Access LAN devices using WAN IP and Port Forwarding

jake919 · September 13, 2022, 3:34pm

I ran into this same issue first with a R7800 and most recently a R5S.

The fix I found for this was to enable promiscuous mode on br-lan. I haven't seen any negative consequences since doing this a couple years ago.

In /etc/config/network it looks like this:

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1'
        list ports 'eth2'
        option bridge_empty '1'
        option promisc '1'
        option ipv6 '0'

but you can also do it in the Interfaces -> Devices -> br-lan -> Advanced -> Enable Promiscuous Mode

As an aside, on the R5S, I also had to disable software flow offloading to get any sort of stability (I would have devices frequently lose connectivity)

creited · September 13, 2022, 4:37pm

@jake919 I confirm that your solution also applied to my case (R4S).

simsimo47 · September 14, 2022, 2:03am

@jake919 Thank you so much! I can also confirm that your changes (promiscuous mode and disabling software flow offloading) worked perfectly for my R5S.

However, I also wanted to note for others in the future that my total loss of connectivity was actually caused by a firewall issue. This is documented here: https://wiki.friendlyelec.com/wiki/index.php/NanoPi_R5S#Some_common_issues_of_FriendlyWrt

However, I cannot suggest following their suggestion of allowing all WAN traffic. Instead, I added the following to my local startup script:

sleep 10
/etc/init.d/firewall reload
exit 0

This 'solution' isn't ideal, either. If anyone has a better approach, please share.

jake919 · September 14, 2022, 2:54am

Awesome! Software flow offloading isn't necessary for the NAT loopback, but I found it helped stability, particularly with my Nest Thermostats, Ring Cameras and Apple Homepod which would frequently go offline for 10-30 minutes.

I haven't had issues with loss of connectivity with the R5S, but I've only had it as my primary router for a few weeks at this point (5 days uptime right now and I have pings every second to various endpoints with no disruptions). I certainly wouldn't entertain enabling WAN traffic on the firewall - I'm already unhappy with needing to run FriendlyWRT vs. OpenWRT . I would rather sacrifice IPv6 (my ISP doesn't support it so I have it off already).

My biggest complaint on the R5S so far is not being able to do a proper sysupgrade and needing to fresh format each time. I haven't looked to see if SD boot changes this at all.

simsimo47 · September 14, 2022, 3:20am

I concur on the sysupgrade - for how painful this device has been to set up and get everything working, I don't see myself ever doing an upgrade simply because re-configuring all the settings is too difficult.

I have everything working except for ipv6, which I had working previously. I am not sure what changed, but no combination of ipv6 settings results in the R5S pulling an ipv6 address for itself. This still works with my old router (R7000 running DD-WRT).

system · September 24, 2022, 3:21am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.