How to Enable GRE in OpenWRT (PPTP NAT Traversal)

PPTP utilizes the GRE (Generic Routing Encapsulation) protocol for its point-to-point tunnel. As a pure IP protocol GRE uses only IP addresses but no port numbers giving the router’s NAT a tough time to track such a connection. In its base configuration OpenWrt Backfire is able to NAT a single PPTP connections but not multiple such connections concurrently. It is also unreliable when trying to establish consecutive single PPTP connections from different LAN clients in rapid succession. This limitation can be lifted (as far as I could make out so far) by installing the following package.



For the current versions of OpenWRT (since Chaos Calmer 15.05), you should install:

opkg install kmod-nf-nathelper-extra

You should now be able to use multiple PPTP connections from LAN to WAN at the same time.

Old versions until Barrier Breaker 14.07 used ‘kmod-ipt-nathelper-extra’ instead:

opkg install kmod-ipt-nathelper-extra



Port Proxy in iptables – Forwarding port to another host

Here is the commands, for example you want to forward port 8080 to another host

preparation, enable ip forward
sysctl net.ipv4.ip_forward=1

first we need to masquerade the packet
iptables -t nat -I POSTROUTING -p tcp -j MASQUERADE

Second, change the destination to another host
iptables -t nat -I PREROUTING -p tcp --dport 8080 -j DNAT --to-destination

Or, listen on specific ip
iptables -t nat -I PREROUTING -p tcp -d --dport 8080 -j DNAT --to-destination

This last is optional, you may need it if your FORWARD chain default REJECT
iptables -I FORWARD -d -p tcp --dport 8080 -j ACCEPT

* iptables rules is not persistent, you can make it persistent using iptables-persistent
* you can also use ufw rules, save in the file /etc/ufw/before.rules