0
I have a ISP supplied D-Link router running a customized firmware. I am trying to enable access to router's web server on WAN. While the router does give this option under TCP/IP Settings > WAN Interface, the setting does not seem to work as I am unable to access the web server using my public IP.
Surprisingly, other features like enabling ICMP or SAMBA on WAN works. The latter when enabled opens ports 445 and 139 on WAN. The iptables entries are as below: (Of course, IPs are changed.)
#iptables -nL -v --line-numbers
Chain INPUT (policy DROP 18 packets, 2447 bytes)
num pkts bytes target prot opt in out source destination
1 128 17459 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 86.96.111.32 tcp dpt:80
3 0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 10.137.158.217 tcp dpt:80
4 0 0 DROP udp -- ppp0 * 0.0.0.0/0 86.96.111.32 udp dpt:1900
5 0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 10.137.158.217 tcp dpt:!80
6 0 0 ACCEPT udp -- eth1 * 0.0.0.0/0 10.137.158.217 udp dpt:!1900
7 0 0 DROP icmp -- ppp0 * 0.0.0.0/0 86.96.111.32 icmp type 8
8 0 0 ACCEPT 2 -- ppp0 * 0.0.0.0/0 0.0.0.0/0
9 133 17435 ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0
10 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
11 0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 86.96.111.32 tcp dpt:51005
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 39 2128 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
2 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:1701
3 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1701
4 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1723
5 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:1723
6 0 0 ACCEPT 47 -- * * 0.0.0.0/0 0.0.0.0/0
7 0 0 ACCEPT udp -- eth1 * 0.0.0.0/0 224.0.0.0/4 udp
8 646 47785 ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0
9 0 0 ACCEPT udp -- ppp0 br0 0.0.0.0/0 0.0.0.0/0 udp dpt:500
10 0 0 ACCEPT udp -- ppp0 * 0.0.0.0/0 224.0.0.0/4 udp
11 0 0 ACCEPT esp -- ppp0 br0 0.0.0.0/0 0.0.0.0/0
12 823 1055K ACCEPT all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
13 0 0 MINIUPNPD all -- ppp0 !ppp0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 211 packets, 61932 bytes)
num pkts bytes target prot opt in out source destination
Chain MINIUPNPD (1 references)
num pkts bytes target prot opt in out source destination
When "web server access on WAN" option is unchecked, rule #2 from INPUT chain above changes to DROP which implies it does work, but for some reason I am unable to reach the web server from WAN. Please suggest ideas.