How to configure HTTPS as the default for OpenWrt

Installing and Using OpenWrt
21

It doesn't work like this.
Only one lan host can correspond to one port forwarded.

1 Like
22

Oh, okay.

I'll make the necessary adjustments, then.

So regarding the output on previous post, what do you think?

23

The firewall part was the same as before.
The firewall.user and the miniupnpd were not posted.

24

I'm honestly on my wit's end here.

Should I just erase the module and reconfigure it again?

25

If you have fixed the addresses I don't see why the upnp won't work. But you need to post the configuration to make sure there is no other mistake.

1 Like
26

image
image2048×1452 322 KB
image
image2048×1169 270 KB

Here, attached is the configuration. The internal addresses are the same as you suggested (192.168.1.0); just couldn’t fit it in the picture.

27

This is not the proper way to show the configuration. If the uci export miniupnpd is not working, try with the head -n -0 /etc/config/*upnp*
Are the port forwardings working fine now?

28 
config upnpd 'config'
        option internal_iface 'lan'
        option port '5000'
        option upnp_lease_file '/var/run/miniupnpd.leases'
        option enabled '1'
        option uuid 'd80bf12e-5032-4773-9f26-36ff2f1d01c2'
        option download '9000'
        option upload '8200'
        option log_output '1'

config perm_rule
        option action 'allow'
        option ext_ports '1024-65535'
        option int_ports '1024-65535'
        option comment 'Allow high ports'
        option int_addr '192.168.1.0'

config perm_rule
        option action 'deny'
        option comment 'Default deny'
        option ext_ports '0-1023'
        option int_ports '0-1023'
        option int_addr '192.168.1.0'


==> /etc/config/upnpd-opkg <==
config upnpd config
        option enabled          0
        option enable_natpmp    1
        option enable_upnp      1
        option secure_mode      1
        option log_output       0
        option download         1024
        option upload           512
#by default, looked up dynamically from ubus
#       option external_iface   wan
        option internal_iface   lan
        option port             5000
        option upnp_lease_file  /var/run/miniupnpd.leases
        option igdv1            0

config perm_rule
        option action           allow
        option ext_ports        1024-65535
        option int_addr         0.0.0.0/0       # Does not override secure_mode
        option int_ports        1024-65535
        option comment          "Allow high ports"

config perm_rule
        option action           deny
        option ext_ports        0-65535
        option int_addr         0.0.0.0/0
        option int_ports        0-65535
        option comment          "Default deny"

Attached above is the output of the command you suggested. From what I can understand, it should work. I guess it's because I do not have a public IP since my ISP Modem is set to bridge.

29

You didn't add the mask suffix in the address part, so no it won't work like this.

30

I did the necessary corrections.

config upnpd 'config'
        option internal_iface 'lan'
        option port '5000'
        option upnp_lease_file '/var/run/miniupnpd.leases'
        option enabled '1'
        option uuid 'd80bf12e-5032-4773-9f26-36ff2f1d01c2'
        option download '9000'
        option upload '8200'
        option log_output '1'

config perm_rule
        option action 'allow'
        option ext_ports '1024-65535'
        option int_ports '1024-65535'
        option comment 'Allow high ports'
        option int_addr '192.168.1.0/24'

config perm_rule
        option action 'deny'
        option comment 'Default deny'
        option ext_ports '0-1023'
        option int_ports '0-1023'
        option int_addr '192.168.1.0/24'

It should work now, right?

31

Yes, now it is fine.