User Tools

Site Tools


docs:guide-user:firewall:port.forwarding

Port Forwarding

Port forwarding can be used to open holes in the firewall, and forward external traffic to an internal host or service, commonly used for gaming applications, running a web service, or remote administration.

The firewall configuration is located at /etc/config/firewall and for reference, you can also review Port forwarding for IPv4 (Destination NAT/DNAT)

A redirect rule is the simple way of forwarding traffic from an external port to an internal host. You can edit /etc/config/firewall

In this example, we're taking traffic from the WAN interface, on port '2222', and directing it to the host '192.168.1.100' on the LAN interface.

Following configurations are actually for /etc/config/firewall . /etc/firewall.user can't understand them, it is for raw iptables commands. related forum thread
config 'redirect'
        option 'name' 'some awesome game'
        option 'src' 'wan'
        option 'proto' 'tcpudp'
        option 'src_dport' '2222'
        option 'dest_ip' '192.168.1.100'
        option 'target' 'DNAT'
        option 'dest' 'lan'

You can also supply different ports to be forwarded. For example, external traffic on port '5555' will be directed to the host '192.168.1.100' on port '22'.

config 'redirect'
        option 'name' 'ssh'
        option 'src' 'wan'
        option 'proto' 'tcpudp'
        option 'src_dport' '5555'
        option 'dest_ip' '192.168.1.100'
        option 'dest_port' '22'
        option 'target' 'DNAT'
        option 'dest' 'lan'

To apply the changes to the firewall, you'll need to run /etc/init.d/firewall restart.

docs/guide-user/firewall/port.forwarding.txt · Last modified: 2018/03/03 20:39 by 142.169.78.191