Community


All times are UTC - 5 hours




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: How to implement port forwarding to LAN from in-a-box
PostPosted: Sat Jul 05, 2014 7:18 pm 
Offline

Joined: Sat Jul 05, 2014 6:07 pm
Posts: 1
I installed nrclient-2.1.2.4326-free-attitude_adjustment-ar71xx.ipk into TP-LINK TL-MR3420 V.2 under openwrt-ar71xx-generic-tl-mr3420-v2-squashfs-factory.bin

TP-LINK got the address on the network:
LAN: 192.168.1.1
WAN : 192.168.8.111
NeoRouter : 10.0.0.3
I have a computer connected to TP-Link's LAN : 192.168.1.183

I configured port-forward to access RDP on this computer:
/etc/config/firewall :
=============================
...
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '3389'
option dest_ip '192.168.1.183'
option dest_port '3389'
option name 'RDP'
=============================

Now I can connect via WAN from another computer in my network, his address 192.168.8.99, I run mstsc.exe and enter 192.168.8.111 - it works.

Also this computer has NeoRouter client running, address 10.0.0.4, and ping to 10.0.0.3 pass well.

But I can't connect via RDP from 10.0.0.4 to 10.0.0.3
What I did not do nothing helps. :(

I tried to make a new interface :
/etc/config/network :
=============================
...
config interface 'neorouter'
option proto 'dhcp'
option ifname 'nrtap'
=============================
, and placed it in 'wan' zone:
/etc/config/firewall :
=============================
config zone
option name 'wan'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option network 'wan 3g neorouter'
option input 'ACCEPT'
option forward 'ACCEPT'
=============================
and many more...

I never connected to computer in TP-Link's LAN through NeoRouter even from NR Network Exlorer File-Actions-Remote Desktop

Can NeoRouter port-forward to LAN and how?

It's full configs:
/etc/config/network :
=============================

config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config interface 'lan'
option ifname 'eth1'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option dns '192.168.1.1 8.8.8.8 8.8.4.4'

config interface 'wan'
option ifname 'eth0'
option proto 'dhcp'

config interface '3g'
option proto '3g'
option device '/dev/ttyUSB0'
option service 'evdo'
option username 'smart'
option password 'smart'

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'

config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3 4'

config interface 'neorouter'
option proto 'dhcp'
option ifname 'nrtap'
=============================

/etc/config/firewall :
=============================

config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'

config zone
option name 'lan'
option network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'

config zone
option name 'wan'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option network 'wan 3g neorouter'
option input 'ACCEPT'
option forward 'ACCEPT'

config forwarding
option src 'lan'
option dest 'wan'

config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'

config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'

config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'

config include
option path '/etc/firewall.user'

config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '3389'
option dest_ip '192.168.1.183'
option dest_port '3389'
option name 'RDP'
=============================


Top
 Profile  
 
 Post subject: Re: How to implement port forwarding to LAN from in-a-box
PostPosted: Sun Jul 06, 2014 7:16 am 
Offline

Joined: Sun Nov 16, 2008 6:41 am
Posts: 1869
Hi KAA777,

It seems not right. You cannot forward the connection from NeoRouter VLAN (10.0.0.4) to a physical network (your computer in the LAN) via 10.0.0.3 (your router), as they are living in different networks and you may need some setting on your router to route the packets to your target computer.

Thanks,
KevinZ - NeoRouter team


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron