Modify

Opened 9 years ago

Closed 6 years ago

Last modified 6 years ago

#970 closed bug (worksforme)

portforwarding doesn't work in 2.3.6 nor in 2.3.6.1

Reported by: steven@… Owned by: matthijs
Priority: normal Milestone:
Component: fon-network Version: 2.3.6.1 (Gari jr.)
Severity: unknown
Cc: Hardware: 2.0n (FON2300)

Description

tried in 2.3.6 tried in 2.3.6.1 Tried both on Fonera 2.0N tried after reboot verified with iptables --list

problem : I can add several "portforwarding" in the GUI and press OK I will see in /etc/config/firewall that they are added with zone "redirecting"

I can NEVER find it in "iptables --list"

Attachments (0)

Change History (3)

comment:1 Changed 8 years ago by steven@…

  • According to some people it might take a "reboot" until this change is being added to iptables
  • Portforwarding is not necessary when you are in "bridge"
  • Portforwarding doesn't work on itself... eg if your isp has blocked port 80... you can't use this to let the fonera webgui listen to eg 8000 (portforward 8000 to 192.168.10.1:80)...it's currently impossible to use Webgui/ssh/ftp features for the customers at Telenet (cable company Belgium)...which has closed port 1-1024....

only transmission,printerserver,vpn are possible... > 1024 not ssh,ftp,samba(nowhere else as well), webcam

comment:2 Changed 8 years ago by matthijs

  • Owner set to matthijs
  • Status changed from new to accepted

Steven,

I've been doing some testing with 2.3.6.1 and port forwarding and things seem to work pretty ok. In particular, normal forwarding to a host on the internal network works. Also, forwarding a port to the fonera itself (both using 192.168.10.1 or its WAN ip) works, so I can forward port 8080 to port 443 to get the WebGUI on a non-standard port.

I did find two catches:

  • Forwarding a range of ports only works when the destination port is left empty (so the ports are left untouched). If you fill in a range of ports, that just tells the kernel to pick any of those ports as the destination port, the choice does not take the original source port into consideration.
  • Forwarding a port does not actually open up a port. So to get the WebGUI working on a non-standard port, it also has to be opened on the standard port using the Firewall / Applications configuration page. Also, you'll need to forward to port 443, not 80, since the latter is not available from the WAN (even when the original port was different).

Could it be your problems have been caused by the above two catches, or did you see other problems as well? If so, could you try to elaborate on what you've tried and what didn't work?

As for iptables, you should see the forwards in the following tables:

root@Fonera:~# iptables  -t nat -n -v -L zone_wan_prerouting   
root@Fonera:~# iptables  -n -v -L zone_wan_forward

comment:3 Changed 6 years ago by matthijs

  • Resolution set to worksforme
  • Status changed from accepted to closed

As part of the upcoming 2.3.7.0 firmware release, we're reviewing old open tickets to see if they are still relevant, which is why you get this response now.

If this issue still occurs with the 2.3.7.0 rc2 firmware, feel free to leave a comment here so we can further investigate.

Add Comment

Modify Ticket

Action
as closed The owner will remain matthijs.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.