Can't access my IP Camera/DVR over internet with OpenWrt

Hi. I’m new in openwrt community and a DD-WRT user for like 3 years+. I have one problem with setting up my openwrt router and my home ip camera DVR.

First, my FFTH modem is in bridge and my router operating in PPOE (Linksys WRT1200ac/OpenWRT). Previous of using openwrt, I had no problems setting up access to my DVR over internet. I’m sure that I have one accessible external/public IP and everything goes fine when I use the DD-WRT firm.

My problem is that when using OpenWRT I only have local access to my DVR, I can’t connect to it using my external ip, no matter what I do. I already have forwarded and opened all required ports, but still can’t access the DVR.

My home internet arquiteture is:

MODEM (ISP – Bridge) -- ROUTER (PPOE) --- DVR – COMPUTER (I can acess without problem my files server and my the computer via VNC using the external ip).

What I suspect ?

Well, I already tried to do the same thing setting DD-WRT in the router and could access my computer via vnc, my files server and my DVR too. In the DD-WRT I have disabled the firewall. So, maybe if I disable the firewall in openwrt it should work?

I already search about it, and tried to do, but if I disable the firewall of the openwrt I lost my internet access in all of my dispositives. My firewall rules and traffic are set to allow any host and port of the DVR internal IP.

Already tried to disable and enable VLANs but I don’t know much how to deal with it…

Maybe it’s the firewall zone that is not properly configured ? I didn’t made any changes to it, so, its like the default one.

Is anyone can help me ? I know that is hard to explain and figure out what is happening, but is someone here with the same problem or know how to solve it ?

thank you, and sorry for my bad english.

Would be better for your explanation to post the whole /etc/config/firewall file. There may be several problems such as masquerading or traffic rules (if you are NATing in OpenWrt, then you don't use those but the port forwarding instead).

Even better the network too.
@mmeaht Post here the output of the following command in Preformatted text </>
uci show network ; uci show firewall ; cat /etc/firewall.user

Hello, thanks for answering me!
More info:
my router ip is: 192.168.1.1
my computer local ip is: 192.168.1.150 (this one seems to be fine... vnc and sftp file server working over internet)
my IP camera / DVR is: 192.168.1.119

root@OpenWrt:~# cat /etc/config/firewall

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option dest_ip '192.168.1.150'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option dest_ip '201.57.107.168'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option dest_ip '192.168.1.2'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option dest_ip '192.168.1.3'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option dest_ip '192.168.1.119'
        option dest_port '48831'
        option name 'DVR2'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option src_dport '1-65535'
        option dest_ip '192.168.1.119'
        option dest_port '1-65535'
        option name 'DVR'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option src_dport '1-65535'
        option dest_ip '192.168.1.150'
        option dest_port '1-65535'
        option name 'ser'

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan'

config zone
        option name 'wan'
        option output 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        option input 'ACCEPT'
        option forward 'ACCEPT'
        option network 'wan6 wan'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config rule
        option target 'ACCEPT'
        option src 'wan'
        option proto 'tcp udp'
        option dest_port '5900'
        option name 'VNC'

config rule
        option target 'ACCEPT'
        option src 'wan'
        option proto 'tcp udp'
        option dest_port '48831'
        option name 'INTEL'

config include 'miniupnpd'
        option type 'script'
        option path '/usr/share/miniupnpd/firewall.include'
        option family 'any'
        option reload '1'

config rule
        option target 'ACCEPT'
        option src 'wan'
        option proto 'tcp udp'
        option dest_port '4045'
        option name 'Open4045'

config rule
        option target 'ACCEPT'
        option src 'wan'
        option proto 'tcp udp'
        option dest_port '53928'
        option name 'Open53928'

config rule
        option target 'ACCEPT'
        option src 'wan'
        option proto 'tcp udp'
        option dest_port '49086'
        option name 'Open49086'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option dest_ip '2801:4a72:a13f:6902:5c1:752a:e812:6ed4'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option dest_ip '2021:db2:3034::94a6:b354:361f'

config rule
        option target 'ACCEPT'
        option src 'wan'
        option proto 'tcp udp'
        option name 'all'

config rule
        option target 'ACCEPT'
        option src 'wan'
        option proto 'tcp udp'
        option name 'INTEL 2'
        option dest_port '58311'

config rule
        option target 'ACCEPT'
        option src 'wan'
        option proto 'tcp udp'
        option name 'intel 3'
        option dest_port '54789'

config rule
        option target 'ACCEPT'
        option src 'wan'
        option proto 'tcp udp'
        option name 'intel 4'
        option dest_port '53695'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option src_dport '48831'
        option dest_ip '192.168.1.119'
        option dest_port '48831'
        option name 'sdsd'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option src_dport '53695'
        option dest_ip '192.168.1.119'
        option dest_port '53695'
        option name 'Forward53695'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option src_dport '58311'
        option dest_ip '192.168.1.119'
        option dest_port '58311'
        option name 'Forward58311'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option src_dport '54789'
        option dest_ip '192.168.1.119'
        option dest_port '54789'
        option name 'Forward'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option src_dport '48831'
        option dest_ip '201.57.107.168'
        option dest_port '48831'
        option name 'Forward48831'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option dest_ip '201.57.107.168'
        option dest_port '48831'
        option name 'Forward48831'
        option src_dport '54789'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option src_dport '58311'
        option dest_ip '201.57.107.168'
        option dest_port '58311'
        option name 'Forward58311'

config redirect
        option enabled '1'
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option src_dport '53695'
        option dest_ip '201.57.107.168'
        option dest_port '53695'
        option name 'Forward53695'

config rule
        option target 'ACCEPT'
        option src 'wan'
        option proto 'tcp udp'
        option dest_port '49085'
        option name 'Open490'

hello, thanks for your help... follow the requested information

--
--

root@OpenWrt:~# uci show network
network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fd57:cef2:9ad9::/48'
network.lan=interface
network.lan.type='bridge'
network.lan.ifname='eth0.1'
network.lan.proto='static'
network.lan.ipaddr='192.168.1.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.wan=interface
network.wan.ifname='eth1.2'
network.wan.proto='pppoe'
network.wan.username=
network.wan.password=
network.wan.ipv6='auto'
network.wan.keepalive='0'
network.wan6=interface
network.wan6.ifname='eth1.2'
network.wan6.proto='dhcpv6'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='0 1 2 3 5t'
network.@switch_vlan[0].vid='1'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='4 6t'
network.@switch_vlan[1].vid='2'

--

root@OpenWrt:~# uci show firewall
firewall.@redirect[0]=redirect
firewall.@redirect[0].target='DNAT'
firewall.@redirect[0].src='wan'
firewall.@redirect[0].dest='lan'
firewall.@redirect[0].proto='tcp udp'
firewall.@redirect[0].dest_ip='192.168.1.150'
firewall.@redirect[1]=redirect
firewall.@redirect[1].target='DNAT'
firewall.@redirect[1].src='wan'
firewall.@redirect[1].dest='lan'
firewall.@redirect[1].proto='tcp udp'
firewall.@redirect[1].dest_ip='201.57.107.168'
firewall.@redirect[2]=redirect
firewall.@redirect[2].target='DNAT'
firewall.@redirect[2].src='wan'
firewall.@redirect[2].dest='lan'
firewall.@redirect[2].proto='tcp udp'
firewall.@redirect[2].dest_ip='192.168.1.2'
firewall.@redirect[3]=redirect
firewall.@redirect[3].target='DNAT'
firewall.@redirect[3].src='wan'
firewall.@redirect[3].dest='lan'
firewall.@redirect[3].proto='tcp udp'
firewall.@redirect[3].dest_ip='192.168.1.3'
firewall.@redirect[4]=redirect
firewall.@redirect[4].target='DNAT'
firewall.@redirect[4].src='wan'
firewall.@redirect[4].dest='lan'
firewall.@redirect[4].proto='tcp udp'
firewall.@redirect[4].dest_ip='192.168.1.119'
firewall.@redirect[4].dest_port='48831'
firewall.@redirect[4].name='DVR2'
firewall.@redirect[5]=redirect
firewall.@redirect[5].target='DNAT'
firewall.@redirect[5].src='wan'
firewall.@redirect[5].dest='lan'
firewall.@redirect[5].proto='tcp udp'
firewall.@redirect[5].src_dport='1-65535'
firewall.@redirect[5].dest_ip='192.168.1.119'
firewall.@redirect[5].dest_port='1-65535'
firewall.@redirect[5].name='DVR'
firewall.@redirect[6]=redirect
firewall.@redirect[6].target='DNAT'
firewall.@redirect[6].src='wan'
firewall.@redirect[6].dest='lan'
firewall.@redirect[6].proto='tcp udp'
firewall.@redirect[6].src_dport='1-65535'
firewall.@redirect[6].dest_ip='192.168.1.150'
firewall.@redirect[6].dest_port='1-65535'
firewall.@redirect[6].name='ser'
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='ACCEPT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[0].network='lan'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@zone[1].input='ACCEPT'
firewall.@zone[1].forward='ACCEPT'
firewall.@zone[1].network='wan6 wan'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fc00::/6'
firewall.@rule[3].dest_ip='fc00::/6'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.@rule[9]=rule
firewall.@rule[9].target='ACCEPT'
firewall.@rule[9].src='wan'
firewall.@rule[9].proto='tcp udp'
firewall.@rule[9].dest_port='5900'
firewall.@rule[9].name='VNC'
firewall.@rule[10]=rule
firewall.@rule[10].target='ACCEPT'
firewall.@rule[10].src='wan'
firewall.@rule[10].proto='tcp udp'
firewall.@rule[10].dest_port='48831'
firewall.@rule[10].name='INTEL'
firewall.miniupnpd=include
firewall.miniupnpd.type='script'
firewall.miniupnpd.path='/usr/share/miniupnpd/firewall.include'
firewall.miniupnpd.family='any'
firewall.miniupnpd.reload='1'
firewall.@rule[11]=rule
firewall.@rule[11].target='ACCEPT'
firewall.@rule[11].src='wan'
firewall.@rule[11].proto='tcp udp'
firewall.@rule[11].dest_port='4045'
firewall.@rule[11].name='Open4045'
firewall.@rule[12]=rule
firewall.@rule[12].target='ACCEPT'
firewall.@rule[12].src='wan'
firewall.@rule[12].proto='tcp udp'
firewall.@rule[12].dest_port='53928'
firewall.@rule[12].name='Open53928'
firewall.@rule[13]=rule
firewall.@rule[13].target='ACCEPT'
firewall.@rule[13].src='wan'
firewall.@rule[13].proto='tcp udp'
firewall.@rule[13].dest_port='49086'
firewall.@rule[13].name='Open49086'
firewall.@redirect[7]=redirect
firewall.@redirect[7].target='DNAT'
firewall.@redirect[7].src='wan'
firewall.@redirect[7].dest='lan'
firewall.@redirect[7].proto='tcp udp'
firewall.@redirect[7].dest_ip='2801:4a72:a13f:6902:5c1:752a:e812:6ed4'
firewall.@redirect[8]=redirect
firewall.@redirect[8].target='DNAT'
firewall.@redirect[8].src='wan'
firewall.@redirect[8].dest='lan'
firewall.@redirect[8].proto='tcp udp'
firewall.@redirect[8].dest_ip='2021:db2:3034::94a6:b354:361f'
firewall.@rule[14]=rule
firewall.@rule[14].target='ACCEPT'
firewall.@rule[14].src='wan'
firewall.@rule[14].proto='tcp udp'
firewall.@rule[14].name='all'
firewall.@rule[15]=rule
firewall.@rule[15].target='ACCEPT'
firewall.@rule[15].src='wan'
firewall.@rule[15].proto='tcp udp'
firewall.@rule[15].name='INTEL 2'
firewall.@rule[15].dest_port='58311'
firewall.@rule[16]=rule
firewall.@rule[16].target='ACCEPT'
firewall.@rule[16].src='wan'
firewall.@rule[16].proto='tcp udp'
firewall.@rule[16].name='intel 3'
firewall.@rule[16].dest_port='54789'
firewall.@rule[17]=rule
firewall.@rule[17].target='ACCEPT'
firewall.@rule[17].src='wan'
firewall.@rule[17].proto='tcp udp'
firewall.@rule[17].name='intel 4'
firewall.@rule[17].dest_port='53695'
firewall.@redirect[9]=redirect
firewall.@redirect[9].target='DNAT'
firewall.@redirect[9].src='wan'
firewall.@redirect[9].dest='lan'
firewall.@redirect[9].proto='tcp udp'
firewall.@redirect[9].src_dport='48831'
firewall.@redirect[9].dest_ip='192.168.1.119'
firewall.@redirect[9].dest_port='48831'
firewall.@redirect[9].name='sdsd'
firewall.@redirect[10]=redirect
firewall.@redirect[10].target='DNAT'
firewall.@redirect[10].src='wan'
firewall.@redirect[10].dest='lan'
firewall.@redirect[10].proto='tcp udp'
firewall.@redirect[10].src_dport='53695'
firewall.@redirect[10].dest_ip='192.168.1.119'
firewall.@redirect[10].dest_port='53695'
firewall.@redirect[10].name='Forward53695'
firewall.@redirect[11]=redirect
firewall.@redirect[11].target='DNAT'
firewall.@redirect[11].src='wan'
firewall.@redirect[11].dest='lan'
firewall.@redirect[11].proto='tcp udp'
firewall.@redirect[11].src_dport='58311'
firewall.@redirect[11].dest_ip='192.168.1.119'
firewall.@redirect[11].dest_port='58311'
firewall.@redirect[11].name='Forward58311'
firewall.@redirect[12]=redirect
firewall.@redirect[12].target='DNAT'
firewall.@redirect[12].src='wan'
firewall.@redirect[12].dest='lan'
firewall.@redirect[12].proto='tcp udp'
firewall.@redirect[12].src_dport='54789'
firewall.@redirect[12].dest_ip='192.168.1.119'
firewall.@redirect[12].dest_port='54789'
firewall.@redirect[12].name='Forward'
firewall.@redirect[13]=redirect
firewall.@redirect[13].target='DNAT'
firewall.@redirect[13].src='wan'
firewall.@redirect[13].dest='lan'
firewall.@redirect[13].proto='tcp udp'
firewall.@redirect[13].src_dport='48831'
firewall.@redirect[13].dest_ip='201.57.107.168'
firewall.@redirect[13].dest_port='48831'
firewall.@redirect[13].name='Forward48831'
firewall.@redirect[14]=redirect
firewall.@redirect[14].target='DNAT'
firewall.@redirect[14].src='wan'
firewall.@redirect[14].dest='lan'
firewall.@redirect[14].proto='tcp udp'
firewall.@redirect[14].dest_ip='201.57.107.168'
firewall.@redirect[14].dest_port='48831'
firewall.@redirect[14].name='Forward48831'
firewall.@redirect[14].src_dport='54789'
firewall.@redirect[15]=redirect
firewall.@redirect[15].target='DNAT'
firewall.@redirect[15].src='wan'
firewall.@redirect[15].dest='lan'
firewall.@redirect[15].proto='tcp udp'
firewall.@redirect[15].src_dport='58311'
firewall.@redirect[15].dest_ip='201.57.107.168'
firewall.@redirect[15].dest_port='58311'
firewall.@redirect[15].name='Forward58311'
firewall.@redirect[16]=redirect
firewall.@redirect[16].enabled='1'
firewall.@redirect[16].target='DNAT'
firewall.@redirect[16].src='wan'
firewall.@redirect[16].dest='lan'
firewall.@redirect[16].proto='tcp udp'
firewall.@redirect[16].src_dport='53695'
firewall.@redirect[16].dest_ip='201.57.107.168'
firewall.@redirect[16].dest_port='53695'
firewall.@redirect[16].name='Forward53695'
firewall.@rule[18]=rule
firewall.@rule[18].target='ACCEPT'
firewall.@rule[18].src='wan'
firewall.@rule[18].proto='tcp udp'
firewall.@rule[18].dest_port='49085'
firewall.@rule[18].name='Open490'

--

cat /etc/firewall.user
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
root@OpenWrt:~# cat /etc/firewall.user
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.

Your first 4 redirects are not using any destination ports. Therefore everything is redirected to the computer .150, since it is the first rule.
Add destination ports, just like you have in redirect #5

firewall.@redirect[4].target='DNAT'
firewall.@redirect[4].src='wan'
firewall.@redirect[4].dest='lan'
firewall.@redirect[4].proto='tcp udp'
firewall.@redirect[4].dest_ip='192.168.1.119'
firewall.@redirect[4].dest_port='48831'
firewall.@redirect[4].name='DVR2'
firewall.@redirect[4].src_dport='48831'

I added one last line with src_dport.
Better delete the redirects and create them from the beginning.
If you need one device to be forwarded all the rest of the ports, then this rule must be last.

It appears you have DMZ rules (i.e. forwarding ports ports 1-65535). These rules must be last (and just before any drop rules) - or you can experience extremely undesired effects!

thanks for anyone that helped me! it's working now!...
I set the dmz rules to be the last one, and now i can access the dvr without any problems!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.