Port Forwarding with PPTP vpn connection on tomato router

Randy Jonasz rjonasz-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Sun Apr 7 15:59:48 UTC 2013 

Hi Everyone,

I was wondering if anyone could help solve a problem I'm having with port
forwarding on a tomato router set up to connect to a nas via rsync and
another computer via ssh.  Any help would be greatly appreciated.  Here's
where I am at now:

Tomato v1.28.0000 MIPSR2-106 K26 USB Mega-VPN
root at Rorty:/tmp/home/root# ip route show
10.3.12.1 dev ppp0  proto kernel  scope link  src 173.234.144.211
207.210.24.1 dev vlan2  scope link
173.234.144.194 via 207.210.24.1 dev vlan2
192.168.1.0/24 dev br0  proto kernel  scope link  src 192.168.1.1
207.210.24.0/22 dev vlan2  proto kernel  scope link  src 207.210.24.187
127.0.0.0/8 dev lo  scope link
default dev ppp0  scope link
default via 207.210.24.1 dev vlan2
root at Rorty:/tmp/home/root# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  0.0.0.0/24           anywhere
DROP       all  --  anywhere             wan-ip.rjonasz.org
DROP       all  --  anywhere             anywhere            state INVALID
ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED
shlimit    tcp  --  anywhere             anywhere            tcp dpt:ssh
state NEW
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     udp  --  anywhere             anywhere            udp spt:bootps
dpt:bootpc
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh

Chain FORWARD (policy DROP)
target     prot opt source               destination
TCPMSS     tcp  --  anywhere             anywhere            tcp
flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
TCPMSS     tcp  --  anywhere             anywhere            tcp
flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
TCPMSS     tcp  --  anywhere             anywhere            tcp
flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
TCPMSS     tcp  --  anywhere             anywhere            tcp
flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT     all  --  0.0.0.0/24           anywhere
ACCEPT     all  --  anywhere             0.0.0.0/24
           all  --  anywhere             anywhere            account:
network/netmask: 192.168.1.0/255.255.255.0 name: lan
ACCEPT     all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere            state INVALID
TCPMSS     tcp  --  anywhere             anywhere            tcp
flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED
wanin      all  --  anywhere             anywhere
wanout     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             0.0.0.0/24

Chain shlimit (1 references)
target     prot opt source               destination
           all  --  anywhere             anywhere            recent: SET
name: shlimit side: source
DROP       all  --  anywhere             anywhere            recent: UPDATE
seconds: 60 hit_count: 4 name: shlimit side: source

Chain wanin (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             192.168.1.11        tcp dpt:ssh
ACCEPT     udp  --  anywhere             192.168.1.11        udp dpt:ssh
ACCEPT     tcp  --  anywhere             ix2-200-TI85JF.rjonasz.org tcp
dpt:rsync
ACCEPT     udp  --  anywhere             ix2-200-TI85JF.rjonasz.org udp
dpt:rsync

Chain wanout (1 references)
target     prot opt source               destination
root at Rorty:/tmp/home/root# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
WANPREROUTING  all  --  anywhere             wan-ip.rjonasz.org
DROP       all  --  anywhere             192.168.1.0/24

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
SNAT       tcp  --  192.168.1.0/24       192.168.1.11        tcp dpt:ssh
to:207.210.24.187
SNAT       udp  --  192.168.1.0/24       192.168.1.11        udp dpt:ssh
to:207.210.24.187
SNAT       tcp  --  192.168.1.0/24       ix2-200-TI85JF.rjonasz.org tcp
dpt:rsync to:207.210.24.187
SNAT       udp  --  192.168.1.0/24       ix2-200-TI85JF.rjonasz.org udp
dpt:rsync to:207.210.24.187
MASQUERADE  all  --  anywhere             anywhere
MASQUERADE  all  --  anywhere             anywhere
MASQUERADE  all  --  anywhere             anywhere
MASQUERADE  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain WANPREROUTING (1 references)
target     prot opt source               destination
DNAT       icmp --  anywhere             anywhere            to:192.168.1.1
DNAT       tcp  --  anywhere             anywhere            tcp dpt:2222
to:192.168.1.11:22
DNAT       udp  --  anywhere             anywhere            udp dpt:2222
to:192.168.1.11:22
DNAT       tcp  --  anywhere             anywhere            tcp dpt:rsync
to:192.168.1.8:873
DNAT       udp  --  anywhere             anywhere            udp dpt:rsync
to:192.168.1.8:873

Thanks,

Randy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20130407/01fbf367/attachment.html>

More information about the Legacy mailing list