there is no such a field... \
also i am not sure, as everything worked before i changed isp router;;; so the issue has to be in the isp router not openwrt... as nothing was touched in openwrt settings..
I also tried to untick rebind protection but didnt help.
what version of OpenWrt are you using? And on what device?
maybe i should use Domain whitelist? section
Model
Linksys WRT1900AC
Architecture
ARMv7 Processor rev 2 (v7l)
Firmware Version
OpenWrt 19.07.3 r11063-85e04e9f46 / LuCI openwrt-19.07 branch git-20.136.49537-fb2f363
I would recommend upgrading to 21.02.1.
Actually the correct place to add the hostname is Network/Hostnames
Although, if the homeassistant is getting its settings by dhcp, you could enable the dns option for the static lease entry, so that the hostname will be automatically added when HA is connected.
Ummmmm...isn't "Hairpin NAT" an analogous term for the OpenWrt term "NAT Loopback"???
Using this firewall rule as an e.g. - it allows access to an HTTP server using its public IP or global hostname (which should resolve to its Public IP) from LAN:
Rebind protection means someone setup a LAN IP in the global DNS...that may be likely; but usually NOT the case - because this can cause security issues if not really needed.
The most common use case would probably be for routers connected to networks with Private IP address and internal DNS servers giving out Private IPs of Private servers (i.e. no Public Internet).
dont understand that much ... what u want to achieve with that also whats src_ip and dest_ip in that case
my config is as
firewall.@redirect[21]=redirect
firewall.@redirect[21].dest_port='8123'
firewall.@redirect[21].src='wan'
firewall.@redirect[21].name='hass'
firewall.@redirect[21].target='DNAT'
firewall.@redirect[21].dest_ip='10.0.1.104'
firewall.@redirect[21].dest='lan'
firewall.@redirect[21].proto='tcp'
firewall.@redirect[21].src_dport='8123'
firewall.@redirect[21].reflection='1'
also as i mentioned all worked fine, i replaced isp router; added exactly same ip forward rule and now its not working ...
Well..I don't see how the OpenWrt is even involved.
I was confused about the re-add if the OpenWrt was untouched, my apologies.
i dont understand whats the issue at all ,, all these posts are incomplete / no final solution just broken pieces of information.
so basically there is no solution for a case that was fully working? As it doesnt work apparently something is broken.
Its primitive port forwarding; works for other services but yes i cant access my hass from local network. as mentioned in above posts they are clearly saying that hairpin nat has to be enabled ...
At this point of setting up we need to check one capability of your router: Hairpin NAT (otherwise known as NAT reflection or NAT loopback). What this means is the ability of your router to mirror a request from its inside (LAN) interface to its outside (WAN) address back to an internal IP address (in this case, your Home Assistant), thus reflecting or hairpinning the traffic. It's easy to check if this works: Just open a browser on your phone or PC while connected to your home network and opening http://my-home.duckdns.org:8123 - if it works, you have hairpin NAT working and can go on to the next section. Most current routers will support NAT hairpinning out of the box, there are however some routers (especially if you got your router from your ISP) that do not have this ability or have it disabled. If this is the case, you need to check if you can enable it on your router or, if you can't, you will need to set up Split Brain DNS.
I thought I said that you should check the device that was actually touched when the problem occurred - the ISP router. If you want to troubleshoot the OpenWrt needlessly, my apologies, I didn't understand you may be exhausting options with the device that was working.
My bad and apologies for interrupting, as I see you have a similar rule.
ok, basically it doesnt work because openwrt is broken https://bugs.openwrt.org/index.php?do=details&task_id=1645
If you haven't provided that information from the new ISP router...but that's not related to OpenWrt. I would verify that not that you have this new ISP that you actually have public IP address.
Or...you can say it only works for the single IP you set (e.g. you setup a personal webserver on your desktop, and test from the desktop)...but sure, call it "broken".
As I noted:
This works exactly as people desire (I assume those calling it a bug need the developers to identify exactly what each person else wishes to redirect - besides the IP itself, without creating a security hole).
@lleachii sorry i dont understand any sentense you wrote.
And i will repeat it again
Did you add the rule?
Where is 10.0.1.104 (Network and zone)?
omg ... what are u trying here is nonsense.
repeating again i cant just access it from within local computer.
I understand, please answer.
104 is exactly there as on the image provided. On the same lan as local pc trying to access it.
the rule you are pasting is Incorrect, whats the point of srp ip as subnet ...
Is it possible to do an inbound test for another machine?
This would be to see if the loopback works on the port in question.