Commandline configuring portforwarding service with whitespace

9

0

We have a ZyXEL VMG8324-B10A router at home. I am able to log in via ssh and use the command portforward --help, which results in the following output:

Usage: portforward config <ServiceName> --wanintf <atm0.1|atm1.1|ptm0.1|ptm0.2|ptm0.3|eth4.1|eth4.2|eth4.3|eth3G> [--wanip <wanip>] 
                     --sipaddr <ServerIP Addr> --sport <Trigger Start Port> <Trigger End Port>
                     --transport <Translation Start Port> <Translation End Port> 
                     --proto <tcp|udp|tcpudp> <enable|disable>
       portforward delete <ServiceName> --sipaddr <ServerIP Addr> 
       portforward show 
       portforward --help

The forwarding rule that I want to alter looks like (portforward show):

                Service   Wan                     ServerIP          Trigger       End      Trans.     Trans.
 #  Status      Name      Intf.   WanIP           Address           StartPort     Port     StartPort  EndPort   Portocol
------------------------------------------------------------------------------------------------------------------------    
 2  enable      PC HTTP   [conn]                  [old-ip]          80            80       80         80        TCP

I want to alter this rule to make it forward to [new-ip]. However, the command portforward config "PC HTTP" --sipaddr [new-ip] results in

portforward: invalid parameter HTTP" for option 'config'

Is the format of the command I entered correct? And how can I change the IP address this rule points to?

EDIT: The huawei router appears to be our previous one. We currently have one from ZyXEL.

Tempestas Ludi

Posted 2017-03-01T17:50:59.080

Reputation: 143

I'd try using single quotes instead of double quotes, or escaping the space with a backslash. See if you can create a new portforward using a service name that does not contain a space (if it works, you could consider renaming your rule). If you post the router model then others who have it can try to reproduce your issue. – simlev – 2017-03-20T16:08:00.410

Find instructions for your router model in portforward.com.

– harrymc – 2017-03-20T19:45:12.983

Changing the quotes or escaping the space does not work. Creating a new portforward might work, but that is just a workaround for a problem that should be very well solvable... I added the router model. – Tempestas Ludi – 2017-03-21T01:16:02.120

portforward.com only lists methods to add it via the web interface, while I try too accomplish this via ssh. – Tempestas Ludi – 2017-03-21T01:17:02.117

2You probably have to escape the spaces. Try: portforward config "PC\ HTTP" --sipaddr [new-ip] – Rabbid10 – 2017-03-21T18:38:44.573

Still getting: invalid parameter HTTP" for option 'config'... – Tempestas Ludi – 2017-03-23T18:35:48.933

AFAIK those routers do have a webinterface in which you can do those things in the web-browser. However if you need to do it via ssh - can you post your locale output to your question? – Michael D. – 2017-03-24T13:26:02.613

When I have logged in into a raspberry pi via ssh from another network I have no access to the web interface. What do you mean by "locale"? Where am I supposed to fetch that? – Tempestas Ludi – 2017-03-24T23:43:02.810

Yes. I am very sure that in that part of the procedure I was correct. The ip address is correct and the help command shows that this router apparently supports a portforward command. – Tempestas Ludi – 2017-03-26T14:04:43.190

As I understand it, you basically open your web interface to the world? Isn't that a bit vulnerable to brute-force password cracking? – Tempestas Ludi – 2017-03-27T08:41:10.993

The router does not support the show version command, but the swversion command gives "1.00(AASL.0)C1". – Tempestas Ludi – 2017-03-27T09:04:30.527

Ah, right, so if I am remote, but do not have a VPN connection, I do not have access? – Tempestas Ludi – 2017-03-27T13:34:23.877

But... I the point of this whole story is that I need to be able to modify the port forwarding parameters from a remote location. If I am at home, I can just use the web interface... – Tempestas Ludi – 2017-03-27T15:12:51.713

Hm. Customer support. That actually might be a good idea to solve the initial problem :) – Tempestas Ludi – 2017-03-27T15:35:21.220

As for the web address: that is being automatically forwarded to one of our web servers. – Tempestas Ludi – 2017-03-27T15:35:49.703

If I was designing this, I would allow to pass the number (from # column) instead of <ServiceName>, just in case. It's a shot in the dark, nevertheless you should try it. – Kamil Maciorowski – 2017-03-28T13:55:44.143

Answers

1

Actually answering your comments here:

the point of this whole story is that I need to be able to modify the port forwarding parameters from a remote location. If I am at home, I can just use the web interface

and

When I have logged in into a raspberry pi via ssh from another network I have no access to the web interface

It seems like you have a Raspberry Pi at home you can ssh into from your remote location and you would like to access the router's web interface as if you were on the home network.

If this is your problem, you can use SSH port forwarding:

ssh -L 8080:192.168.1.1:443 raspberrypi

where raspberrypi is the Raspberry Pi's hostname or ~/.ssh/config entry you use to connect to it. This allows you to establish a tunnel from your remote location to the Raspberry Pi at home. If you visit https://localhost:8080 on your browser from the remote location, the request is forwarded by your Raspberry Pi to the home router's ip (192.168.1.1 in this example) on port 443, which is the https web management page in my hypothesis.

This is safer than opening the web management interface to the public Internet (although you could restrict access by IP) and easier than setting up a VPN just for this purpose.

Another option would be to do X forwarding and launch the Raspberry Pi's browser from your remote location. This is however going to be slower as you would be forwarding the whole graphical application instead of just tunnelling the data. and clumsier, too, because the browser would have to be run by the Raspberry Pi's CPU instead of your hopefully more powerful remote computer's.

simlev

Posted 2017-03-01T17:50:59.080

Reputation: 3 184

Not a solution to the original question, but a nice, elegant workaround. Thanks! – Tempestas Ludi – 2017-03-28T14:17:16.597

Asked: 2017-03-01T17:50:59.080

Viewed: 973 times

Active: 2017-11-13T03:23:09.217