schedule port forwarding [done]
I have a windows 2000 machine connected to a linksys router with dd-wrt (so it's basically a linux machine). I configured the windows machine with WoL and for any packet it receives, it wakes up. This is not a problem, I want that. The problem is that I have port forwarding rules set on the router and every minute or so a packet arrives from the internet to that computer and wake it up. I want it to remain in sleep or hibernate as much as possible, so I need to change this. The ideia was to configure the router to only forward the ports from 3:00 a.m. to 9:00 a.m. and then disable the port forwarding, as I dont't need it during the day. I think I can do that with cron and iptables, but my knowledge of linux is not that great. I also tried to post on the dd-wrt forum but got no reply. Can someone help me?
can't do that... here's the full description of what I want:
an old computer, with windows 2000 used for file server, printer server and to download from emule and torrent at night. To save power it must be in sleep or hibernate mode as much as possible. It needs port forwarding to download from p2p and it needs WoL to be used as file server and printer server. The problem is that if I enable both the server will not powerdown because any packet will make it wake up. I really needed to schedule port forwarding only to those hours.
Ahh... I think I understand what you are trying to achieve here. I'll be honest though I'm now scratching my head like yourself. I was hoping that Linux_0 might have spotted this one and dived in with an answer.
It's getting a bit late for me here now but I'll have a google tomorrow and see what I can find. I think its the dd-wrt people who would really know though.
Ok.. I had a look. Try this dd-wrt wiki towards the bottom it shows the following code snipet for adding port forwarding:
iptables -t nat -I PREROUTING -p tcp --dport 81 -j DNAT --to 192.168.1.2:80
iptables -I FORWARD -p tcp -d 192.168.1.2 --dport 80 -j ACCEPT[/code:1:0e1309da77]
so it very much looks like you could script this and as you suspected run it as a cron job.
I think this site would also be a good place to look [url=http://www.portforward.com/]portforward.com[/url]
$> man iptables
A firewall rule specifies criteria for a packet, and a target. If the
packet does not match, the next rule in the chain is the examined; if
it does match, then the next rule is specified by the value of the tar‐
get, which can be the name of a user-defined chain or one of the spe‐
cial values ACCEPT, DROP, QUEUE, or RETURN.
So you should be able to drop the packets. You would need to have full root privs to do this though.
*edit* Can you also just confirm that you are on a static IP on the 2000 Workstation.
I wonder if you really need to use cron though. How about using 'at' to just run a shell script. One to turn it on and one to turn it off. You could also just invoke each of those scripts individually at any time to overide your defualt behaviour.
If you want to go to town you could tie it into a webmin or other such front end so you could monitor / control it from a browser on the workstation.
Glad we seem to be heading in the right direction..
I had never heard of the 'at' command before... anyway, the router doesn't have a few commands, 'at' is one of the missing ones. If I need to override this behaviour I have the router's admin page, so I don't really need to access the console. Also, I'm not very interested in monitoring, as long as this works. The only monitoring I do is check the amount transferred the next morning to see what files finished downloading. Still those were good suggestions, thanks for the help. I just hope to post a reply tomorrow saying everything's perfect.