Port Mapping / Forwarding

Home Page Forums Network Management ZeroShell Port Mapping / Forwarding

This topic contains 2 replies, has 0 voices, and was last updated by  megabit 9 years, 1 month ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #42337

    megabit
    Member

    All,
    I’ve be using ZS for a few weeks and I’m very impressed with it’s features. I have worked out most om my issues but a few things still elude me.

    I can’t seem to get the System> Router> Virtual Server to work for me, I may be trying make it do what it isn’t supposed to or just plain doing it wrong.

    What I have is ZS configured as Captive Portal with NAT enabled. I have several Wireless Access Points (WAPs) connected on the LAN side (ETH00) (192.168.1.1) via an 8 port switch.

    The WAN side (ETH01) (69.xxx.70.1) interface is connected to a router to the ISP.

    The WAPs are manageable via HTTP interface using port 80. Each WAP has a unique IP within the LAN subnet. I need to manage these WAPs from 200 miles away.

    I am trying to map ETH01 69.xxx.70.1 port 60001 to WAP 192.168.1.201 port 80.

    This way in my browser I enter http://69.xxx.70.1:60001 and connected to the WAP with the IP of 192.168.1.201.

    If ZS can’t do this then is there some other way to do it outside of ZS?

    I am running ZS on a hard drive no CD or flash

    Thanks,

    Megabit

    #50078

    ppalias
    Member

    Could you paste here the output of commands

    iptables -L -v
    iptables -t nat -L -v
    #50079

    megabit
    Member

    Ppalias,
    Here is the entry in the Virtual Server tab first then the iptables print outs.

    Thanks for any help
    Megabit

    Interface/IP address Protocol Local Port Real Servers
    ETH01 / ANY TCP 60001 192.168.1.222:80




    root@zeroshell root> iptables -L -v
    Chain INPUT (policy ACCEPT 7524 packets, 1278K bytes)
    pkts bytes target prot opt in out source destination
    28196 3835K SYS_INPUT all — any any anywhere anywhere
    28 3227 SYS_HTTPS tcp — any any anywhere anywhere tcp dpt:http
    10347 1350K SYS_HTTPS tcp — any any anywhere anywhere tcp dpt:https
    361 24380 SYS_SSH tcp — any any anywhere anywhere tcp dpt:ssh

    Chain FORWARD (policy ACCEPT 223K packets, 82M bytes)
    pkts bytes target prot opt in out source destination
    4577 1807K CapPort all — any any anywhere anywhere

    Chain OUTPUT (policy ACCEPT 21195 packets, 6924K bytes)
    pkts bytes target prot opt in out source destination
    29687 7648K SYS_OUTPUT all — any any anywhere anywhere

    Chain CapPort (1 references)
    pkts bytes target prot opt in out source destination
    2104 411K CapPortACL all — ETH00 any anywhere anywhere

    Chain CapPortACL (1 references)
    pkts bytes target prot opt in out source destination
    2104 411K CapPortFS all — any any anywhere anywhere
    1923 399K CapPortFC all — any any anywhere anywhere
    1923 399K CapPortWL all — any any anywhere anywhere
    4 424 DROP all — any any anywhere anywhere

    Chain CapPortFC (1 references)
    pkts bytes target prot opt in out source destination

    Chain CapPortFS (1 references)
    pkts bytes target prot opt in out source destination
    181 11720 ACCEPT udp — any any anywhere anywhere udp dpt:domain
    0 0 ACCEPT udp — any any anywhere anywhere udp dpt:bootps
    0 0 ACCEPT tcp — any any anywhere 192.168.1.1 tcp dpt:http
    0 0 ACCEPT tcp — any any anywhere 192.168.1.1 tcp dpt:https

    Chain CapPortWL (1 references)
    pkts bytes target prot opt in out source destination
    1754 343K ACCEPT all — any any 192.168.1.11 anywhere MAC 00:17:A4:D2:18:9C

    Chain NetBalancer (0 references)
    pkts bytes target prot opt in out source destination

    Chain SYS_HTTPS (2 references)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT all — lo any anywhere anywhere
    10375 1353K ACCEPT all — any any anywhere anywhere

    Chain SYS_INPUT (1 references)
    pkts bytes target prot opt in out source destination
    785 74174 ACCEPT all — lo any anywhere anywhere
    970 109K ACCEPT tcp — ETH00 any anywhere anywhere tcp dpts:12080:12083
    75 3900 DROP tcp — any any anywhere anywhere tcp dpts:12080:12083
    67 23448 ACCEPT udp — any any anywhere anywhere udp spt:domain state ESTABLISHED
    6 483 ACCEPT tcp — any any anywhere anywhere tcp spt:http state ESTABLISHED
    0 0 ACCEPT tcp — any any anywhere anywhere tcp spt:8245 state ESTABLISHED
    252 19152 ACCEPT udp — any any anywhere anywhere udp spt:ntp state ESTABLISHED
    5459 814K RETURN all — any any anywhere anywhere

    Chain SYS_OUTPUT (1 references)
    pkts bytes target prot opt in out source destination
    803 75774 ACCEPT all — any lo anywhere anywhere
    117 8543 ACCEPT udp — any any anywhere anywhere udp dpt:domain
    5 405 ACCEPT tcp — any any anywhere anywhere tcp dpt:http
    0 0 ACCEPT tcp — any any anywhere anywhere tcp dpt:8245
    257 19532 ACCEPT udp — any any anywhere anywhere udp dpt:ntp
    8729 2695K RETURN all — any any anywhere anywhere

    Chain SYS_SSH (1 references)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT all — lo any anywhere anywhere
    0 0 ACCEPT all — any any 192.168.0.0/24 anywhere
    0 0 ACCEPT all — any any 10.237.1.0/24 anywhere
    361 24380 ACCEPT all — any any 192.168.1.0/24 anywhere
    0 0 DROP all — any any anywhere anywhere
    root@zeroshell root>



    root@zeroshell root> iptables -t nat -L -v
    Chain PREROUTING (policy ACCEPT 21384 packets, 2403K bytes)
    pkts bytes target prot opt in out source destination
    1258 136K CapPort all — any any anywhere anywhere
    1633 86776 Proxy tcp — any any anywhere anywhere tcp dpt:http
    0 0 DNAT tcp — ETH01 any anywhere anywhere tcp dpt:60001 to:192.168.1.222:80

    Chain POSTROUTING (policy ACCEPT 367 packets, 30327 bytes)
    pkts bytes target prot opt in out source destination
    23270 1931K SNATVS all — any any anywhere anywhere
    21853 1817K MASQUERADE all — any BRIDGE00 anywhere anywhere
    1050 84297 MASQUERADE all — any ETH01 anywhere anywhere

    Chain OUTPUT (policy ACCEPT 6331 packets, 503K bytes)
    pkts bytes target prot opt in out source destination

    Chain CapPort (1 references)
    pkts bytes target prot opt in out source destination
    133 6892 CapPortHTTP tcp — ETH00 any anywhere anywhere tcp dpt:http
    78 4052 CapPortHTTPS tcp — ETH00 any anywhere anywhere tcp dpt:https
    13 676 CapPortGW tcp — ETH00 any anywhere anywhere tcp dpt:12080
    0 0 CapPortGW tcp — ETH00 any anywhere anywhere tcp dpt:12081

    Chain CapPortGW (2 references)
    pkts bytes target prot opt in out source destination
    13 676 REDIRECT tcp — any any anywhere anywhere

    Chain CapPortHTTP (1 references)
    pkts bytes target prot opt in out source destination
    115 5956 CapPortProxy all — any any 192.168.1.11 anywhere MAC 00:17:A4:D2:18:9C
    0 0 CapPortProxy tcp — any any anywhere 192.168.1.1 tcp dpt:http
    4 208 REDIRECT tcp — any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 10/min burst 15 mode srcip-dstport redir ports 12080
    0 0 DROP tcp — any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
    0 0 REDIRECT tcp — any any anywhere anywhere redir ports 12080

    Chain CapPortHTTPS (1 references)
    pkts bytes target prot opt in out source destination
    76 3948 ACCEPT all — any any 192.168.1.11 anywhere MAC 00:17:A4:D2:18:9C
    0 0 ACCEPT tcp — any any anywhere 192.168.1.1 tcp dpt:https
    0 0 REDIRECT tcp — any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 10/min burst 15 mode srcip-dstport redir ports 12081
    0 0 DROP tcp — any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
    0 0 REDIRECT tcp — any any anywhere anywhere redir ports 12081

    Chain CapPortProxy (2 references)
    pkts bytes target prot opt in out source destination
    129 6684 Proxy tcp — any any anywhere anywhere tcp dpt:http
    129 6684 ACCEPT all — any any anywhere anywhere

    Chain Proxy (2 references)
    pkts bytes target prot opt in out source destination

    Chain SNATVS (1 references)
    pkts bytes target prot opt in out source destination
    root@zeroshell root>

    #50080

    ppalias
    Member

    Looks like no packets ever reach the rule of the port forwarding. I hope you had tried some times to access the webcam on port 60001
    The bridge interface what is bridging exactly? I hope you are not bridging ETH01 and the internal network…

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.