How to access 22 and 80 from outside home

Forwarding is setup correctly, although you don't need the udp.
However there are no hits from the wan, so nothing seems to have reached the router.

1 Like
root@OpenWrt:~#     tcpdump -n -i any tcp port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
11:29:43.031446 IP 192.168.144.126.33234 > 172.217.10.227.80: Flags [P.], seq 850388192:850388493, ack 2214426076, win 1369, options [nop,nop,TS val 9772975 ecr 2822916100], length 301: HTTP: HEAD /generate_204 HTTP/1.1
11:29:43.031446 IP 192.168.144.126.33234 > 172.217.10.227.80: Flags [P.], seq 0:301, ack 1, win 1369, options [nop,nop,TS val 9772975 ecr 2822916100], length 301: HTTP: HEAD /generate_204 HTTP/1.1
11:29:43.031486 IP 10.120.35.15.33234 > 172.217.10.227.80: Flags [P.], seq 850388192:850388493, ack 2214426076, win 1369, options [nop,nop,TS val 9772975 ecr 2822916100], length 301: HTTP: HEAD /generate_204 HTTP/1.1
11:29:43.171374 IP 172.217.10.227.80 > 10.120.35.15.33234: Flags [P.], seq 1:84, ack 301, win 386, options [nop,nop,TS val 2822976311 ecr 9772975], length 83: HTTP: HTTP/1.1 204 No Content
11:29:43.171404 IP 172.217.10.227.80 > 192.168.144.126.33234: Flags [P.], seq 1:84, ack 301, win 386, options [nop,nop,TS val 2822976311 ecr 9772975], length 83: HTTP: HTTP/1.1 204 No Content
11:29:43.171412 IP 172.217.10.227.80 > 192.168.144.126.33234: Flags [P.], seq 1:84, ack 301, win 386, options [nop,nop,TS val 2822976311 ecr 9772975], length 83: HTTP: HTTP/1.1 204 No Content
11:29:43.172418 IP 192.168.144.126.33234 > 172.217.10.227.80: Flags [.], ack 84, win 1369, options [nop,nop,TS val 9772989 ecr 2822976311], length 0
11:29:43.172418 IP 192.168.144.126.33234 > 172.217.10.227.80: Flags [.], ack 84, win 1369, options [nop,nop,TS val 9772989 ecr 2822976311], length 0
11:29:43.172438 IP 10.120.35.15.33234 > 172.217.10.227.80: Flags [.], ack 84, win 1369, options [nop,nop,TS val 9772989 ecr 2822976311], length 0

At my last(previous post) I have connected to an online port checker and let tdpdump to work.
Also when I try to connect to my IP or duck domain from my mobile though data connection the tcpdump is not giving anything.

This is the communication of a lan host to an internet web server.

This is not a proper way to test. Use the mobile phone data, after you have switched off wifi.

I edited my post, I did that like that now. Its not responding

Then nothing is reaching the router.
What is the output of ip -4 addr ?

There you go sir

root@OpenWrt:~#  ip -4 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
10: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 192.168.144.1/24 brd 192.168.144.255 scope global br-lan
       valid_lft forever preferred_lft forever
13: pppoe-wan: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN group default qlen 3
    inet 10.120.35.15 peer 10.13.255.10/32 scope global pppoe-wan
       valid_lft forever preferred_lft forever

The pppoe IP is private, which means you are behind ISP NAT. DDNS will also not work, as this IP is not public on the internet.
You need to discuss it with your ISP to provide you with a public routable IP.

3 Likes

I called the ISP again and they managed to remove that NAT, now when I visit my ip from mobile data the tcpdump output is showing my mobiles ip address connection
The strange is at the online port checker 80 is showing still blocked.

root@OpenWrt:~# tcpdump -n -i any tcp port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
14:20:36.355440 IP 188.73.254.56.40484 > 37.6.229.66.80: Flags [S], seq 502883869, win 64240, options [mss 1380,sackOK,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,wscale 9], length 0
14:20:36.635477 IP 188.73.254.56.40486 > 37.6.229.66.80: Flags [S], seq 1683444408, win 64240, options [mss 1380,sackOK,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,wscale 9], length 0
14:20:37.360578 IP 188.73.254.56.40484 > 37.6.229.66.80: Flags [S], seq 502883869, win 64240, options [mss 1380,sackOK,TS val 7388832 ecr 0,nop,wscale 9], length 0
14:20:37.755282 IP 188.73.254.56.40486 > 37.6.229.66.80: Flags [S], seq 1683444408, win 64240, options [mss 1380,sackOK,TS val 7388864 ecr 0,nop,wscale 9], length 0
14:20:39.401601 IP 188.73.254.56.40484 > 37.6.229.66.80: Flags [S], seq 502883869, win 64240, options [mss 1380,sackOK,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,wscale 9], length 0
14:20:39.700251 IP 188.73.254.56.40486 > 37.6.229.66.80: Flags [S], seq 1683444408, win 64240, options [mss 1380,sackOK,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,nop,wscale 9], length 0
^C
6 packets captured
6 packets received by filter
0 packets dropped by kernel

1 Like

Wait, finally it's done. The test-server ip had been changed, now I corrected it and it's up accesible from the internet.

A million thank you to all contributed to this.

2 Likes

How can I do that;

You can do that with pbr package

1 Like

Yes that is it. Thank you again.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.