Two questions, how to forward ports and how to check that they are open successfully?
I seem to have opened the necessary ports.
But the program for checking ports that I found writes that the ports are not open.
I have WireGuard VPN Cloudflare configured on my router, but through Policy Routing it is enabled only for specific devices. For everything except my PC.
How to forward ports and how to check that they are open successfully?
In what sense is it connected? By cable from the provider
I mean is there any router in between the one with openwrt and your modem.
Hello.
I think @dkay is trying to make note that your WAN IP 192.168.91.123/21 is not a Public IP address. So it's probably a good idea to make sure you've made all firewall settings on any upstream Internet device too.
Hope this helps.
I don't have any modem, it's not telephone internet.
Where does it say my IP is 192.168.91.123/21?
In the screenshots that I threw off other numbers
There are other kinds of modems.
I don't care what kinds of modems there are. In my apartment there is only my router and nothing else.
And what should I do with this information?
In general, it doesn't matter if it is a cable or DSL modem, or an ONT or something else... the real question is this: do you control the upstream connection to your router? Your WAN has an RFC1918 address (i.e. a "private" address that is not publicly routable). In order to forward ports, you must first forward them from the real public IP to your OpenWrt device's wan address (192.168.91.123). If you cannot make changes to the upstream network's configuration, you will be unable to open/forward any ports to devices behind your OpenWrt router.
To recap: For port forwarding to work, you must have a public IP on your wan (or if not, you must be able to have configuration access to the device that does have the public IP so that you can setup forwarding in 2 steps).
And how can I get access to a device that I did not know existed and even had no idea where it could be located?
Therein lies the question. But we (the contributors) had no way to know that you didn't control that piece of equipment... that's why you were asked what (modem or other device) was upstream of your OpenWrt router. We've all learned together in this case that you have an upstream network that you cannot control and does not provide a public IP to your OpenWrt wan.
With all of that said, you've reached a dead end with the standard methods with IPv4.
If your upstream network provides you with a proper public IPv6 address (currently not configured on your OpenWrt device), you could use that instead of IPv4. Or, you could use a VPS or other VPN service that provides you with a public IP address that can be used in this way -- this is far more advanced in terms of the configuration process, though and often involves paying for this additional capability.
@K14M your provider needs to want to help you in order for you to be visible from internet. I assume the provider would not want to do this. Basically you will have to be master at tunneling to make this happen by yourself.
If you feel it's what you can accomplish, then the plan is to rent a VPS with public IP, run sshd on that VPS at port 443 tcp (pretend it's HTTPS), make a ssh tunnel to said VPS. While configuring tunnel you will use -R option of ssh to forward local port where your app listens to VPS's IP so anyone from internet who connects to the VPS would connect to your computer (by tunnel).
@K14M Rather than try to use port forwarding through the two or more devices in order to access services on your network remotely, you should look into using a service such as Tailscale or Cloudflare Tunnel. These run an agent within you network which sets up a tunnel to an endpoint in the provider's network on which a reverse proxy runs, providing access to your local service on a public address, but with additional protections.
