We can absolutely get rid of the VPN stuff if you think it's causing problems.
I'd recommend asking the developers (or support forums) for ImmoralWrt, or installing an official version of OpenWrt. In addition, the current stable release version of OpenWrt is 21.02.3 -- 18.06 is obsolete and unsupported (and may have security vulnerabilities). At the very least, please check to see if ImmoralWrt has a newer version.
1 Like
I wouldn't recommend making many changes to the ImmoralWrt version (such as removing the VPN stuff) because that may end up causing other issues (I have no idea if it could break things). Best bet is to use official OpenWrt.
2 Likes
I will do that. I had used this one following a guide specifically for R4S. I will follow up after trying OpenWRT.
Thank you for the information. I was completely stuck and now I have something to pursue.
Great. Let us know if you still have any questions or issues once you've got OpenWrt on there.
thats the semi offical thread.
You can use the offical OpenWrt snapshot (its not in main yet)
i personally like https://github.com/anaelorlinski/OpenWrt-NanoPi-R2S-R4S-Builds as he has docker built in. He also supports both the 1gb and 4gb builds. I dont know if the 1gb patch got added to OpenWrt yet. It was suppose to be upstreamed some while back but as i dont have the 1gb version its not a problem i keep an eye on.
2 Likes
I have the 4GB version, so I will try this one, Thanks!
1 Like
Looks like I'm having the same issue
ubus call system board:
{
"kernel": "5.15.25",
"hostname": "FriendlyWrt",
"system": "ARMv8 Processor rev 4",
"model": "FriendlyElec NanoPi R4S",
"board_name": "friendlyelec,nanopi-r4s",
"release": {
"distribution": "OpenWrt",
"version": "22.03.0-rc1",
"revision": "r19302-df622768da",
"target": "rockchip/armv8",
"description": "OpenWrt 22.03.0-rc1 r19302-df622768da"
}
}
iptables-save -c -t nat
# Generated by iptables-save v1.8.7 on Wed May 25 20:00:17 2022
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:DOCKER - [0:0]
[1407:87442] -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
[0:0] -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
[0:0] -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
[0:0] -A DOCKER -i docker0 -j RETURN
COMMIT
# Completed on Wed May 25 20:00:17 2022
cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option input 'ACCEPT'
option forward 'ACCEPT'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone 'docker'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option name 'docker'
list network 'docker'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'Ark Game1'
option src 'wan'
option src_dport '7777'
option dest_port '7777'
option dest_ip '192.168.1.205'
list proto 'tcp'
list proto 'udp'
cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd00:ab:cd::/48'
config device
option name 'eth0'
option macaddr 'MACADD'
config interface 'wan'
option device 'eth0'
option proto 'dhcp'
config interface 'wan6'
option device 'eth0'
option proto 'dhcpv6'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1'
config device
option name 'eth1'
option macaddr 'MACADD'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.1.1'
config interface 'docker'
option device 'docker0'
option proto 'none'
option auto '0'
config device
option type 'bridge'
option name 'docker0'
Have you verified that the host (at 192.168.1.205) is listening for (and responding to) connection requests (you can test this locally within your LAN).
Does QoS have any impact on port forwarding?
should i just ping? what do you suggest to check this?
This is a problem!! Change input and forward to reject. Do this immediately.
1 Like
No, ping won't verify this. You need your game (or whatever service) to be running and ready to accept connections. And the best way to test is to use another device (inside the network) to connect to that service.
Or use a port scanning app from a device on your internal network to look to see if port 7777 is listed as open on that host.
I just booted up the game and connected internally just fine. I was able to find the service on LAN
with the game running, you can run a port scan from a website. But you might also just want to ask someone who also uses that game to try to connect to your game server.
1 Like
I know it wont work because yougetsignal.com doesn't see the port as open. It immediately responds as closed.
ShieldsUp! reports it is stealthed
Some scanners don't always produce accurate results. And some services don't actually respond anyway (Wireguard. for example, doesn't respond at all, unless you have the correct cryptographic keys).
That is why it is worth actually trying a real connection from a game. You may be right that it could fail, but worth trying.
So I had my brother connect his PC to a hotspot to try this out, and all he can see is my Host's internal IP with the port after it. The public IP isn't on there, and of course he is unable to join.
I also had him do a direct connect to the external ip and port and there was no connection. No servers were found at the address.