A friend of mine has a weather station setup on a Raspberry Pi.  He wants to have the webpage available on the mesh and the internet.  We have have the Rpi connected to a lan port of his mesh node. We have an ethernet cable connected between his home router connecting to the WAN port of the mesh node.  We can connect his rpi directly to the router and get it work on the internet.  We can get it to work on the mesh.

What I can't seem to make happen is port forward WAN port 80 to the RPI port 80.  I believe there is a firewall setting on the mesh node that is blocking port 80.

What is the best way to open up port 80 for forwarding?

Clint, AE5CA

Ticket 48 was written to address this issue.  It looks like it is still present in 1.1.2. 

I can confirm that I have been able to forward port 80 to the wan using a Rocket M2 and a Netgear GS105E or GS108E Ethernet switch with the switch programmed to tag the WAN Connection as VLAN 1 before continuing on to the Rocket. 

My friend that had the original problem has since switched to a NanoStation M2 and he is also able to port forward to Port 80.

I believe this is just a matter of adding the right line in iptables but I am not 100% sure of the command. 

Clint, AE5CA

I would like to help but without a repo or a way to ssh in to the router I feel stuck. (stock 1.1.2 has no space to add the openssh-server package even on the 8mb wrt54gs). I have an nfs server I could attach to for space to develop in if there were a way.

Andre, yes exactly I didn't get that dropbear was already on 2222. For now I use 5-host direct and put my node in /etc/config/local, just noticed it can get overwritten :(

iptables -t nat -A prerouting_wan -j DNAT --to (ip)

iptables -A forwarding_wan -d (ip) -j ACCEPT

Here are the iptable commands I use (on the gateway node). Your home router also needs to forward, in this example, port 8088 to your hamnet gateway node. As a live example, feel free to try out and access a remote control pan-tilt ipCam looking over Orange County, CA on this link (I reserve the right to change the password :) ). This access is over a 5 mile 2.4G link into the mesh. Note, "IR" mode icon to click and turn on if night time.

http://72.194.78.152:8088 <- User = "view" Password = "view" requires Windows Plugin http://72.194.78.152:8081 <- To see mesh status of node

[linksys-host:/etc/config/firewall.user]

iptables -A input_wan -p tcp --dport 8085 -j ACCEPT

iptables -t nat -A prerouting_wan -p tcp --dport 8085 -j DNAT --to 10.182.194.173:80

iptables -A forwarding_wan -p tcp --dport 80 -d 10.82.194.173 -j ACCEPT

iptables -t nat -A postrouting_wan -p tcp -d 10.82.194.173 -j SNAT -dport 80 --to-source <your gateway node's mesh IP address>

[ubnt-host:/etc/config/firewall]

config 'redirect'

option 'name' 'cam1'

option 'src' 'wan'

option 'proto' 'tcp'

option 'src_dport' '8088'

option 'dest_ip' '10.182.194.173'

option 'dest_port' '80'

option 'target' 'DNAT'

option 'dest' 'lan'

config 'redirect'

option 'src' 'lan'

option 'dest' 'wifi'

option 'dest_ip' '10.182.194.173' 

option 'src_dip' '<your gateway node's mesh IP address>'

option 'dest_port' '80'

option 'target' 'SNAT'

Note, the SNAT entries are needed so that the device "inside the mesh" (this doesn't have to be a device on the gateway node) will route the traffic back out the same gateway. In this live example, we have multiple gateways. Routers by default typically won't allow internet traffic to come in one gateway and back out another--a security issue.

To ensure your entries don't get overwritten, also put these definitions in /etc/config.mesh files.

Thank you for the explanation. I know that the correct IP:port was being used, as it was a cut and past. Just finished working the camera and exploring the status with the same access as before and all is well. I enjoy what you have done.

That is quit the high tech temperature probe being used. I hope that it is sun exposure creating a 120 deg + reading and is not the ambient air temperature.