Access NGINX on router from WAN

Question

i am configuring my home router ASUS N18U with Tomato by Shibby FW. I would like to set up a home webserver NGINX on it. I know, it is not ideal. The only problem I have is that I cant access the server from Wan. Moreover I have dynamic IP, which I have resolved with DDNS Service. It works fine, if I want to access config page of router or SFTP or when I type myddnsdomain and I am inside LAN. I opened port 80 on my modem(from ISP) and add the code below to routers(ASUS N18U) config, I cannot just port forward it in admin menu, because it allows forward only to lan(my web server is on "router").

iptables -A INPUT -p tcp --dport 80 -j ACCEPT

iptables -I INPUT -p tcp --dport 80 -j ACCEPT

iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT

None of this solved my problem. I have also tried different ports. I tracerouted it and it seems, that router blocks it. Accessing my server through Wan IP have not helped. Folder "www" is owned by nobody. Thank you for your help

# NGinX generated config file
user    nobody;
worker_processes        1;
worker_cpu_affinity     0101;
master_process  off;
worker_priority 10;
error_log       /tmp/var/log/nginx/error.log;
pid     /tmp/var/run/nginx.pid;
worker_rlimit_nofile    8192;
events {
        worker_connections      512;
        }
http {
include /tmp/etc/nginx/mime.types;
include /tmp/etc/nginx/fastcgi.conf;
default_type    application/octet-stream;
log_format   main '$remote_addr - $remote_user [$time_local]  $status '
'"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
sendfile        on;
client_max_body_size    100M;

server {
listen  80;
server_name     mydynamicdomain.net;
access_log      /tmp/var/log/nginx/access.log   main;
location        /       {
root    /tmp/mnt/CORSAIR/www;
index   index.html      index.htm       index.php;
error_page 404  /404.html;
error_page 500  502     503     504     /50x.html;
location        /50x.html       {
root    /tmp/mnt/CORSAIR/www;

score 3 · Answer 1 · answered Feb 10 '17 at 05:44

SOLVED

This example will help you as i have achieved this with below iptable rules

Dynamic values: (change according to your environment values)

WAN Interface: vlan10 LAN Interface: br0

LAN Web server IP: 192.168.1.1 LAN Web server Port: 8080

Router WAN IP: 192.168.10.129 Router LAN IP: 192.168.1.254

With above values insert below rules:

1. Port-Forwarding rules

iptables -I FORWARD 1 -i vlan10 -p tcp -d 192.168.1.1 --dport 8080 -j ACCEPT    
iptables -A PREROUTING -t nat -i vlan10 -p tcp --dport 8080 -j DNAT --to 192.168.1.1

2. NAT loopback rules

iptables -t nat -A PREROUTING -i br0 -s 192.168.1.0/24 -d 192.168.10.129/32 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 192.168.1.1
iptables -t nat -A POSTROUTING -o br0 -s 192.168.1.0/24 -d 192.168.1.1/32 -p tcp -m tcp --dport 8080 -j SNAT --to-source 192.168.1.254

score 2 · Answer 2 · answered Apr 14 '16 at 00:12

2

I had the same problem with my tomato shibby router today. Running on port 85 would accept connections from internal lan but not WAN so I simply forwarded port 85 to 10.0.0.1 (my router's lan address) and it worked.

answered Apr 14 '16 at 00:12

Matthew Aaron Martin

23
5

score 0 · Answer 3 · answered Aug 20 '17 at 19:58

I had the same issue when trying to connect from WAN. Port forwarding to the router's IP did not help. Added this to the Administration > Scripts > Firewall and then rebooting sorted out my issue:

iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT

Access NGINX on router from WAN

3 Answers3