Good day to everyone!
A few days ago I installed OpenWRT 18.06.01 on my TP-Link TL-WR841N v8. I used official image and everything get up (now I switched to custom build image without ipv6, ppoe, etc. but problem still there). I want to access to my router from work from specific ip via ssh, so I had add firewall rule and it did't work I tweaked the rule several ways and still nothing. I did try to open ssh to whole world and it's still not working! (not secure, I know, just for the testing) Funny thing that I was manage to open and redirect port for postgresql to home server. To check port I use several web services like this. Also I can't open port for ftp and redirect port for home server's ssh. Dropbear is configured to accept connections on any interface. For now I don't know what to try and where is my mistake. Here is what my rules look like for now:
cat /etc/config/firewall
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option target 'ACCEPT'
option name 'SSH to router'
option src 'wan'
option proto 'tcp'
option dest_port '22'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option target 'ACCEPT'
option src 'wan'
option proto 'tcp'
option name 'SSH to server'
option family 'ipv4'
option dest '*'
option dest_port '10022'
config rule
option target 'ACCEPT'
option proto 'tcp'
option dest_port '5432'
option name 'PostgeSQL'
option family 'ipv4'
option src 'wan'
option dest '*'
config rule
option target 'ACCEPT'
option src 'wan'
option proto 'tcp'
option dest_port '20-21 20021-20121'
option name 'FTP'
option family 'ipv4'
option dest '*'
config rule
option target 'ACCEPT'
option src 'wan'
option proto 'tcp udp'
option dest_port '28360-28370'
option name 'Torrent'
option family 'ipv4'
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
option family 'ipv4'
config zone
option name 'wan'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option forward 'ACCEPT'
option input 'ACCEPT'
option family 'ipv4'
option network 'wan wan6'
config include
option path '/etc/firewall.user'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option dest_ip '192.168.1.2'
option dest_port '5432'
option name 'PostgeSQL'
option src_dport '5432'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option dest_ip '192.168.1.2'
option dest_port '20-21'
option name 'FTP'
option src_dip '@my router's WAN IP'
option src_dport '20-21'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option dest_ip '192.168.1.2'
option dest_port '20021-20121'
option name 'FTP Passive'
option src_dport '20021-20121'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp udp'
option dest_ip '192.168.1.2'
option dest_port '28360-28370'
option name 'Torrent'
config redirect
option enabled '1'
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '1022'
option dest_ip '192.168.1.2'
option dest_port '22'
option name 'SSH to server'
option src_ip '!!!my work ip!!!'
config forwarding
option dest 'wan'
option src 'lan'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'