How to forward ports to your devices with iptables - DD-WRT

The rules below will let you port forward when using TorGuard VPN on DD-WRT - remember to follow the Port Forward Activation email and use the correct IP + Port + Protocol for this to work.

These rules are added under Administration --> Commands and once your rules have been created you save them as firewall rules.

Assuming that:

  • destIP is the IP address of the destination device (your devices LAN IP)
  • port is the port you wish to forward to that device
  • tun1 is the tun interface of your router (please check! on some routers, it can be tun0, on Tomato it can be tun11)
  • you need to forward both TCP and UDP packets

You need to add the following rules. Please note that the following rules do NOT replace your already existing rules, you just have to add them.

iptables -I FORWARD -i tun11 -p udp -d destIP --dport port -j ACCEPT
iptables -I FORWARD -i tun11 -p tcp -d destIP --dport port -j ACCEPT
iptables -t nat -I PREROUTING -i tun11 -p tcp --dport port -j DNAT --to-destination destIP
iptables -t nat -I PREROUTING -i tun11 -p udp --dport port -j DNAT --to-destination destIP

So for example, if we confirmed tun was tun11, we have LAN device and we need port 4455 open they would look like this:

iptables -I FORWARD -i tun11 -p udp -d --dport 4455 -j ACCEPT
iptables -I FORWARD -i tun11 -p tcp -d --dport 4455 -j ACCEPT
iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 4455 -j DNAT --to-destination
iptables -t nat -I PREROUTING -i tun11 -p udp --dport 4455 -j DNAT --to-destination

If you have problems with your port forwards, follow the below steps:

1) Make sure you are using the correct Port Forward IP, Port and Protocol listed in your activation email.
2) Disable the following options under "OpenVPN Client":
- Inbound Firewall on TUN
- Firewall Protection
3) Make sure that the ports you want to forward are not present under "NAT / QoS" and then "Port Forwarding".
Was this answer helpful? 1 Users Found This Useful (1 Votes)