October 30, 2025October 31, 2025 [email protected]

How to access iperf3 server at 192.168.100.94:5201 from WAN port 443 on VyOS

To access iperf3 server at 192.168.100.94:5201 from WAN port 443, you need to add NAT and firewall rules:

Configuration:

# NAT rule - Forward WAN port 443 to iperf3 server
set nat destination rule 112 description 'Forward iperf3 from WAN to DMZ'
set nat destination rule 112 destination port '443'
set nat destination rule 112 inbound-interface name 'eth2.201'
set nat destination rule 112 protocol 'tcp'
set nat destination rule 112 translation address '192.168.100.94'
set nat destination rule 112 translation port '5201'

# Firewall rule - Allow iperf3 traffic from WAN to DMZ
set firewall ipv4 forward filter rule 37 action 'accept'
set firewall ipv4 forward filter rule 37 description 'Allow iperf3 from WAN to DMZ'
set firewall ipv4 forward filter rule 37 destination address '192.168.100.94'
set firewall ipv4 forward filter rule 37 destination port '5201'
set firewall ipv4 forward filter rule 37 inbound-interface name 'eth2.201'
set firewall ipv4 forward filter rule 37 outbound-interface name 'br1'
set firewall ipv4 forward filter rule 37 protocol 'tcp'

Apply the Configuration:

commit
save

Start iperf3 Server on DMZ:

On the machine at 192.168.100.94:

iperf3 -s -p 5201

Test from WAN:

# Connect to iperf3 using WAN IP on port 443
iperf3 -c <your-wan-ip> -p 443

# Example with specific test duration
iperf3 -c <your-wan-ip> -p 443 -t 60

# Reverse mode (download test)
iperf3 -c <your-wan-ip> -p 443 -R

Summary:

✅ NAT Rule 112: WAN:443 → 192.168.100.94:5201
✅ Firewall Rule 37: Allows iperf3 traffic from WAN to DMZ
✅ Port Mapping: External port 443 maps to internal iperf3 port 5201

Note: Using port 443 is clever since it’s typically allowed through most firewalls and ISP restrictions (it’s the standard HTTPS port), making your iperf3 server accessible from almost anywhere!

Access SSH:443 to DMZ:22

delete nat destination rule 112
delete firewall ipv4 forward filter rule 37

# NAT rule - Forward WAN port 443 to SSH server
set nat destination rule 112 description 'Forward SSH from WAN to DMZ'
set nat destination rule 112 destination port '443'
set nat destination rule 112 inbound-interface name 'eth2.201'
set nat destination rule 112 protocol 'tcp'
set nat destination rule 112 translation address '192.168.100.10'
set nat destination rule 112 translation port '22'

# Firewall rule - Allow SSH traffic from WAN to DMZ
set firewall ipv4 forward filter rule 37 action 'accept'
set firewall ipv4 forward filter rule 37 description 'Allow SSH from WAN to DMZ'
set firewall ipv4 forward filter rule 37 destination address '192.168.100.10'
set firewall ipv4 forward filter rule 37 destination port '22'
set firewall ipv4 forward filter rule 37 inbound-interface name 'eth2.201'
set firewall ipv4 forward filter rule 37 outbound-interface name 'br1'
set firewall ipv4 forward filter rule 37 protocol 'tcp'

Leave a Reply Cancel reply

You must be logged in to post a comment.