Port Forwarding with PPTP vpn connection on tomato router
Tim Tisdall
tisdall-DXT9u3ndKiSh7up9GtFB90EOCMrvLtNR at public.gmane.org
Mon Apr 8 13:15:36 UTC 2013
Hey Randy.. What specifically is not working? We know what you've done
and what you're trying to do, but not what the problem is.
At first glance, though, you should probably eliminate all those duplicate
entries to at least make it easier to wade through.
-Tim
On Sun, Apr 7, 2013 at 11:59 AM, Randy Jonasz <rjonasz-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> Hi Everyone,
>
> I was wondering if anyone could help solve a problem I'm having with port
> forwarding on a tomato router set up to connect to a nas via rsync and
> another computer via ssh. Any help would be greatly appreciated. Here's
> where I am at now:
>
> Tomato v1.28.0000 MIPSR2-106 K26 USB Mega-VPN
> root at Rorty:/tmp/home/root# ip route show
> 10.3.12.1 dev ppp0 proto kernel scope link src 173.234.144.211
> 207.210.24.1 dev vlan2 scope link
> 173.234.144.194 via 207.210.24.1 dev vlan2
> 192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.1
> 207.210.24.0/22 dev vlan2 proto kernel scope link src 207.210.24.187
> 127.0.0.0/8 dev lo scope link
> default dev ppp0 scope link
> default via 207.210.24.1 dev vlan2
> root at Rorty:/tmp/home/root# iptables -L
> Chain INPUT (policy DROP)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- 0.0.0.0/24 anywhere
> DROP all -- anywhere wan-ip.rjonasz.org
> DROP all -- anywhere anywhere state INVALID
> ACCEPT all -- anywhere anywhere state
> RELATED,ESTABLISHED
> shlimit tcp -- anywhere anywhere tcp dpt:ssh
> state NEW
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere
> ACCEPT udp -- anywhere anywhere udp
> spt:bootps dpt:bootpc
> ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
>
> Chain FORWARD (policy DROP)
> target prot opt source destination
> TCPMSS tcp -- anywhere anywhere tcp
> flags:SYN,RST/SYN TCPMSS clamp to PMTU
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere
> TCPMSS tcp -- anywhere anywhere tcp
> flags:SYN,RST/SYN TCPMSS clamp to PMTU
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere
> TCPMSS tcp -- anywhere anywhere tcp
> flags:SYN,RST/SYN TCPMSS clamp to PMTU
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere
> TCPMSS tcp -- anywhere anywhere tcp
> flags:SYN,RST/SYN TCPMSS clamp to PMTU
> ACCEPT all -- 0.0.0.0/24 anywhere
> ACCEPT all -- anywhere 0.0.0.0/24
> all -- anywhere anywhere account:
> network/netmask: 192.168.1.0/255.255.255.0 name: lan
> ACCEPT all -- anywhere anywhere
> DROP all -- anywhere anywhere state INVALID
> TCPMSS tcp -- anywhere anywhere tcp
> flags:SYN,RST/SYN TCPMSS clamp to PMTU
> ACCEPT all -- anywhere anywhere state
> RELATED,ESTABLISHED
> wanin all -- anywhere anywhere
> wanout all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- anywhere 0.0.0.0/24
>
> Chain shlimit (1 references)
> target prot opt source destination
> all -- anywhere anywhere recent: SET
> name: shlimit side: source
> DROP all -- anywhere anywhere recent:
> UPDATE seconds: 60 hit_count: 4 name: shlimit side: source
>
> Chain wanin (1 references)
> target prot opt source destination
> ACCEPT tcp -- anywhere 192.168.1.11 tcp dpt:ssh
> ACCEPT udp -- anywhere 192.168.1.11 udp dpt:ssh
> ACCEPT tcp -- anywhere ix2-200-TI85JF.rjonasz.org tcp
> dpt:rsync
> ACCEPT udp -- anywhere ix2-200-TI85JF.rjonasz.org udp
> dpt:rsync
>
> Chain wanout (1 references)
> target prot opt source destination
> root at Rorty:/tmp/home/root# iptables -t nat -L
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
> WANPREROUTING all -- anywhere wan-ip.rjonasz.org
> DROP all -- anywhere 192.168.1.0/24
>
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
> SNAT tcp -- 192.168.1.0/24 192.168.1.11 tcp dpt:ssh
> to:207.210.24.187
> SNAT udp -- 192.168.1.0/24 192.168.1.11 udp dpt:ssh
> to:207.210.24.187
> SNAT tcp -- 192.168.1.0/24 ix2-200-TI85JF.rjonasz.org tcp
> dpt:rsync to:207.210.24.187
> SNAT udp -- 192.168.1.0/24 ix2-200-TI85JF.rjonasz.org udp
> dpt:rsync to:207.210.24.187
> MASQUERADE all -- anywhere anywhere
> MASQUERADE all -- anywhere anywhere
> MASQUERADE all -- anywhere anywhere
> MASQUERADE all -- anywhere anywhere
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain WANPREROUTING (1 references)
> target prot opt source destination
> DNAT icmp -- anywhere anywhere
> to:192.168.1.1
> DNAT tcp -- anywhere anywhere tcp dpt:2222
> to:192.168.1.11:22
> DNAT udp -- anywhere anywhere udp dpt:2222
> to:192.168.1.11:22
> DNAT tcp -- anywhere anywhere tcp dpt:rsync
> to:192.168.1.8:873
> DNAT udp -- anywhere anywhere udp dpt:rsync
> to:192.168.1.8:873
>
> Thanks,
>
> Randy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20130408/f077b1e8/attachment.html>
More information about the Legacy
mailing list