当前位置:网站首页>26 openwrt port forwarding DMZ UPnP
26 openwrt port forwarding DMZ UPnP
2022-07-28 04:19:00 【Creator_ Ly】
We often configure port forwarding rules on the router , It is used to access a port of the intranet machine ,openwrt There are many ways to realize port forwarding in the above .
1、 Port forwarding
For example, I want to use wan Oral IP,192.168.2.180, Remote connection lan Intraoral network 192.168.18.235 Of ubuntu, How to achieve :
- Establish a port forwarding rule , take
2222 port , Access the router intranet 192.168.18.235ubuntu Of 22 port ,
Add the following rules under the firewall cat /etc/config/firewall
config redirect
option enabled '1'
option proto 'tcp'
option comment 'ubuntu'
option src_dport '2222'
option dest_ip '192.168.18.235'
option dest_port '22'
option src 'wan'
option target 'DNAT'
option dest 'lan'
The actual implementation is in iptable Of nat The following rules have been added below the table
[email protected]:/# iptables -t nat -nvL | grep 235
307 23589 zone_lan_prerouting all -- br-lan * 0.0.0.0/0 0.0.0.0/0
0 0 SNAT tcp -- * * 192.168.18.0/24 192.168.18.235 tcp dpt:22 /* @redirect[0] (reflection) */ to:192.168.18.1
307 23589 prerouting_lan_rule all -- * * 0.0.0.0/0 0.0.0.0/0 /* user chain for prerouting */
0 0 DNAT tcp -- * * 192.168.18.0/24 192.168.2.180 tcp dpt:2222 /* @redirect[0] (reflection) */ to:192.168.18.235:22
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 /* @redirect[0] */ to:192.168.18.235:22
This way wan ip Add src_dport You can access the intranet machine ssh Port .
2、DMZ
dmz The enhanced port forwarding , For example, your intranet IP There are 22 Port to ssh use , Also have 80 Port to web use , Also have 23 Port to telnet use . If you use port forwarding , You need to establish three port forwarding rules . use dmz You can do it all at once .
Add the following rules under the firewall cat /etc/config/firewall
config redirect 'dmz'
option name 'dmz'
option src 'wan'
option proto 'tcp'
option target 'DNAT'
option dest_ip '192.168.18.235'
option enabled '1'
config redirect 'dmzudp'
option name 'dmzudp'
option src_port '!67'
option src 'wan'
option proto 'udp'
option target 'DNAT'
option dest_ip '192.168.18.235'
option enabled '1'
The actual implementation is in iptable Of nat The following rules have been added below the table
[email protected]:/# iptables -t nat -nvL | grep 235
0 0 SNAT tcp -- * * 192.168.18.0/24 192.168.18.235 /* dmz (reflection) */ to:192.168.18.1
0 0 SNAT udp -- * * 192.168.18.0/24 192.168.18.235 /* dmzudp (reflection) */ to:192.168.18.1
0 0 DNAT tcp -- * * 192.168.18.0/24 192.168.2.180 /* dmz (reflection) */ to:192.168.18.235
0 0 DNAT udp -- * * 192.168.18.0/24 192.168.2.180 /* dmzudp (reflection) */ to:192.168.18.235
5 405 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* dmz */ to:192.168.18.235
26 2270 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:!67 /* dmzudp */ to:192.168.18.23
3、Upnp
openwrt The use of miniupnpd Services to achieve upnp service
[email protected]:# ps | grep mini
25503 root 1076 S /usr/sbin/miniupnpd -f /var/etc/miniupnpd.conf
28450 root 1520 S grep mini
/etc/config/upnpd Inside log_output Set to 1, Can be in logread Check the interaction log .
config upnpd 'config'
option enable_natpmp '1'
option enable_upnp '1'
option secure_mode '1'
option log_output '1'
Turn on upnp When :
Open the control panel -> The Internet and Internet-> Check out network computers and devices , You can see the router
Right click to view the properties to see the router information
- Manufacturer
- model
- Device web page
- mac Address
- Unique identifier
- IP Address
You can see the router sending packets SSDP Broadcast package to 239.255.255.250,NOTIFY The message contains the above information .
close upnp When :
Open the control panel -> The Internet and Internet-> Check out network computers and devices , Router lost
You can see the router sending packets SSDP Broadcast package to 239.255.255.250,NOTIFY Message content is byebye.
upnp Implement port mapping
upnp Port mapping can be implemented in another way , The client tells the router , Which port do I want to go through and which port should I go to , Then the router helps establish port forwarding rules .
ubuntu install upnpc
sudo apt-get install -y miniupnpc
ubuntu Of ssh add to 2222 port ,upnp By default, only 1024-65535 Mapping of ports
config perm_rule
option action 'allow'
option ext_ports '1024-65535'
option int_addr '0.0.0.0/0'
option int_ports '1024-65535'
option comment 'Allow high ports
sudo vim /etc/ssh/sshd_config
Port 22
Port 2222
sudo /etc/init.d/ssh restart
ubuntu adopt upnpc Request to add port mapping ,2222 The internal port ,9000 External port
upnpc -a 192.168.17.233 2222 9000 TCP
At this time upnp.leases A message will be added below ,iptable -t nat Now add a rule . Complete port mapping
[email protected]:/# cat /var/upnp.leases
TCP:9000:192.168.17.233:2222:1655716845:libminiupnpc
ubuntu adopt upnpc Request to delete port mapping
upnpc -d 192.168.17.233 2222 9000 TCP
When starting thunderbolt download
The following information will be upnpd Capture to
[email protected]:/# cat /var/upnp.leases
TCP:54366:192.168.17.151:53533:1655706396:PTL-000C29A6B88AGXGA
UDP:54366:192.168.17.151:54366:1655706396:PTL-000C29A6B88AGXGA
TCP:53532:192.168.17.151:53532:1655706396:PTL-000C29A6B88AGXGA
[email protected]:/# iptables -t nat -nvL
Chain MINIUPNPD (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:63016 to:192.168.17.151:53866
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:63016 to:192.168.17.151:63016
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53864 to:192.168.17.151:53864
边栏推荐
- [untitled]
- security异常处理机制
- Kingbasees Security Guide for Jincang database -- 4 data access protection
- 2022.7.13-----leetcode.735
- Virtual machine class loading mechanism
- Servlet usage
- Go结构体
- 《Intel Arria 10 Avalon-MM DMA Interface for PCI Express Solutions User Guide》文档学习
- 仿真测试断开服务器公网连接
- ServletContext、request、response
猜你喜欢
Information system project manager (2022) - key content: Project Procurement Management (12)
Thoroughly understand the sharing function in wechat games
Cyber Nuwa, how to make digital people?
Power consumption: leakage power
Glusterfs file is not mounted, permission: R-S
Iterator function operation of iterator learning
一名合格的软件测试工程师,应该具备哪些技术能力?
![[untitled]](/img/c3/cf88f04d5aaba61d3a7464ff56ce15.png)
[untitled]
Go结构体
Servlet usage
随机推荐
Notes to subject 2
Cyber Nuwa, how to make digital people?
Classification cluster analysis
Information system project manager (2022) - key content: intellectual property rights and standards and specifications (22)
Combination of Oracle and Premier League statistics and presentation
[mathematical modeling] Based on MATLAB seismic exploration Marmousi model [including Matlab source code, 1977]
Glusterfs file is not mounted, permission: R-S
C#跨线程刷新前台UI
【day03】流程控制语句
Slice slice
Difference between on, where and having
RN interface jump description
Kotlin——函数
cookie与Session
Error no matching function for call to 'std:: exception:: exception (const char [15])' problem solving
7/27 (board) dyeing method to determine bipartite graph + find combination number (recursive formula)
[untitled]
Kingbasees Security Guide for Jincang database -- 4 data access protection
2022.7.13-----leetcode.735
Filters, interceptors, listeners