Results 1 to 10 of 16

Thread: PortFwd without Router Login?

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    22

    Default PortFwd without Router Login?

    If im not mistaken I use Ip Tables to do this?

    I've researched a little and I just wanted to find out some answers:

    iptables –t nat –A PREROUTING –p udp 50* –j DNAT –-to 192.168.1.106
    iptables –P FORWARD ACCEPT
    iptables –-table nat –-append POSTROUTING –-out-interface eth0 –j MASQUERADE

    In order to make the forwarding work, can I just run these commands? Can I specify the port by just adding the number *'d above? Do I need to ARP the router? Set up MiTM between me and router?

    I saw a simliar thread with these commands but it was quite old and I didnt want to revive an old thread. Also it didnt quite answer those questions.

    Thank you in advance

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Can you provide some more detail about how you have your network setup and exactly what you want to achieve by enabling port forwarding (is there a particular application you need to get working for example)?
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default

    There's two ways of setting up port forwarding on a router:

    1) You connect to the router via telnet or HTTP, give it the username and password, then proceed to change the settings.
    2) Use the UPnP protocol if it's supported by your router. With the UPnP protocol, you can send requests to your router to do stuff like open NAT pinholes.

    Here's some info on UPnP:

    CodeProject: Using UPnP for Programmatic Port Forwardings and NAT Traversal. Free source code and programming help
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

  4. #4
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    Quote Originally Posted by Virchanza View Post
    There's two ways of setting up port forwarding on a router:

    1) You connect to the router via telnet or HTTP, give it the username and password, then proceed to change the settings.
    2) Use the UPnP protocol if it's supported by your router. With the UPnP protocol, you can send requests to your router to do stuff like open NAT pinholes.

    Here's some info on UPnP:

    CodeProject: Using UPnP for Programmatic Port Forwardings and NAT Traversal. Free source code and programming help
    Thank you for that i was completely unaware of this.

    I know its the wrong place and i had really no reason to seek out a place to ask, or research it myself .. but since this is here why not.

    Besides uPnP, would the iptables method work on my openwrt router ? .. aswell as my ddwrt?
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

  5. #5
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default

    Wait a minute... which situation are you in?

    Situation 1: You're using a Linux computer that's connected to a LAN which has a router. You want to use the Linux machine to enable port forwarding on the router.

    Situation 2: You're playing around with programming a router (e.g. OpenWRT).

    These are two very different situations. The solution I offered was for Situation 1.

    As for Situation 2: Well if you're running Linux on a router, then I suppose using IPTables would be the way to go about it... but I've never done it before so I can't give any advice.
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

  6. #6
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    It is situation 1, but i do have openwrt on my router as the firmware. If i can do it with iptables that would be great as it saves me having to ssh wrap the http connection when im away.
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

  7. #7
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    From what I'm reading the op is trying to bypass the current network's router to get mail forwarding using iptables on his laptop.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  8. #8
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by vvpalin View Post
    Besides uPnP, would the iptables method work on my openwrt router ? .. aswell as my ddwrt?
    If your router is running Linux, and has NetFilter extensions compiled into the kernel, and if the iptables binary and required support libraries are present on the router, AND you can gain shell access or run shell commands with sufficient privilege to run iptables, then this should be possible, yes.

    Not including a normal Linux PC (which could be used to create a router system) the routers that natively fulfill this requirement would usually be ones based on a custom firmware like OpenWrt. I have an OpenWrt based router at home upon which I run a custom firewall script using iptables.

    For the OP, you would need all of the above conditions in place before you could use the iptables method to perform port forwarding. Telnet isn't the only method you could use to run the iptables commands, you could also connect via ssh, or exploit a service to gain shell access/run commands.

    Whether there are other methods to achieve what you want to achieve of course depends on what systems are present on your network, how they are configured and what access you have to them. Thats (one of the reasons) why I asked about that in my original post.

    In a traditional home based setup where the router connects to the ISP, your internal systems connect to the router and the external router interface has the only non private IP address assigned, you wont be able to perform port forwarding without either changing the configuration of the router or having access to a system connected between the external interface of the router and the system on the Internet from which you want to "port forward". Most people are not going to have this access, so changing the configuration of the router is probably the only method for you to use.

    The most straightforward method (and really the method you should be using) is to just login via the routers web interface and change the configuration from there. If you have forgotten your password just use the factory reset button on the router.

    Is there some reason why you don't want to use the web interface to configure this?
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  9. #9
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    Thank you lupin for that wonderful post, personally and im sure you knew this im just looking to play around, there is no reason i cant http in and change the settings, however doing it via ssh while im away would be a godsend. Much better than opening web axx to the outside world.

    Thanks
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •