Discussion:
[OpenWrt-Devel] IPTABLES web gui
Wesley Heydlauff
2011-12-27 05:43:52 UTC
Permalink
I would like to see a web GUI page that can configure an ISP's static IP's
and allow them into the router and pass them to the correct internal private
IP. can some Dev's look at adding this into the builds. I know PFsense can
do this but it requires PC hardware. Please look at adding this to the next
build. this will make OPENWRT the best router software out there.

I know it can be done command line but one there is no directions to do that
and two this sometimes can get complicated. a webgui would be the best to do
1:1NAT.
Christoph Thielecke
2011-12-27 08:26:10 UTC
Permalink
Hello Wesley,
Post by Wesley Heydlauff
I would like to see a web GUI page that can configure an ISP's static IP's
and allow them into the router and pass them to the correct internal
private IP.
There are several gui already (xwrt, luci, gargoyle) which have firewall part.
For more infos see here:
http://wiki.openwrt.org/doc/howto/webinterface.overview
Post by Wesley Heydlauff
can some Dev's look at adding this into the builds. I know
PFsense can do this but it requires PC hardware.
Pfsense is bsdbased and uses pf instead iptables as base tools. This made
transition extremly hard.
Post by Wesley Heydlauff
Please look at adding this
to the next build. this will make OPENWRT the best router software out
there.
I dont think so. Its already there.
Luci is now the default gui (not installed by default) but can be installed by

opkg update
opkg install luci-admin-mini

(package luci-app-firewall may be useful too)

Xwrt packages could be found here:
ftp://ftp.berlios.de/pub/xwrt/packages
If you want to install via opkg without put each package to router you can add
this to /etc/opkg.conf

src/gz snapshots ftp://ftp.berlios.de/pub/xwrt/packages

gargoyle I never used yet.
Post by Wesley Heydlauff
I know it can be done command line but one there is no directions to do
that and two this sometimes can get complicated. a webgui would be the best
to do 1:1NAT.
With best regards

Christoph
--
Linux User Group Wernigerode
http://www.lug-wr.de/
Olipro
2012-01-03 01:26:33 UTC
Permalink
Post by Wesley Heydlauff
I would like to see a web GUI page that can configure an ISP's static
IP's and allow them into the router and pass them to the correct
internal private IP. can some Dev's look at adding this into the builds.
I know PFsense can do this but it requires PC hardware. Please look at
adding this to the next build. this will make OPENWRT the best router
software out there.
I know it can be done command line but one there is no directions to do
that and two this sometimes can get complicated. a webgui would be the
best to do 1:1NAT.
This could be implemented by having LuCI support the iptables NETMAP
target, however, I would personally argue that if you have been assigned a
static range which you can use, performing 1:1 NAT is a pretty terrible way
of making use of it.

Nonetheless, in the interim, if you MUST have this functionality and
somehow performing proper routing isn't an option for you, you can always
throw a rule into your firewall.user file.
Wesley Heydlauff
2012-01-03 03:14:16 UTC
Permalink
So what is the best way to use the isp's static addresses? There is no real
good information on how to allow the router to pass multiple public
addresses to the system on the public network. Is there any good
documentation to get this done correctly?



Subject: Re: [OpenWrt-Devel] IPTABLES web gui
Post by Wesley Heydlauff
I would like to see a web GUI page that can configure an ISP's static
IP's and allow them into the router and pass them to the correct
internal private IP. can some Dev's look at adding this into the builds.
I know PFsense can do this but it requires PC hardware. Please look at
adding this to the next build. this will make OPENWRT the best router
software out there.
I know it can be done command line but one there is no directions to
do that and two this sometimes can get complicated. a webgui would be
the best to do 1:1NAT.
This could be implemented by having LuCI support the iptables NETMAP target,
however, I would personally argue that if you have been assigned a static
range which you can use, performing 1:1 NAT is a pretty terrible way of
making use of it.

Nonetheless, in the interim, if you MUST have this functionality and somehow
performing proper routing isn't an option for you, you can always throw a
rule into your firewall.user file.
Olipro
2012-01-06 03:48:24 UTC
Permalink
Post by Wesley Heydlauff
So what is the best way to use the isp's static addresses? There is no
real good information on how to allow the router to pass multiple public
addresses to the system on the public network. Is there any good
documentation to get this done correctly?
It comes down to having an understanding of the fundamentals of how IP
networking actually functions.

all that is needed is for your router to run a DHCP server to hand out the
static addresses in whatever manner you desire, and for your router to have
an address within that subnet on the interface the DHCP server is running -
dnsmasq will function for this purpose quite well.

Loading...