Setting portforward by telnet

An area specifically for port forwarding, firewalls and other (on-line) security related issues.
Post Reply
bingel
Novice
Novice
Posts: 29
Joined: Tue Jul 09, 2013 2:07 am

Setting portforward by telnet

Post by bingel » Sun Jul 14, 2013 7:58 am

I would like to set iptables rules through telnet using, for example, a command like this:

Code: Select all

# iptables -I FORWARD 2 -p tcp -i ppp0 -d 192.168.1.2 --dport 4662 -j ACCEPT
where:

- 192.168.1.2 is my PC ip address
- 4662 the port I want to open (amule)

If i execute this command I can see that the rule is correctly applied by iptables:

Code: Select all

# iptables -vL

Chain FORWARD (policy ACCEPT 8843 packets, 1194K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 1790 1248K ACCEPT     all  --  ppp0   any     anywhere             anywhere           state RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  ppp0   any     anywhere             192.168.1.2        tcp dpt:4662 
  419 25084 TCPMSS     tcp  --  any    ppp0    anywhere             anywhere           tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU 
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere           icmp fragmentation-needed 
    0     0 DROP       all  --  ppp0   any     anywhere             anywhere           
but then if I check if port is open, the result is negative.

Instead, if I open the same port using the web interface all goes right.

Therefore I think I also have to set some other parameter in way portforwarding can work properly but I do not know what it is.

Anyone could help me?
bingel
Novice
Novice
Posts: 29
Joined: Tue Jul 09, 2013 2:07 am

Re: Setting portforward by telnet

Post by bingel » Mon Jul 15, 2013 7:47 am

I try to rephrase the question: is there a way to figure out what the web interface does when you run the portforwarding of a door?
User avatar
thechief
RouterTech Team
RouterTech Team
Posts: 12067
Joined: Wed Feb 01, 2006 10:22 pm
Location: England, the Centre of Africa
Contact:

Re: Setting portforward by telnet

Post by thechief » Mon Jul 15, 2013 3:00 pm

There are various dialogues going on in the background, between the core logic and the web server. You will be able to see some of it (as formatted messages to cm_logic) in the system log, if you use the most verbose logging levels (e.g., "debug"). Be warned however, that the level of messaging at the debug logging level can bring the router down - especially on low memory routers such as yours. You would be well advised to NOT save the settings after changing the log levels from the default, so that if the router hangs, you can simply unplug it and plug it in again.
The Chief: :afro: Be sure to read the Firmware FAQ and do a Forum Search before posting!
No support via PM. Ask all questions on the open forum.
bingel
Novice
Novice
Posts: 29
Joined: Tue Jul 09, 2013 2:07 am

Re: Setting portforward by telnet

Post by bingel » Mon Jul 15, 2013 10:24 pm

Just tried it. The modem hangs (bring down).
User avatar
thechief
RouterTech Team
RouterTech Team
Posts: 12067
Joined: Wed Feb 01, 2006 10:22 pm
Location: England, the Centre of Africa
Contact:

Re: Setting portforward by telnet

Post by thechief » Mon Jul 15, 2013 11:32 pm

Then you're out of luck. You can try studying the html and javascript files that make up the web interface, to see what you can learn. Be warned - it is spaghetti code at its worst. It is not for the faint-hearted.
The Chief: :afro: Be sure to read the Firmware FAQ and do a Forum Search before posting!
No support via PM. Ask all questions on the open forum.
bingel
Novice
Novice
Posts: 29
Joined: Tue Jul 09, 2013 2:07 am

Re: Setting portforward by telnet

Post by bingel » Tue Jul 16, 2013 11:20 pm

...not new to html but not enough time, know-how and patience to do this work.
I was hoping that those who had implemented this router feature (portforwarding) were able to help me.
bingel
Novice
Novice
Posts: 29
Joined: Tue Jul 09, 2013 2:07 am

Re: Setting portforward by telnet

Post by bingel » Tue Jul 16, 2013 11:27 pm

...however all I want to do is a launcher (my OS is linux) that launch a script which open amule ports (or any other port) without using the web interface (the script open a menu with a predetermined list of ports where you can choose the port to open).

The script uses telnet to do the job and to communicate with the router.

If you know an alternate way to do that I will be happy to hear you.
bingel
Novice
Novice
Posts: 29
Joined: Tue Jul 09, 2013 2:07 am

Re: Setting portforward by telnet

Post by bingel » Tue Jul 16, 2013 11:37 pm

...this is to speed up the setting of the portforwarding (you haven't to go through the web interface which makes the operation slow and cumbersome) ...moreover you can set amule or the interested program to automatically open the door it need when you launch the program.
User avatar
thechief
RouterTech Team
RouterTech Team
Posts: 12067
Joined: Wed Feb 01, 2006 10:22 pm
Location: England, the Centre of Africa
Contact:

Re: Setting portforward by telnet

Post by thechief » Wed Jul 17, 2013 8:46 am

The router is running linux, so you should be able to do it the same way as you would in any standard linux 2.4 system. If you can get your script to do the job on your linux box, then it should work on the router too. I am no networking guru, but I suspect it involves more than just one iptables command.
The Chief: :afro: Be sure to read the Firmware FAQ and do a Forum Search before posting!
No support via PM. Ask all questions on the open forum.
bingel
Novice
Novice
Posts: 29
Joined: Tue Jul 09, 2013 2:07 am

Re: Setting portforward by telnet

Post by bingel » Wed Jul 17, 2013 8:48 pm

To use a linux box as a gateway you have to set some parameters I can't found in routertech embedded linux system.

Instead, as regards iptables, it seems to me the necessary commands are all there (obviously, for amule, you have to open also other 2 ports).
mstombs
RouterTech Team
RouterTech Team
Posts: 3753
Joined: Wed Jan 10, 2007 11:54 pm

Re: Setting portforward by telnet

Post by mstombs » Thu Jul 18, 2013 12:46 pm

port forwards need an entry in the nat PREROUTING table and the filter FORWARD

take a look at the output of

Code: Select all

iptables -nvL
iptables -nvL -t nat
A problem of doing anything manually is that the rules get re-written on web gui or wan reconnect, so you have to re-apply the custom rules.
bingel
Novice
Novice
Posts: 29
Joined: Tue Jul 09, 2013 2:07 am

Re: Setting portforward by telnet

Post by bingel » Thu Jul 18, 2013 7:58 pm

Thank you very much, now it's all right.
You are a great team!!!
A problem of doing anything manually is that the rules get re-written on web gui or wan reconnect, so you have to re-apply the custom rules.
This is really not important.
Thank you again.
bingel
Novice
Novice
Posts: 29
Joined: Tue Jul 09, 2013 2:07 am

Re: Setting portforward by telnet

Post by bingel » Thu Jul 18, 2013 8:06 pm

...however, to avoid what you say, it would be sufficient to know what data (and where) the web interface writes when you set the portforward of a port.
User avatar
thechief
RouterTech Team
RouterTech Team
Posts: 12067
Joined: Wed Feb 01, 2006 10:22 pm
Location: England, the Centre of Africa
Contact:

Re: Setting portforward by telnet

Post by thechief » Thu Jul 18, 2013 9:41 pm

You will find this information in the html/js files of the web ui.
The Chief: :afro: Be sure to read the Firmware FAQ and do a Forum Search before posting!
No support via PM. Ask all questions on the open forum.
bingel
Novice
Novice
Posts: 29
Joined: Tue Jul 09, 2013 2:07 am

Re: Setting portforward by telnet

Post by bingel » Fri Jul 19, 2013 12:56 am

Sure, but as already said not enough knowledge to do this job.
For the time being I'll settle for only change the iptables rules.

Thanks again.


PS: I publish my script below in case it may be useful (even as a starting point) to someone else. Currently it is only set for edonkey (emule/amule) and torrent:

Code: Select all

#!/bin/bash

# This script needs, to run, that the following programs are installed on your system:
#
# - expect
# - zenity
# - telnet
#
# Do not indent the part of code relating to "expect" (it should be glued to the left) or the script won't work anymore.


### general settings ###

# router password (in clear ...it's not exactly the best, I know!)
router_password="your_router_password"

# router ip
rip="192.168.1.1"

# local ip (PC)
lip=$(ifconfig | grep "$(cut -d "." -f 1-3 <<< $rip)." | awk '{print $2}' | cut -d ":" -f 2)

### amule settings###

# amule ports to open
atcpport=4662
audpport=$(($atcpport+3))
audpextport=4672

### torrent settings###

# torrent port to open
ttcpport=51413

### begin script ###

choice=$(zenity --width 240 --height 240 --list --title "Forward router ports" --text "Make your choice:" --hide-column 1 --column "" --column "  Action" 1 "  EDonkey open" 2 "  Edonkey closed" "" "" 3 "  Torrent open" 4 "  Torrent closed")

case $choice in

1)

/usr/bin/expect -f - << EndMark
spawn telnet $rip
expect "*?:*"
send -- "root\r"
expect "*?:*"
send -- "$router_password\r"
expect "*?#*"
send -- "iptables -D FORWARD -p tcp -i ppp0 -d $lip --dport $atcpport -j ACCEPT\r"
expect "*?#*"
send -- "iptables -D FORWARD -p udp -i ppp0 -d $lip --dport $audpextport -j ACCEPT\r"
expect "*?#*"
send -- "iptables -D FORWARD -p udp -i ppp0 -d $lip --dport $audpport -j ACCEPT\r"
expect "*?#*"
send -- "iptables -D PREROUTING -t nat -p tcp -i ppp0 --dport $atcpport -j DNAT --to $lip:$atcpport\r"
expect "*?#*"
send -- "iptables -D PREROUTING -t nat -p udp -i ppp0 --dport $audpextport -j DNAT --to $lip:$audpextport\r"
expect "*?#*"
send -- "iptables -D PREROUTING -t nat -p udp -i ppp0 --dport $audpport -j DNAT --to $lip:$audpport\r"
expect "*?#*"
send -- "iptables -I FORWARD 2 -p tcp -i ppp0 -d $lip --dport $atcpport -j ACCEPT\r"
expect "*?#*"
send -- "iptables -I FORWARD 2 -p udp -i ppp0 -d $lip --dport $audpextport -j ACCEPT\r"
expect "*?#*"
send -- "iptables -I FORWARD 2 -p udp -i ppp0 -d $lip --dport $audpport -j ACCEPT\r"
expect "*?#*"
send -- "iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport $atcpport -j DNAT --to $lip:$atcpport\r"
expect "*?#*"
send -- "iptables -A PREROUTING -t nat -p udp -i ppp0 --dport $audpextport -j DNAT --to $lip:$audpextport\r"
expect "*?#*"
send -- "iptables -A PREROUTING -t nat -p udp -i ppp0 --dport $audpport -j DNAT --to $lip:$audpport\r"
expect "*?#*"
EndMark

;;

2)

/usr/bin/expect -f - << EndMark
spawn telnet $rip
expect "*?:*"
send -- "root\r"
expect "*?:*"
send -- "$router_password\r"
expect "*?#*"
send -- "iptables -D FORWARD -p tcp -i ppp0 -d $lip --dport $atcpport -j ACCEPT\r"
expect "*?#*"
send -- "iptables -D FORWARD -p udp -i ppp0 -d $lip --dport $audpextport -j ACCEPT\r"
expect "*?#*"
send -- "iptables -D FORWARD -p udp -i ppp0 -d $lip --dport $audpport -j ACCEPT\r"
expect "*?#*"
send -- "iptables -D PREROUTING -t nat -p tcp -i ppp0 --dport $atcpport -j DNAT --to $lip:$atcpport\r"
expect "*?#*"
send -- "iptables -D PREROUTING -t nat -p udp -i ppp0 --dport $audpextport -j DNAT --to $lip:$audpextport\r"
expect "*?#*"
send -- "iptables -D PREROUTING -t nat -p udp -i ppp0 --dport $audpport -j DNAT --to $lip:$audpport\r"
expect "*?#*"
EndMark

;;

3)

/usr/bin/expect -f - << EndMark
spawn telnet $rip
expect "*?:*"
send -- "root\r"
expect "*?:*"
send -- "$router_password\r"
expect "*?#*"
send -- "iptables -D FORWARD -p tcp -i ppp0 -d $lip --dport $ttcpport -j ACCEPT\r"
expect "*?#*"
send -- "iptables -D PREROUTING -t nat -p tcp -i ppp0 --dport $ttcpport -j DNAT --to $lip:$ttcpport\r"
expect "*?#*"
send -- "iptables -I FORWARD 2 -p tcp -i ppp0 -d $lip --dport $ttcpport -j ACCEPT\r"
expect "*?#*"
send -- "iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport $ttcpport -j DNAT --to $lip:$ttcpport\r"
expect "*?#*"
EndMark

;;

4)

/usr/bin/expect -f - << EndMark
spawn telnet $rip
expect "*?:*"
send -- "root\r"
expect "*?:*"
send -- "$router_password\r"
expect "*?#*"
send -- "iptables -D FORWARD -p tcp -i ppp0 -d $lip --dport $ttcpport -j ACCEPT\r"
expect "*?#*"
send -- "iptables -D PREROUTING -t nat -p tcp -i ppp0 --dport $ttcpport -j DNAT --to $lip:$ttcpport\r"
expect "*?#*"
EndMark

;;

esac
Post Reply