4 Port Forwards Working from WAN, Only 3 Working from LAN

Installing and Using OpenWrt Network and Wireless Configuration
1

I have created 4 port forwards via LuCI.
After creating these rules, only 3 of them are functioning LAN side, meaning that the service on one of the ports does not work from the LAN. All 4 ports are forwarded fine from the WAN side.
I have made certain to verify the config of each forward is identical except for the port being forwarded. NAT Loopback is enabled on each forward.

How to troubleshoot/correct this issue?

1 Like
2

You can use DNS rebind instead of NAT loopback:
https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#hostnames

1 Like
3

Thanks for the idea, but I have never used DNS Rebind.
I'm puzzled why 3 of the 4 forwards are fine but the 4th fails.
I'm hesitant to add additional areas to configure going forward.

Having said that, if it is the only way to get this done, I expect I'll learn how to do DNS Rebind.

4

Let's take a look at the /etc/config/firewall file to see if anything jumps out. Please indicate which rules are working and which one is not (just in case it isn't obvious).

1 Like
5

websockets is the one that fails.

config redirect
	option target 'DNAT'
	option name 'http'
	option src 'wan'
	option proto 'tcp udp'
	option src_dport '80'
	option dest 'lan'
	option dest_ip '10.10.100.10'
	option dest_port '80'

config redirect
	option target 'DNAT'
	option name 'https'
	option src 'wan'
	option proto 'tcp udp'
	option src_dport '443'
	option dest 'lan'
	option dest_ip '10.10.100.10'
	option dest_port '443'

config redirect
	option target 'DNAT'
	option name 'websockets'
	option src 'wan'
	option proto 'tcp udp'
	option src_dport '9001'
	option dest 'lan'
	option dest_ip '10.10.100.10'
	option dest_port '9001'
	
config redirect
	option target 'DNAT'
	option name 'mqtt'
	option src 'wan'
	option proto 'tcp udp'
	option src_dport '8883'
	option dest 'lan'
	option dest_ip '10.10.100.10'
	option dest_port '8883'
6

Thanks for the pointer.
So, then, the server that the ports are forwarded to is 10.10.100.10 the domain is example.net
Would this be the command? Also, will this cover subdomains that are also on the host (service.example.net, service2.example.net)

uci add_list dhcp.@dnsmasq[0].address="/example.net/10.10.100.10"
uci commit dhcp
/etc/init.d/dnsmasq restart
7

The DNS Rebind does work for this and covers all subdomains. Thanks @vgaetera
Still, I'd like to know why the redirects didn't work. I'd think either all should work or none.

1 Like
8

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.