====== Port-Forwarding ======

Port-Forwards are necessary if you want to run any ip-based services in your local network which you want to be accessible the internet.

===== Overview =====

==== Level of difficulty ===

   Medium

==== Use-case ====

In the following use-case, a game-server running locally on host 192.168.1.100 port 2222 tcp, should be made accessible from the internet.
Therefore it is necessary to redirect incoming connection-requests from your wan-gateway to the machine running the server.

^ Forward properties: ^^
| name | some awesome game |
| protocol | tcp |
| remote port | 2222 |
| local ip | 192.168.1.100 |
| local port | 2222 |
==== Related topics ====

  * [[documentation:configuration:uci|UCI]]
  * [[documentation:configuration:config_files:config_firewall|/etc/config/firewall]]
  
===== Instructions =====

==== GUI ====


In this tutorial we will configure a port forward, step-by-step.
At first you have to log in to your router. 

Go to the __Network Settings__ tab and then to __Port Forwards__.

{{ :howto:use_cases:routing:dd-wrt_nxt_-_chromium_001.png?nolink&800 |}}

There you can specify the protocol you want use (TCP,UDP or both).


{{ :howto:use_cases:routing:dd-wrt_nxt_-_chromium_002.png?nolink&800 |}}

 
==== UCI Config System ====

  * **Add redirect to firewall**
<code>
uci add firewall rule
uci set firewall.@rule[-1].name='some awesome game'
uci set firewall.@rule[-1].src=wan
uci set firewall.@rule[-1].proto=tcp
uci set firewall.@rule[-1].src_dport=2222
uci set firewall.@rule[-1].dest_ip=192.168.1.100
uci set firewall.@rule[-1].target=DNAT
uci set firewall.@rule[-1].dest=lan
</code>        

  * **Store changes**
<code>
uci commit firewall
</code>

  * **Apply changes**
<code>
/etc/init.d/firewall restart
</code>

==== UCI config files (native) ====

Redirects are defined in [[documentation:configuration:config_files:config_firewall|/etc/config/firewall]]

   * **New redirect**
<code>
config 'redirect'
        option 'name' 'some awesome game'
        option 'src' 'wan'
        option 'proto' 'tcp'
        option 'src_dport' '2222'
        option 'dest_ip' '192.168.1.100'
        option 'target' 'DNAT'
        option 'dest' 'lan'
</code>

===== Troubleshooting =====

Not available, yet