How to open port 3074 manually without upnp?

isslam · February 23, 2020, 1:49pm

hello,

i want to open this port , i
also checked with netstat -tulpn | grep LISTEN i can't find except ports 53,22, 5000 for upnp, 80 and my wan ip uses 53 only
also i did port scan from outside while i playing call of duty with canyouseeme.org it shows

**Error:**  I could  **not**  see your service on  **x.x.x.x**  on port ( **3074** )
Reason:<small> Connection refused</small>

also port 1900 state is not listen

psherman · February 23, 2020, 3:44pm

Generally speaking, if you're doing this with the LuCI web interface, just go to Network > Firewall > Port Forwards and click the Add button to configure your new port forward. Alternatively, you can ssh into the router and issue UCI or directly edit the firewall file.

Keep in mind that a port scanner will not see a specific port as open unless it is both configured in the router's firewall AND the appropriate device + service (game) is running and listening for the inbound connection.

Also know that opening ports is not always necessary unless you are expecting users/devices on the internet to initiate the connection to your device/service/game. So open ports only if you need to in order to get the service to work and are specifically instructed to by the game/service (or the corresponding support information from the game/device/service developer).

If you post the contents of your firewall file, we can see if things are already configured and/or if there are any errors (/etc/config/network).

isslam · February 23, 2020, 4:10pm

thanks for your response my firewall file configuration:

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan'
	option family 'ipv4'

config zone
	option name 'wan'
	option output 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	option forward 'ACCEPT'
	option input 'ACCEPT'
	option family 'ipv4'
	option network 'wan wan6'

config forwarding
	option dest 'wan'
	option src 'lan'

config rule
	option src_port '3074'
	option src 'wan'
	option target 'ACCEPT'
	option dest 'lan'
	option family 'ipv4'
	option direction 'in'
	option name 'cod'
	list proto 'udp'
	list dest_ip '192.168.1.129'
	option device 'pppoe-wan'

config redirect
	option src_dport '3074'
	option dest_ip '192.168.1.129'
	option src 'wan'
	option name 'cod'
	option target 'DNAT'
	option dest_port '3074'
	option dest 'lan'
	option reflection '0'

config include 'miniupnpd'
	option type 'script'
	option path '/usr/share/miniupnpd/firewall.include'
	option family 'any'
	option reload '1'

config nat
	option src 'lan'
	option snat_ip 'x.x.x.x'
	option src_ip '!192.168.1.129'
	option target 'SNAT'
	option device 'pppoe-wan'

config rule
	option target 'ACCEPT'
	list proto 'udp'
	option name 'cod2'
	option dest 'lan'
	option device 'br-lan'
	list dest_ip '192.168.1.129'
	option src 'wan'
	option direction 'out'

psherman · February 23, 2020, 4:23pm

config redirect
	option src_dport '3074'
	option dest_ip '192.168.1.129'
	option src 'wan'
	option name 'cod'
	option target 'DNAT'
	option dest_port '3074'
	option dest 'lan'
	option reflection '0'

This should do what you need... if you're testing from within your network, you'll want reflection set to '1'.

It appears you still have upnp installed/enabled -- if you are trying to get away from upnp, you should start by disabling/uninstalling/removing miniupnpd components, and then test from there. Your test results could be confusing if you have upnp running at the same time as attempting to setup the port forwards.

Meanwhile, I'm not really sure what you are trying to achieve in the section below... If you're looking for normal port forwarding, the redirect statement (referenced at the top of this response) should be all you need. These will only confuse the issue, so you should remove them (unless there is a specific reason you want/need them there).

As an aside, I'm not certain if the "!192.168.1.129" syntax will work there -- never tried it. If it is something you need, hopefully someone else can chime in about the validity of trying to use a "!" ('not') in UCI and the firewall.

config nat
	option src 'lan'
	option snat_ip 'x.x.x.x'
	option src_ip '!192.168.1.129'
	option target 'SNAT'
	option device 'pppoe-wan'

config rule
	option target 'ACCEPT'
	list proto 'udp'
	option name 'cod2'
	option dest 'lan'
	option device 'br-lan'
	list dest_ip '192.168.1.129'
	option src 'wan'
	option direction 'out'

isslam · February 23, 2020, 4:57pm

i have 2 wan ip the !192.168.1.129 works, i still getting from canyouseeme.org error
I could not see your service reason connection refused after i put reflection to 1 and disable miniupnpd
and netstat -tulpn | grep LISTEN not showing port 3074

psherman · February 23, 2020, 5:58pm

You have 2 WANs? How is everything connected? Are there any other routers in your network? Do you have true public IP addresses on the WAN(s) of your OpenWrt router? Can you draw a diagram of your network topology including address schemes?

How are you testing this? Are you testing from within your network or from outside (i.e. cellular or another location)? Port scanning websites can be hit-or-miss, so you might try with a port scanning tool (there are some really useful apps available for iOS and Android phones). Also, are you absolutely certain that the service is up and running and ready to accept connections? You can verify this by using the same port scanning utility while on your network -- scanning 192.168.1.129 will tell you if that port is actually open and listening. Please verify this.

isslam · February 24, 2020, 4:37am

i tested within my network and from outside using www.whatismyip.com/port-scanner/

my network:

                internet
                   	I
                    I
                    I 
                  zte (adsl bridge)
                   I
                   I  
                  pc openwrt virtualbox (pppoe-wan)                   
                    I                I
                    I                I
                    I                I
                   wan ip1         wan ip2
                      I           I        I      
                      I           I        I
                      I           I        I 
    (192.168.1.129)   PS4        pc        dlink router (192.168.1.165)
                          (192.168.1.175)

wan ip1 is the primary ip that is assigned to pppoe
wan ip2 is subscribed static ip

i used port scanner app and scan 192.168.1.129, the result was 2 ports are open which is 9295 and 41800

i have question, does port must be open while gaming ?

psherman · February 24, 2020, 5:14am

You're asking about port 3074 which is not open on that device at the time of your scan. Therefore, it would not be listed as open on an external port scan either. You would likely need to be in a game for it to be open (or maybe it isn't necessary if it isn't being opened by the game).

isslam · February 24, 2020, 7:53am

i was in the game when i scanned the ports also i checked with tcpdump , so there is no way to manually open it ?

and opening port happened only when I'm hosting a server not connecting to the server ?

lleachii · February 24, 2020, 2:57pm

You can only test CoD with the game. This is my rule, and it works on CoD.

config redirect                                          
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'              
        option name 'PlayStation_CoD'
        option src_dport '3074'
        option dest_port '3074'
        option dest_ip '192.168.x.xxx'
        option reflection '0'                            
        option proto 'udp'

psherman · February 24, 2020, 2:58pm

Exactly. It is used when you need to allow a remote user to initiate a connection.

system · March 5, 2020, 3:05pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.