Hey guys,
I have a problem with my OpenWRT configuration. I used the port forwarding feature for Huawei's inverter to connect to Modbus (from IP). I am connected as a client using OpenWRT to inverter's WiFi but after some time the forwarded port (502) disappears and is no longer visible from the external IP from the OpenWRT router. When I restart the router I get the port back for a while.
My router: D-Link DWR-116 A1/A2, OpenWrt 19.07.8.
The inverter's configuration:
- gateway: 192.168.200.1,
- DHCP.
**root@XYZ:~# cat /etc/config/firewall**
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option name 'solarnik'
list network 'solar'
option input 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
option output 'ACCEPT'
config forwarding
option dest 'lan'
option src 'solarnik'
config forwarding
option dest 'solarnik'
option src 'lan'
config redirect
option dest_port '502'
option name 'Forward_NOW'
option src_dport '502'
option target 'DNAT'
option dest 'lan'
option src 'lan'
option dest_ip '192.168.200.1'
**root@XYZ:~# /etc/init.d/firewall restart**
Warning: Unable to locate ipset utility, disabling ipset support
Warning: Section @zone[1] (wan) cannot resolve device of network 'wan'
Warning: Section @redirect[0] (Forward_NOW) does not specify a protocol, assuming TCP+UDP
Warning: Section @zone[1] (wan) has no device, network, subnet or extra options
* Flushing IPv4 filter table
* Flushing IPv4 nat table
* Flushing IPv4 mangle table
* Flushing IPv6 filter table
* Flushing IPv6 mangle table
* Flushing conntrack table ...
* Populating IPv4 filter table
* Rule 'Allow-DHCP-Renew'
* Rule 'Allow-Ping'
* Rule 'Allow-IGMP'
* Rule 'Allow-IPSec-ESP'
* Rule 'Allow-ISAKMP'
* Redirect 'Forward_NOW'
* Forward 'lan' -> 'wan'
* Forward 'solarnik' -> 'lan'
* Forward 'lan' -> 'solarnik'
* Zone 'lan'
* Zone 'wan'
* Zone 'solarnik'
* Populating IPv4 nat table
* Redirect 'Forward_NOW'
* Zone 'lan'
* Zone 'wan'
* Zone 'solarnik'
* Populating IPv4 mangle table
* Zone 'lan'
* Zone 'wan'
* Zone 'solarnik'
* Populating IPv6 filter table
* Rule 'Allow-DHCPv6'
* Rule 'Allow-MLD'
* Rule 'Allow-ICMPv6-Input'
* Rule 'Allow-ICMPv6-Forward'
* Rule 'Allow-IPSec-ESP'
* Rule 'Allow-ISAKMP'
* Forward 'lan' -> 'wan'
* Forward 'solarnik' -> 'lan'
* Forward 'lan' -> 'solarnik'
* Zone 'lan'
* Zone 'wan'
* Zone 'solarnik'
* Populating IPv6 mangle table
* Zone 'lan'
* Zone 'wan'
* Zone 'solarnik'
* Flushing conntrack: 192.168.200.100
* Set tcp_ecn to off
* Set tcp_syncookies to on
* Set tcp_window_scaling to on
* Running script '/etc/firewall.user'
I noticed two things too:
1a) When I still have the working port forwarding:
1a
1b) And when port forwarding is not working (port 502 is not available):
1b
2a) When I still have the working port forwarding:
2a
2b) And when port forwarding is not working (port 502 is not available):
2b
Thanks in advance!