Hello,
I switched to a new ISP and changed the router mode from DHCP to PPPoE. Everything works flawlessly, except the access of a webserver behind the router. When I check the IP addresses, there is a deviation between the ones in OpenWRT (a Link Local Address; 100.65.3.XXX) and the external one (checked via curl https://ipinfo.io/ip and verified by DDNS service). I forwarded the ports 80 and 443 from wan to lan, but I cannot access the service behind it.
uci export network gives the following output.
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'xxx::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
list dns '8.8.8.8'
list dns '8.8.4.4'
config device
option name 'wan'
option macaddr 'aa:aa:aa'
config interface 'wan'
option proto 'pppoe'
option username 'xxx'
option password 'yyy'
option ipv6 'auto'
option device 'wan'
config interface 'guest'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.3.1'
option netmask '255.255.255.0'
list dns '94.140.14.15'
list dns '94.140.14.16'
It worked, when the OpenWRT router was behind my first router and acted as a DHCP server only.
This is CG-NAT. It is not Link Local (which are the 196.254.0.0/16 'self assigned' IP addresses that happen when a DHCP server isn't available).
Anyway, CG-NAT means that you do not have a publicly routable IP address, and therefore your servers will not be accessible. There is no easy way around this situation. You can talk to your ISP to see if they can give you a public IP address (this may or may not be an option, and/or it may involve extra cost).
Failing that, there is one more complex option which involves VPNs and is not trivial and may well involve additional costs.
Thank you slh,
to me it looks like the WAN interface has a "weird" IPv6 address as well, but the WAN_6 (Virtual dynamic interface (DHCPv6 client)) uses a correct IPv6 address. I will try to create some traffic rules since it looks lile port forwarding is for IPv4 only.
Hello psherman,
ISP confirmed that with my current configuration external access is not possible, but with a small fee they will modify it, so the router will use a public routable IP. Thank you for your support.