i want to open this port , i
also checked with netstat -tulpn | grep LISTEN i can't find except ports 53,22, 5000 for upnp, 80 and my wan ip uses 53 only
also i did port scan from outside while i playing call of duty with canyouseeme.org it shows
**Error:** I could **not** see your service on **x.x.x.x** on port ( **3074** )
Reason:<small> Connection refused</small>
Generally speaking, if you're doing this with the LuCI web interface, just go to Network > Firewall > Port Forwards and click the Add button to configure your new port forward. Alternatively, you can ssh into the router and issue UCI or directly edit the firewall file.
Keep in mind that a port scanner will not see a specific port as open unless it is both configured in the router's firewall AND the appropriate device + service (game) is running and listening for the inbound connection.
Also know that opening ports is not always necessary unless you are expecting users/devices on the internet to initiate the connection to your device/service/game. So open ports only if you need to in order to get the service to work and are specifically instructed to by the game/service (or the corresponding support information from the game/device/service developer).
If you post the contents of your firewall file, we can see if things are already configured and/or if there are any errors (/etc/config/network).
This should do what you need... if you're testing from within your network, you'll want reflection set to '1'.
It appears you still have upnp installed/enabled -- if you are trying to get away from upnp, you should start by disabling/uninstalling/removing miniupnpd components, and then test from there. Your test results could be confusing if you have upnp running at the same time as attempting to setup the port forwards.
Meanwhile, I'm not really sure what you are trying to achieve in the section below... If you're looking for normal port forwarding, the redirect statement (referenced at the top of this response) should be all you need. These will only confuse the issue, so you should remove them (unless there is a specific reason you want/need them there).
As an aside, I'm not certain if the "!192.168.1.129" syntax will work there -- never tried it. If it is something you need, hopefully someone else can chime in about the validity of trying to use a "!" ('not') in UCI and the firewall.
config nat
option src 'lan'
option snat_ip 'x.x.x.x'
option src_ip '!192.168.1.129'
option target 'SNAT'
option device 'pppoe-wan'
config rule
option target 'ACCEPT'
list proto 'udp'
option name 'cod2'
option dest 'lan'
option device 'br-lan'
list dest_ip '192.168.1.129'
option src 'wan'
option direction 'out'
i have 2 wan ip the !192.168.1.129 works, i still getting from canyouseeme.org error
I could not see your service reason connection refused after i put reflection to 1 and disable miniupnpd
and netstat -tulpn | grep LISTEN not showing port 3074
You have 2 WANs? How is everything connected? Are there any other routers in your network? Do you have true public IP addresses on the WAN(s) of your OpenWrt router? Can you draw a diagram of your network topology including address schemes?
How are you testing this? Are you testing from within your network or from outside (i.e. cellular or another location)? Port scanning websites can be hit-or-miss, so you might try with a port scanning tool (there are some really useful apps available for iOS and Android phones). Also, are you absolutely certain that the service is up and running and ready to accept connections? You can verify this by using the same port scanning utility while on your network -- scanning 192.168.1.129 will tell you if that port is actually open and listening. Please verify this.
internet
I
I
I
zte (adsl bridge)
I
I
pc openwrt virtualbox (pppoe-wan)
I I
I I
I I
wan ip1 wan ip2
I I I
I I I
I I I
(192.168.1.129) PS4 pc dlink router (192.168.1.165)
(192.168.1.175)
wan ip1 is the primary ip that is assigned to pppoe
wan ip2 is subscribed static ip
i used port scanner app and scan 192.168.1.129, the result was 2 ports are open which is 9295 and 41800
i have question, does port must be open while gaming ?
You're asking about port 3074 which is not open on that device at the time of your scan. Therefore, it would not be listed as open on an external port scan either. You would likely need to be in a game for it to be open (or maybe it isn't necessary if it isn't being opened by the game).