Hi there, I was trying to do a port forwarding, basic stuff for gaming purpose.
If I set internal ip address to any, it does not work. I have to create a rule with a specific ip then it works.
Can I provide a range like 162.168.1.2:192.168.1.100 or it is not recommended?
The port forwarding is to redirect a port from a public IP to a computer on the local network.
It works like a mailman with a letter say “John Doe, 12 avenue Something, 99999 Somewhere” and at this address, many mailbox with apartment number.
The mailman should know which name goes to which mailbox.
If you set, John Doe is on mailbox 10 to 50, the mailman is not able to put the mail in the correct box.
So for port forwarding it’s the same, the router have to know which port redirect to which host.
If the host not respond or the port is closed, the router NAK the packet.
If you want a dynamic port forwarding, see the protocol uPNP.
OK makes sense.Understood. Thanks.
I want to specify a list of IP ranges as source IP, i.e. Cloudflare IP addresses:
173.245.48.0/20
103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
141.101.64.0/18
108.162.192.0/18
190.93.240.0/20
188.114.96.0/20
197.234.240.0/22
198.41.128.0/17
162.158.0.0/15
104.16.0.0/13
104.24.0.0/14
172.64.0.0/13
131.0.72.0/22
How do I do that in Turris Luci? I can add a custom entry, but I want to add the above range.
Any idea?
Thanks!
Maybe … this is the right answer for solving your problem:
https://forum.openwrt.org/t/firewall-port-forwards-multiple-ip-addresses-from-wan-lan-with-luci/150480/10
1 Like
There is a solution on the very bottom of this page (only you have to modify it for src_ip instead of dest_ip):
Only one src_ip is permitted, no list, too bad ;-(:
ipset is the way to go:
uci -q delete firewall.cf_set
uci set firewall.cf_set=“ipset”
uci set firewall.cf_set.name=“cf_set”
uci set firewall.cf_set.storage=“hash”
uci set firewall.cf_set.family=“ipv4”
uci set firewall.cf_set.match=“src_net”
uci set firewall.cf_set.loadfile="/root/cf_set.txt"
uci -q delete firewall.cf_proxy1
uci set firewall.cf_proxy1=“redirect”
uci set firewall.cf_proxy1.name=“Allow-Cloudflare-Nginx-80”
uci set firewall.cf_proxy1.target=“DNAT”
uci set firewall.cf_proxy1.src=“wan”
uci set firewall.cf_proxy1.dest=“lan”
uci set firewall.cf_proxy1.proto=“tcp”
uci set firewall.cf_proxy1.family=“ipv4”
uci set firewall.cf_proxy1.src_dport=“80”
uci set firewall.cf_proxy1.dest_port=“21080”
uci set firewall.cf_proxy1.ipset=“cf_set”
uci set firewall.cf_proxy1.dest_ip=“192.168.8.112”
uci -q delete firewall.cf_proxy2
uci set firewall.cf_proxy2=“redirect”
uci set firewall.cf_proxy2.name=“Allow-Cloudflare-Nginx-443”
uci set firewall.cf_proxy2.target=“DNAT”
uci set firewall.cf_proxy2.src=“wan”
uci set firewall.cf_proxy2.dest=“lan”
uci set firewall.cf_proxy2.proto=“tcp”
uci set firewall.cf_proxy2.family=“ipv4”
uci set firewall.cf_proxy2.src_dport=“443”
uci set firewall.cf_proxy2.dest_port=“21443”
uci set firewall.cf_proxy2.ipset=“cf_set”
uci set firewall.cf_proxy2.dest_ip=“192.168.8.112”
cat cf_set.txt
162.158.0.0/15
103.31.4.0/22
104.24.0.0/14
108.162.192.0/18
198.41.128.0/17
172.64.0.0/13
173.245.48.0/20
190.93.240.0/20
141.101.64.0/18
188.114.96.0/20
104.16.0.0/13
131.0.72.0/22
103.21.244.0/22
197.234.240.0/22
103.22.200.0/22