Port Mapping / Forwarding – Zeroshell Linux Router

This topic is empty.

Viewing 4 posts - 1 through 4 (of 4 total)

Author

Posts
April 8, 2010 at 9:02 pm #42337

megabit
Member

All,
I’ve be using ZS for a few weeks and I’m very impressed with it’s features. I have worked out most om my issues but a few things still elude me.

I can’t seem to get the System> Router> Virtual Server to work for me, I may be trying make it do what it isn’t supposed to or just plain doing it wrong.

What I have is ZS configured as Captive Portal with NAT enabled. I have several Wireless Access Points (WAPs) connected on the LAN side (ETH00) (192.168.1.1) via an 8 port switch.

The WAN side (ETH01) (69.xxx.70.1) interface is connected to a router to the ISP.

The WAPs are manageable via HTTP interface using port 80. Each WAP has a unique IP within the LAN subnet. I need to manage these WAPs from 200 miles away.

I am trying to map ETH01 69.xxx.70.1 port 60001 to WAP 192.168.1.201 port 80.

This way in my browser I enter http://69.xxx.70.1:60001 and connected to the WAP with the IP of 192.168.1.201.

If ZS can’t do this then is there some other way to do it outside of ZS?

I am running ZS on a hard drive no CD or flash

Thanks,

Megabit

April 8, 2010 at 9:39 pm #50078
ppalias
Member
Could you paste here the output of commands
```
iptables -L -v

iptables -t nat -L -v
```
April 9, 2010 at 11:50 pm #50079

megabit
Member

Ppalias,
Here is the entry in the Virtual Server tab first then the iptables print outs.

Thanks for any help
Megabit

Interface/IP address Protocol Local Port Real Servers
ETH01 / ANY TCP 60001 192.168.1.222:80

root@zeroshell root> iptables -L -v
Chain INPUT (policy ACCEPT 7524 packets, 1278K bytes)
pkts bytes target prot opt in out source destination
28196 3835K SYS_INPUT all — any any anywhere anywhere
28 3227 SYS_HTTPS tcp — any any anywhere anywhere tcp dpt:http
10347 1350K SYS_HTTPS tcp — any any anywhere anywhere tcp dpt:https
361 24380 SYS_SSH tcp — any any anywhere anywhere tcp dpt:ssh

Chain FORWARD (policy ACCEPT 223K packets, 82M bytes)
pkts bytes target prot opt in out source destination
4577 1807K CapPort all — any any anywhere anywhere

Chain OUTPUT (policy ACCEPT 21195 packets, 6924K bytes)
pkts bytes target prot opt in out source destination
29687 7648K SYS_OUTPUT all — any any anywhere anywhere

Chain CapPort (1 references)
pkts bytes target prot opt in out source destination
2104 411K CapPortACL all — ETH00 any anywhere anywhere

Chain CapPortACL (1 references)
pkts bytes target prot opt in out source destination
2104 411K CapPortFS all — any any anywhere anywhere
1923 399K CapPortFC all — any any anywhere anywhere
1923 399K CapPortWL all — any any anywhere anywhere
4 424 DROP all — any any anywhere anywhere

Chain CapPortFC (1 references)
pkts bytes target prot opt in out source destination

Chain CapPortFS (1 references)
pkts bytes target prot opt in out source destination
181 11720 ACCEPT udp — any any anywhere anywhere udp dpt:domain
0 0 ACCEPT udp — any any anywhere anywhere udp dpt:bootps
0 0 ACCEPT tcp — any any anywhere 192.168.1.1 tcp dpt:http
0 0 ACCEPT tcp — any any anywhere 192.168.1.1 tcp dpt:https

Chain CapPortWL (1 references)
pkts bytes target prot opt in out source destination
1754 343K ACCEPT all — any any 192.168.1.11 anywhere MAC 00:17:A4:D2:18:9C

Chain NetBalancer (0 references)
pkts bytes target prot opt in out source destination

Chain SYS_HTTPS (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all — lo any anywhere anywhere
10375 1353K ACCEPT all — any any anywhere anywhere

Chain SYS_INPUT (1 references)
pkts bytes target prot opt in out source destination
785 74174 ACCEPT all — lo any anywhere anywhere
970 109K ACCEPT tcp — ETH00 any anywhere anywhere tcp dpts:12080:12083
75 3900 DROP tcp — any any anywhere anywhere tcp dpts:12080:12083
67 23448 ACCEPT udp — any any anywhere anywhere udp spt:domain state ESTABLISHED
6 483 ACCEPT tcp — any any anywhere anywhere tcp spt:http state ESTABLISHED
0 0 ACCEPT tcp — any any anywhere anywhere tcp spt:8245 state ESTABLISHED
252 19152 ACCEPT udp — any any anywhere anywhere udp spt:ntp state ESTABLISHED
5459 814K RETURN all — any any anywhere anywhere

Chain SYS_OUTPUT (1 references)
pkts bytes target prot opt in out source destination
803 75774 ACCEPT all — any lo anywhere anywhere
117 8543 ACCEPT udp — any any anywhere anywhere udp dpt:domain
5 405 ACCEPT tcp — any any anywhere anywhere tcp dpt:http
0 0 ACCEPT tcp — any any anywhere anywhere tcp dpt:8245
257 19532 ACCEPT udp — any any anywhere anywhere udp dpt:ntp
8729 2695K RETURN all — any any anywhere anywhere

Chain SYS_SSH (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all — lo any anywhere anywhere
0 0 ACCEPT all — any any 192.168.0.0/24 anywhere
0 0 ACCEPT all — any any 10.237.1.0/24 anywhere
361 24380 ACCEPT all — any any 192.168.1.0/24 anywhere
0 0 DROP all — any any anywhere anywhere
root@zeroshell root>

root@zeroshell root> iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 21384 packets, 2403K bytes)
pkts bytes target prot opt in out source destination
1258 136K CapPort all — any any anywhere anywhere
1633 86776 Proxy tcp — any any anywhere anywhere tcp dpt:http
0 0 DNAT tcp — ETH01 any anywhere anywhere tcp dpt:60001 to:192.168.1.222:80

Chain POSTROUTING (policy ACCEPT 367 packets, 30327 bytes)
pkts bytes target prot opt in out source destination
23270 1931K SNATVS all — any any anywhere anywhere
21853 1817K MASQUERADE all — any BRIDGE00 anywhere anywhere
1050 84297 MASQUERADE all — any ETH01 anywhere anywhere

Chain OUTPUT (policy ACCEPT 6331 packets, 503K bytes)
pkts bytes target prot opt in out source destination

Chain CapPort (1 references)
pkts bytes target prot opt in out source destination
133 6892 CapPortHTTP tcp — ETH00 any anywhere anywhere tcp dpt:http
78 4052 CapPortHTTPS tcp — ETH00 any anywhere anywhere tcp dpt:https
13 676 CapPortGW tcp — ETH00 any anywhere anywhere tcp dpt:12080
0 0 CapPortGW tcp — ETH00 any anywhere anywhere tcp dpt:12081

Chain CapPortGW (2 references)
pkts bytes target prot opt in out source destination
13 676 REDIRECT tcp — any any anywhere anywhere

Chain CapPortHTTP (1 references)
pkts bytes target prot opt in out source destination
115 5956 CapPortProxy all — any any 192.168.1.11 anywhere MAC 00:17:A4:D2:18:9C
0 0 CapPortProxy tcp — any any anywhere 192.168.1.1 tcp dpt:http
4 208 REDIRECT tcp — any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 10/min burst 15 mode srcip-dstport redir ports 12080
0 0 DROP tcp — any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
0 0 REDIRECT tcp — any any anywhere anywhere redir ports 12080

Chain CapPortHTTPS (1 references)
pkts bytes target prot opt in out source destination
76 3948 ACCEPT all — any any 192.168.1.11 anywhere MAC 00:17:A4:D2:18:9C
0 0 ACCEPT tcp — any any anywhere 192.168.1.1 tcp dpt:https
0 0 REDIRECT tcp — any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 10/min burst 15 mode srcip-dstport redir ports 12081
0 0 DROP tcp — any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
0 0 REDIRECT tcp — any any anywhere anywhere redir ports 12081

Chain CapPortProxy (2 references)
pkts bytes target prot opt in out source destination
129 6684 Proxy tcp — any any anywhere anywhere tcp dpt:http
129 6684 ACCEPT all — any any anywhere anywhere

Chain Proxy (2 references)
pkts bytes target prot opt in out source destination

Chain SNATVS (1 references)
pkts bytes target prot opt in out source destination
root@zeroshell root>

April 10, 2010 at 2:26 pm #50080

ppalias
Member

Looks like no packets ever reach the rule of the port forwarding. I hope you had tried some times to access the webcam on port 60001
The bridge interface what is bridging exactly? I hope you are not bridging ETH01 and the internal network…
Author

Posts

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.