Access to OpenWrt from internet

Hello! I'm trying to give an access to my proxy server from outside.

My architecture:
Router (Let's suppose it has Local IP 192.168.0.1 and Public IP 150.50.200.100)
Switch (Connected to router and TP-Link)
Tp-Link mr3020 with OpenWrt installed (Let's suppose it has IP 192.168.0.100)
Local Machine (Let's suppose it has IP 192.168.0.50)

OpenWrt has 3Proxy installed and I can use it from my local machine by 192.168.0.100:6000

What I did:

• Setup port forwarding at router from 6000 external port to 192.168.0.100:6000
  When I'm trying to use proxy by 150.50.200.100:6000 it doesn't work

Then I did test, for be sure that port forwarding works correctly:

• Setup port forwarding at router from 9000 external port to 192.168.0.50:9000 and run local web-server at 9000 port
  When I'm trying to reach 150.50.200.100:9000 it works. It means that an issue is with OpenWrt config (I guess with firewall politics).

Can you help me please to setup an access to 192.168.0.100:6000 from outside? (by 150.50.200.100:6000). Thank you!

Verify that firewall counters on the proxy redirect are increasing when connecting from outside.
Also check the proxy documentation, configuration, and init script to make sure it permits non-local client connections.

There is "accept" setting in general firewall settings...

Also check the proxy documentation, configuration, and init script to make sure it permits non-local client connections.

it doesn't look like a proxy issue, because I tried to make port forwarding to 80 port of OpenWrt, and it also doesn't work

Create a permissive firewall rule on the proxy port from non-local IPs and confirm that its counters are changing, or run tcpdump and monitor non-local connection attempts.

Do I understand right?

Screenshot 2023-09-21 at 20.54.022212×272 22.2 KB

It depends on your upstream interface and its firewall zone.

Sorry, I didn't get it... I'm trying to access my proxy from outside (wan) and proxy is at 6000 port.

To expose a service that runs on the router, that is opening a port not forwarding it. In other words write an input rule for wan. The LAN IP is not involved, as the service is served directly on the WAN IP.

I assume that this proxy has some sort of authentication so that if it is available on the Internet, only you can use it. Running something like this that is open to everyone is a bad idea.

To expose a service that runs on the router, that is opening a port not forwarding it. In other words write an input rule for wan.

I have two routers. I have the second arcitrecure:
Router for my home internet > Switch > Tp-Link router > Usb modem.

Tp-Link uses internet from usb modem and share it as a proxy to lan (And what I need: to be able to use this proxy from outside, using router with home internet address for connect to Tp-Link)

opkg update
opkg install tcpdump
tcpdump -evnni any port 6000

Then try capturing the relevant packets when connecting from outside.

So, I see response from tcpdump when I'm trying to use the proxy from outside. It means that port forwarding at my internet router works correct and the issue is at router where is OpenWrt installed.

Screenshot 2023-09-21 at 23.54.021904×546 130 KB

Are you running tcpdump on the openwrt router or somewhere else?

What exactly is your goal? Are you trying to proxy your traffic such that your apparent ip is your home internet connection even when you are away? If so, there are easier options- namely a VPN such as wireguard.

yes. at openwrt router

I have some devices (TP-Link mr3020) with USB modems installed. I use them as a proxy servers at my home laptop. It works only when I'm at my local network (at home). I want to be able to use these proxy remotely.

I’m not entirely following. What is the proxy result you expect?

Change my local IP address. Let's suppose my home IP is 100.200.100.200. I want to change it. I use proxy in my local network and now my laptop's IP is 10.20.10.20. When I'm outside of home (traveling) I need to have the same address (10.20.10.20).

Seems to me that a vpn connection between your remote system and your home router should do the trick. Easier, safer/more secure.

The issue that I have multiple devices with proxy (each one has different IP) and I need to share it with other people.

You can setup multiple peers. And if you have different outbound proxies setup on your home router, policy based routing should allow you to route accordingly.