Set up a new port forward on a Draytek Vigor over the telnet interface

1306310143

I needed to add a new port forward to a router, but I did not have access to the web interface through a graphical browser. Attempts to get in using Lynx stalled as it seems the router will not serve up the frames in the interface independently of each other and it kept issuing 404 errors.

Either way I had to use the telnet interface using the following command (replace 192.168.1.1 23 with the IP address of your router):

 telnet 192.168.1.1 23

This is fine except that Draytek have absolutely no documentation available for the commands. So to discover the correct command I had to go through all the available options (and sub options and sub sub options) as it was not immediately clear to me which option port forwarding was hiding under. To give you an idea here is a list of the top level options (run the ? command to get this view):

 > ?
 % Valid commands are:
 adsl         bpa          csm          webf         ddns         ddos
 urlf         kw           exit         fe           internet     ip
 ipf          log          mngt         port         portmaptime  prn
 quit         show         srv          sys          tsmail       upnp
 vigbrg       vlan         vpn          wan          wol          qos

The option we are interested in is srv which has a number of sub options but we are only interested in nat. Now we have yet more options but lets just stick with portmap.

If you need extra information about a command or it’s sub options you can run the ? option at any time. For example:

 srv nat portmap ?

Of the options available under portmap we are interested in add and table.

Firstly you need to execute:

 srv nat portmap table

So you can see the port forwards that have already been setup. This will allow you find the next available index and find out the WAN numbers. Do not use q for quit but just press enter until you get back to the telnet prompt. My print out looks something like this:

 > srv nat portmap table

 NAT Port Redirection Configuration Table:

 Index  Service Name    Protocol  Public Port  Private IP      Private Port ifno
  1     SSH                6         1963   192.168.0.255          22      -2
  2                        0            0                        0      -2
  3                        0            0                        0      -2
  4                        0            0                        0      -2
  5                        0            0                        0      -2
  6                        0            0                        0      -2
  7                        0            0                        0      -2
  8                        0            0                        0      -2
  9                        0            0                        0      -2
 10                        0            0                        0      -2
 11                        0            0                        0      -2
 12                        0            0                        0      -2
 13                        0            0                        0      -2
 14                        0            0                        0      -2
 15                        0            0                        0      -2
 16                        0            0                        0      -2
 17                        0            0                        0      -2
 18                        0            0                        0      -2
 19                        0            0                        0      -2
 20                        0            0                        0      -2

 Protocol: 0 = Disable, 6 = TCP, 17 = UDP
 --- MORE ---   ['q': Quit, 'Enter': New Lines, 'Space Bar': Next Page] ---

 ifno: 0 = all, 3 = wan1, 4 = wan2

ifno is the interface number, which translate to our WAN number in the srv nat portmap add command. I am using 0 so that is available to all WANs. From the index column I can also see that the next available slot is 2.

Now we have enough information to add the port forward! The add command has the following syntax (we are looking at the second line):

 > srv nat portmap add ?
 % srv nat portmap add <idx> <serv name> <proto> <pub port> <pri ip> <pri port> <wan1/wan2>

So let us translate this to use the same terms as the table we saw earlier:

idx Index
serv name Service Name Surround this with quotes if you want to have spaces in the name.
proto Protocol This must be in lowercase only such as tcp or udp.
pub port Public Port The public port number you want to forward to your internal machine.
pri ip Private IP The IP address of your internal machine.
pri port Private Port The port number you are using on the internal machine.
wan1/wan2 ifno In my case this was 0 for all, 3 for wan1 and 4 for wan2.

So this means I need to run:

 srv nat portmap add 2 "Simons Test" tcp 3840 192.168.0.255 3841 0

to add a new port forward. Your done and you can now access the machine via the public port.

As a simple example if I wanted to open up HTTP over port 8080 instead of the standard port 80 I can use the following port forward command:

 srv nat portmap add 2 "Non-standard HTTP Port" tcp 8080 192.168.0.255 80 0

Now Apache on my internal machine (192.168.0.255) is still serving on port 80 internally to the network, but to access it from the outside world you need to specify port 8080.

Add a Comment