DMZ Not working

hello guys iam trying to setup dmz (to make nat type in my games:open ) i did everything whats wrong with my config
also i used upnp and allowed port but nat type still strict :worried:
and i sing Masquerading in both lan and wan because without using this cannot connect to internet
(mybe in lan i dont need it but idont know )

my device is :td8970n
version: Powered by LuCI openwrt-18.06 branch (git-19.020.41695-6f6641d) / OpenWrt 18.06.2 r7676-cddd7b4c77

here is my config files (firewall and network)

firewall:

config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'

config include
option path '/etc/firewall.user'

config zone
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option network 'wan'
option name 'wan'

config zone
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option name 'lan'
option network 'lan'

config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp udp'
option src_dport '1-65535'
option dest_ip '192.168.1.1'
option dest_port '1-65535'
option name 'DMZ'

network:

config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'fdef:e6d7:60b5::/48'

config interface 'lan'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option macaddr 'f8:1a:67:d8:ce:ba'
option delegate '0'
option ifname 'eth0.11'

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'

config switch_vlan
option device 'switch0'
option vlan '1'
option ports '4 6t'
option vid '11'

config atm-bridge 'atm'
option encaps 'llc'
option nameprefix 'dsl'
option vci '59'
option vpi '0'
option payload 'bridged'

config interface 'wan'
option proto 'pppoe'
option ipv6 '0'
option ifname 'dsl0'
option mtu '1430'
option peerdns '0'
option dns '178.22.122.100'

config dsl 'dsl'
option xfer_mode 'atm'
option line_mode 'adsl'
option ds_snr_offset '0'
option annex 'admt'

config switch_vlan
option device 'switch0'
option vlan '2'
option ports '2 6t'
option vid '22'

config interface 'lanport3'
option proto 'static'
option delegate '0'
option type 'bridge'
option netmask '255.255.255.0'
option ipaddr '192.168.2.1'
option ifname 'eth0.22'

You really need to revert back to default settings.

There are many things that don't look right..... = not safe.

Then take a look at this line;

option dest_ip '192.168.1.1'

This means that you will be sending all this traffic to your LAN interface on the SAME router.... which i'm pretty sure ain't your gaming device.

4 Likes

thanks for your replay my dude both of things you said was correct instantly after revert back to defaults i was doubting about my zone setting because i saw a difference compare to my zone setting and ip of my gaming device was incorrect

i wasted about full 3 days to install openwrt and config it ( i know its stupid :anguished:) since first i bricked my router and then unbricked it took too long for me i still have some issues with it somehow
btw i realy much appreciate your answer

i wanna put a setting here for common default dmz setting if somebody see here in future

ok it mybe only works for default lan interface of openwrt you need to do 2 main thing
1-do not touch default firewall zone setting
2-add these to the redirect section in firewall file which is in \etc\config\firewall

config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp udp'
option src_dport '1-65535'
option dest_ip '192.168.xxx.xxx' (put ip of your gaming device for example ps4 or pc here )
option dest_port '1-65535'
option name 'DMZ'

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.