Double NAT/Firewall/Port Forward Problem

Right now its at and its working if I revert to the connection drops and refuses to reconnect. Unless you meant revert back to which it is at now.

oh... now that I'm looking at it again, that's the DHCP server for your lan. If you leave it blank, does it work? I would expect that it would send the correct gateway (probably to your DHCP clients.

BTW, you do not need to redact anything here... these are all RFC1918 addresses which are not publicly routable and therefore not sensitive/private information.

You were right, leaving it blank made it send the correct gateway to DHCP clients. It is odd that I don't see it as an active DHCP lease in openwrt but im assuming that could be related to having turned DHCP for the lan interface. Would I still need to port forward from the openwrt modem to the router or is it not necessary?

Yes, port forwarding will still be necessary. You can forward all ports as a range to the Asus device, or you can forward just the ones you need. Depends on how much you trust the Asus device's firewall.

I want to essentially seal off the openwrt device but still be able to get in the gui or ssh in at least. As far as the port range im not sure what to put for that specific scenario but im assuming something between 30 and 99999. Ive been looking for a case example as mine to replicate in the forums and online but can't find one. For internal IP address I pick the Asus from the dropdown correct? Would enabling DMZ or DDNS on the ASUS work in my situation or would DMZ/DDNS need to be setup through Openwrt?

I'd recommend just forwarding specific ports on the OpenWrt router if/when they are needed. If you don't have any services running behind the Asus router that need to be accessable from the internet, you don't need to forward any ports at all.

I did some port blocking and forwarded 80 and 443 hopefully that should be enough. I appreciate your help nonetheless, very much appreciated brother.

Glad I could help.

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks! :slight_smile: