I needed to add a new port forward to a router, but I did not have access to the web interface through a graphical browser. Attempts to get in using Lynx stalled as it seems the router will not serve up the frames in the interface independently of each other and it kept issuing 404 errors.
Either way I had to use the telnet interface using the following command (replace 192.168.1.1 23 with the IP address of your router):
telnet 192.168.1.1 23
This is fine except that Draytek have absolutely no documentation available for the commands. So to discover the correct command I had to go through all the available options (and sub options and sub sub options) as it was not immediately clear to me which option port forwarding was hiding under. To give you an idea here is a list of the top level options (run the ? command to get this view):
> ?
% Valid commands are:
adsl bpa csm webf ddns ddos
urlf kw exit fe internet ip
ipf log mngt port portmaptime prn
quit show srv sys tsmail upnp
vigbrg vlan vpn wan wol qos
The option we are interested in is srv which has a number of sub options but we are only interested in nat. Now we have yet more options but lets just stick with portmap.
If you need extra information about a command or it’s sub options you can run the ? option at any time. For example:
srv nat portmap ?
Of the options available under portmap we are interested in add and table.
Firstly you need to execute:
srv nat portmap table
So you can see the port forwards that have already been setup. This will allow you find the next available index and find out the WAN numbers. Do not use q for quit but just press enter until you get back to the telnet prompt. My print out looks something like this:
> srv nat portmap table
NAT Port Redirection Configuration Table:
Index Service Name Protocol Public Port Private IP Private Port ifno
1 SSH 6 1963 192.168.0.255 22 -2
2 0 0 0 -2
3 0 0 0 -2
4 0 0 0 -2
5 0 0 0 -2
6 0 0 0 -2
7 0 0 0 -2
8 0 0 0 -2
9 0 0 0 -2
10 0 0 0 -2
11 0 0 0 -2
12 0 0 0 -2
13 0 0 0 -2
14 0 0 0 -2
15 0 0 0 -2
16 0 0 0 -2
17 0 0 0 -2
18 0 0 0 -2
19 0 0 0 -2
20 0 0 0 -2
Protocol: 0 = Disable, 6 = TCP, 17 = UDP
--- MORE --- ['q': Quit, 'Enter': New Lines, 'Space Bar': Next Page] ---
ifno: 0 = all, 3 = wan1, 4 = wan2
ifno is the interface number, which translate to our WAN number in the srv nat portmap add command. I am using 0 so that is available to all WANs. From the index column I can also see that the next available slot is 2.
Now we have enough information to add the port forward! The add command has the following syntax (we are looking at the second line):
> srv nat portmap add ?
% srv nat portmap add <idx> <serv name> <proto> <pub port> <pri ip> <pri port> <wan1/wan2>
So let us translate this to use the same terms as the table we saw earlier:
| idx | Index |
|---|---|
| serv name | Service Name Surround this with quotes if you want to have spaces in the name. |
| proto | Protocol This must be in lowercase only such as tcp or udp. |
| pub port | Public Port The public port number you want to forward to your internal machine. |
| pri ip | Private IP The IP address of your internal machine. |
| pri port | Private Port The port number you are using on the internal machine. |
| wan1/wan2 | ifno In my case this was 0 for all, 3 for wan1 and 4 for wan2. |
So this means I need to run:
srv nat portmap add 2 "Simons Test" tcp 3840 192.168.0.255 3841 0
to add a new port forward. Your done and you can now access the machine via the public port.
As a simple example if I wanted to open up HTTP over port 8080 instead of the standard port 80 I can use the following port forward command:
srv nat portmap add 2 "Non-standard HTTP Port" tcp 8080 192.168.0.255 80 0
Now Apache on my internal machine (192.168.0.255) is still serving on port 80 internally to the network, but to access it from the outside world you need to specify port 8080.