Port forwarding can be used to open holes in the firewall, and forward external traffic to an internal host or service, commonly used for gaming applications, running a web service, or remote administration.
A redirect rule is the simple way of forwarding traffic from an external port to an internal host. You can edit /etc/config/firewall
In this example, we're taking traffic from the WAN interface, on port '2222', and directing it to the host '192.168.1.100' on the LAN interface.
|Following configurations are actually for /etc/config/firewall . /etc/firewall.user can't understand them, it is for raw iptables commands. related forum thread|
config 'redirect' option 'name' 'some awesome game' option 'src' 'wan' option 'proto' 'tcpudp' option 'src_dport' '2222' option 'dest_ip' '192.168.1.100' option 'target' 'DNAT' option 'dest' 'lan'
You can also supply different ports to be forwarded. For example, external traffic on port '5555' will be directed to the host '192.168.1.100' on port '22'.
config 'redirect' option 'name' 'ssh' option 'src' 'wan' option 'proto' 'tcpudp' option 'src_dport' '5555' option 'dest_ip' '192.168.1.100' option 'dest_port' '22' option 'target' 'DNAT' option 'dest' 'lan'
To apply the changes to the firewall, you'll need to run