Cant port forward?

Im trying to make my desktop (.4.3) accessible from internet on ports 4000, 4002, 4080, 4443 for NoMachine. Tried installing miniupnpd but it stopped working after letting the punch thru once. Honestly dont know how can i elaborate further. I thought this was supposed to be one of the simple things i could do.

Much easier to figure out the problem with the text config.

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/firewall
1 Like

Thanks for the suggestion, this is the output.


config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'
        option flow_offloading '1'
        option flow_offloading_hw '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wg_ice'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'
        option enabled '0'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'
        option enabled '0'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'
        option enabled '0'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'
        option enabled '0'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Support-UDP-Traceroute'
        option src 'wan'
        option dest_port '33434:33689'
        option proto 'udp'
        option family 'ipv4'
        option target 'REJECT'
        option enabled '0'

config include
        option path '/etc/firewall.user'

config rule
        option name 'que wan to lan'
        list proto 'all'
        option src 'wan'
        option dest 'lan'
        list dest_ip '192.168.4.10'
        option target 'REJECT'

config rule
        option name 'que lan to wan'
        list proto 'all'
        option src '*'
        list src_ip '192.168.4.10'
        option dest 'wan'
        option target 'REJECT'

config nat
        list proto 'tcp'
        list proto 'udp'
        option src '*'
        option src_ip '192.168.4.3'
        option src_port '53'
        option dest_port '53'
        option snat_port '6053'
        option name 'g'
        option dest_ip '192.168.4.1'
        option target 'MASQUERADE'
        option enabled '0'

config nat
        list proto 'tcp'
        list proto 'udp'
        option src '*'
        option src_ip '127.0.0.1'
        option src_port '6053'
        option dest_ip '192.168.4.3'
        option snat_port '53'
        option target 'MASQUERADE'
        option enabled '0'

config rule
        option name 'printer'
        list proto 'all'
        option src 'lan'
        list src_mac 'E0:BB:9E*********'
        option dest 'wan'
        option target 'DROP'

config ipset
        option enabled '0'
        option name 'blockfacebook'
        option family 'ipv4'
        option storage 'hash'
        option match 'dest_ip'
        option maxelem '256'
        option timeout '7200'

config rule 'filter_fwd'
        option name 'Filter-IPset-DNS-Forward'
        option src 'lan'
        option dest 'wan'
        option proto 'all'
        option family 'ipv4'
        option ipset 'filter dest'
        option target 'REJECT'

config rule 'filter6_fwd'
        option name 'Filter-IPset-DNS-Forward'
        option src 'lan'
        option dest 'wan'
        option proto 'all'
        option family 'ipv6'
        option ipset 'filter6 dest'
        option target 'REJECT'

config include 'dnsmasq'
        option path '/etc/firewall.dnsmasq'
        option reload '1'

config include 'miniupnpd'
        option type 'script'
        option path '/usr/share/miniupnpd/firewall.include'
        option family 'any'
        option reload '1'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option src 'wan'
        option src_dport '4000'
        option dest_ip '192.168.4.3'
        option dest_port '4000'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option src 'wan'
        option src_dport '4022'
        option dest_ip '192.168.4.3'
        option dest_port '4022'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option src 'wan'
        option src_dport '4080'
        option dest_ip '192.168.4.3'
        option dest_port '4080'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option src 'wan'
        option src_dport '4443'
        option dest_ip '192.168.4.3'
        option dest_port '4443'

config rule
        option src 'wan'
        option dest 'lan'
        list dest_ip '192.168.4.3'
        option dest_port '4000'
        option target 'ACCEPT'

config rule
        option src 'wan'
        option src_port '4000'
        option dest 'lan'
        option target 'ACCEPT'

config rule
        option src 'wan'
        option src_port '4080'
        option dest 'lan'
        option target 'ACCEPT'

config rule
        option src 'wan'
        option src_port '4443'
        option dest 'lan'
        option target 'ACCEPT'

config rule
        option src 'wan'
        option src_port '4022'
        option dest 'lan'
        option target 'ACCEPT'

What is the purpose of these? They should probably be deleted. The only rules you want are redirect (port forwarding).

1 Like

those were the rules i created when trying to figure out why i couldnt port forward, deleted them and nothing changed.

In your op, you mentioned port 4002. One of these is a typo.

1 Like

Other things to check:

  • Have you verified that the host at 192.168.4.3 is up and running and that it is listening for connections on the desired ports.
  • Do you have a proper public IP address on your OpenWrt WAN?
2 Likes