Iptables – Correct OpenWRT configuration for iptables PREROUTING rule


I've recently switch my router firmware from Tomato to OpenWRT. I had the iptable commands below which would intercept http requests to an internal ip ( on port 80 and redirect to a different internal ip ( on port 8082.

This configuration is not working working on OpenWRT. I've entered it in the Firewall – Custom Rules section.

iptables -t nat -I PREROUTING -p tcp -d --dport 80 -j DNAT --to-destination
iptables -t nat -I POSTROUTING -p tcp --dport 80 -j MASQUERADE

I've read up quite a bit but most guides are how to set up WAN port forwarding. I've been at it for hours and have had to boot OpenWRT into failsafe mode a few times. I would be grateful for any help.

Additional details:

  • I had these commands working on the Tomato router
  • both IPs are PING-able from inside the network
  • target IP & port ( serves content when hit directly
  • both IPs are PING-able from inside the network

Best Answer

After a few more hours of trying, I was able to get this working with the help of this article; https://www.debuntu.org/how-to-redirecting-network-traffic-to-a-new-ip-using-iptables/

My POSTROUTING command was not correct. Switching to the following command worked:

iptables -t nat -I POSTROUTING -j MASQUERADE

Related Topic