Home Assistant Port Not Working

skyking · December 13, 2025, 10:58pm

Trying to do a simple Port Forward (just like it was working on my old ASUS Router)

Listen for incoming port 18213 and forward to host at 192.168.1.3 listening port 8123

Tried using ddns domain and public IP :18213

Port is Closed using web port checker and telnet

I can access HomeAssistant using it's LAN IP from another LAN host (192.168.1.3:8123)

So it's listening and responding on 8123 locally but not with port forwarding enabled accessed from wan

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'homeasst'
	option src 'wan'
	option src_dport '18213'
	option dest_ip '192.168.1.3'
	option dest_port '8123'
	list proto 'tcp'
	option family 'ipv4'

brada4 · December 13, 2025, 11:14pm

Remove 2 lines, there is no routing intent when entering only public IP with its own address as destination.

config redirect
-	option dest 'lan'
	option target 'DNAT'
	option name 'homeasst'
	option src 'wan'
	option src_dport '8123'
	option dest_ip '192.168.1.3'
-	option dest_port '8123'
	list proto 'tcp'
	option family 'ipv4'

skyking · December 13, 2025, 11:30pm

Any incoming port 8123 needs to forward to lan 192.168.1.3 port 8123 that is how this is set up

brada4 · December 13, 2025, 11:39pm

You do not change the port
Internet has no clue about your internal network

I am just correcting your rule, not discussing it.

EDIT: dest parameter is filter, not route...

psherman · December 14, 2025, 2:27am

No, those two lines should remain in place.

Have you verified that your ddns domain is resolving correctly. Specifically, does the following match:

ifstatus wan | grep address
nslookup <your_ddns_doman_name>

skyking · December 14, 2025, 2:39am

Yes, ddns working and no open port or response from HA using both domain and public IP. I've tried all of the obvious things. No forward has me stumped.

psherman · December 14, 2025, 2:41am

Let's review a few additional things:

What OS is HA running on (i.e. HAOS, Linux, MacOS, Windows, etc.)?
Is HA responding normally when accessed from the lan (192.168.1.3:8123)?
From where are you testing the ddns domain (from within your network, or outside via cellular or another network)
Let's review your config:

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button (red circle; this works best in the 'Markdown' composer view in the blue oval):

Remember to redact passwords, VPN keys, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall

skyking · December 14, 2025, 2:59am

Ha running on RasPi4 docker. Has worked for several years and was accessible via port forwarding on my ASUS Router which I just replaced with the GL.iNet MT-6000 running full OpenWRT (not OEM).
Yes HA loads to host on LAN
DDNS tested from one of my public servers (nslookup shows correct WAN IP) I'm also running WireGuard on router but I have DDNS set to the WAN Public IP
network config looks fine, standard stuff

psherman · December 14, 2025, 3:03am

I'm guessing that WireGuard is running here as a 'client' (i.e. connecting to a commercial VPN provider)? If you're running it as a 'server' instead, please let me know.

Assuming that the above s correct, you need Policy Based Routing. This will allow you to specify that the egress (return) traffic goes out the wan instead of via the tunnel (more than likely, your default route is via the tunnel). The port forwarding is likely working, but the traffic that is sent back to the remote host (i.e. the device initiating the connection) is not routed properly via the wan, thus your port forwarding appears to be failing since you're not getting the right connectivity.

The quick test you can run to confirm my hypothesis is to disable Wireguard and then test the port forwarding.

skyking · December 14, 2025, 3:09am

Yes WG is Client

I have pbr and use it to exclude LAN IPs from the VPN (works slick)

All tests for port forwarding have gone directly to the Public IP on WAN not the VPN

I can disable wgh interface and see what happens

skyking · December 14, 2025, 3:12am

I think you're onto something.

Port now open with wg interface disabled, so there is a conflict there

HA now loading on mobile using DDNS domain too

Now to figure out what is blocking forwarding in the wg interface/firewall

psherman · December 14, 2025, 3:16am

Yup. Exactly as I expected.

psherman · December 14, 2025, 3:19am

As I said earlier:

skyking · December 14, 2025, 3:21am

This works! Thanks for the guidance. Tricky is the Port Forwarding with VPN...

pbr:

config policy
	option name 'ha-wg'
	option src_addr '192.168.1.3'
	option src_port '8123'
	option proto 'tcp'
	option interface 'wan'

system · December 24, 2025, 3:22am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.