/50792/src/router/netconf/netconf_linux.c
Resolving svn.dd-wrt.com (svn.dd-wrt.com)... 185.84.6.103
Connecting to svn.dd-wrt.com (svn.dd-wrt.com)|185.84.6.103|:443... connected.
HTTP request sent, awaiting response... 200 Ok
Length: unspecified [text/x-csrc]
Saving to: ‘netconf_linux.c’

netconf_linux.c                                                                                                [  <=>                                                                                                                                                                                                                                                                                 ]  41.91K   129KB/s    in 0.3s    

2022-11-02 18:40:55 (129 KB/s) - ‘netconf_linux.c’ saved [42911]

GagansMacPro:router Gagan$ \diff net^C
GagansMacPro:router Gagan$ diff netconf_linux.c netconf/netconf_linux.c

[i3roly]

again another false ticket without any followup or troubleshooting.

closing ticket because i don't know how this person would have this problem

[joedupa]

Thanks for your answer. I have two identical routers (Dlink DIR-882 A1) one with dd-wrt and another with your software. Again, I want to allow access to the router exclusively from a single internet IP of one of my remote servers, and forward the specific "Port from" (25980) to the internal machine on port 80. I enter this under NAT/QoS and Port Forwarding. On both routers the settings are identical. This works on the router with dd-wrt, but not on the router with your software. When I ssh and issue the following command: iptables -t nat -L the router with your latest version of software comes up with empty entries for iptables, please let me know if this can be fixed. Thanks!!

[joedupa]

I am sorry for late reply, I was travelling. Could you please reopen this issue and see if this can be resolved?

[i3roly]

Of course it's not going to work when you have no WAN IP on my build!!

How can iptables forward from an address that doesn't exist!?

From: joedupa Sent: Wednesday, 9 November 2022 7:28 AM To: i3roly/glibc_ddwrt Reply To: i3roly/glibc_ddwrt Cc: gagan sidhu; State change Subject: Re: [i3roly/glibc_ddwrt] port forwarding (Issue #15)

I am sorry for late reply, I was travelling. Could you please reopen this issue and see if this can be resolved?

— Reply to this email directly, view it on GitHubhttps://github.com/i3roly/glibc_ddwrt/issues/15#issuecomment-1308848942, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AITLEG6DN2VY6O2657SBLVDWHOYHVANCNFSM6AAAAAARVPGJ6Q. You are receiving this because you modified the open/close state.Message ID: @.***>

[i3roly]

You shouldn't be using 759 anyways since it can't update wireless settings.

Your issue is not having a wan IP. This is painfully obvious in the iptables output with no entries.

"My software" is dd-wrt using glibc. Right now the issue isn't anything to do with port forwarding.

You should be asking why you don't have a wan IP, and telling me what kind of WAN you have? Pppoe or something?

From: joedupa Sent: Wednesday, 9 November 2022 7:28 AM To: i3roly/glibc_ddwrt Reply To: i3roly/glibc_ddwrt Cc: gagan sidhu; State change Subject: Re: [i3roly/glibc_ddwrt] port forwarding (Issue #15)

I am sorry for late reply, I was travelling. Could you please reopen this issue and see if this can be resolved?

— Reply to this email directly, view it on GitHubhttps://github.com/i3roly/glibc_ddwrt/issues/15#issuecomment-1308848942, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AITLEG6DN2VY6O2657SBLVDWHOYHVANCNFSM6AAAAAARVPGJ6Q. You are receiving this because you modified the open/close state.Message ID: @.***>

[i3roly]

Also: you're using an OLD build of BS'. Four years old. I assume it's using mt_wifi driver.

It sounds to me like you use pppoe or some kind of station mode to connect to the internet. Only the latest builds have 8021x. I didn't have them in my builds before 50813.

If you're relying on station mode 8021x or something like that, 50579‎ won't work. This would be why you don't have wan, and why forwarding wouldn't work.

From: Gagan Sidhu Sent: Wednesday, 9 November 2022 7:38 AM To: joedupa Subject: Re: [i3roly/glibc_ddwrt] port forwarding (Issue #15)

You shouldn't be using 759 anyways since it can't update wireless settings.

Your issue is not having a wan IP. This is painfully obvious in the iptables output with no entries.

"My software" is dd-wrt using glibc. Right now the issue isn't anything to do with port forwarding.

You should be asking why you don't have a wan IP, and telling me what kind of WAN you have? Pppoe or something?

From: joedupa Sent: Wednesday, 9 November 2022 7:28 AM To: i3roly/glibc_ddwrt Reply To: i3roly/glibc_ddwrt Cc: gagan sidhu; State change Subject: Re: [i3roly/glibc_ddwrt] port forwarding (Issue #15)

I am sorry for late reply, I was travelling. Could you please reopen this issue and see if this can be resolved?

— Reply to this email directly, view it on GitHubhttps://github.com/i3roly/glibc_ddwrt/issues/15#issuecomment-1308848942, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AITLEG6DN2VY6O2657SBLVDWHOYHVANCNFSM6AAAAAARVPGJ6Q. You are receiving this because you modified the open/close state.Message ID: @.***>