Correct OpenWRT configuration for iptables PREROUTING rule
After a few more hours of trying, I was able to get this working with the help of this article; https://www.debuntu.org/how-to-redirecting-network-traffic-to-a-new-ip-using-iptables/
My POSTROUTING command was not correct. Switching to the following command worked:
iptables -t nat -I POSTROUTING -j MASQUERADE
Related videos on Youtube
![IPTABLES [PART-1] : "UNDERSTANDING THE CONCEPT"](https://i.ytimg.com/vi/vbhr4csDeI4/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLBovKYd5heeT0eQFP4enqBJ_GCa1Q)
07 : 53
13 : 34
01 : 38
31 : 02
14 : 39
Shawn McGough
Over 20 years of experience designing & building enterprise applications.
Updated on September 18, 2022Comments
-
Shawn McGough over 1 year
I've recently switch my router firmware from Tomato to OpenWRT. I had the iptable commands below which would intercept http requests to an internal ip (192.168.1.254) on port 80 and redirect to a different internal ip (192.168.1.133) on port 8082.
This configuration is not working working on OpenWRT. I've entered it in the Firewall - Custom Rules section.
iptables -t nat -I PREROUTING -p tcp -d 192.168.1.254 --dport 80 -j DNAT --to-destination 192.168.1.133:8082 iptables -t nat -I POSTROUTING -p tcp --dport 80 -j MASQUERADEI've read up quite a bit but most guides are how to set up WAN port forwarding. I've been at it for hours and have had to boot OpenWRT into failsafe mode a few times. I would be grateful for any help.
Additional details:
- I had these commands working on the Tomato router
- both IPs are PING-able from inside the network
- target IP & port (192.168.1.133:8082) serves content when hit directly
- both IPs are PING-able from inside the network
-
Nick Garvey almost 8 yearsI just fought with this for an hour and a half and this was the problem. Thank you :)!