Hello dear friends,
I'm kinda new to networking so I need your help. I have some services running on my openWRT (like upd2raw and stunnel on specific ports) but so far I was not able access those services from my lan devices. can you guys please tell how should I fix the issue? maybe I should open that ports in firewall somehow?
I can use these services with online ubuntu servers but I need them in my openWRT router.
Normally the firewall allows full access from your lan to services on yours openwrt device. How were you trying to access them?
Please copy the output of the following commands and post it here using the "Preformatted text </>
" button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
cat /etc/config/network
cat /etc/config/firewall
2 Likes
I'm trying to access them with by "routerIPaddress :portThatServiceIsRunningOn " like this "192.168.50.1:4030"
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd04:18b2:2d72::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
option mtu '1500'
option mtu6 '1500'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.50.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
option peerdns '0'
list dns '1.1.1.1'
list dns '1.0.0.1'
option metric '20'
option hostname '####'
config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 0t'
config interface 'OpenVPN'
option proto 'none'
option device 'tun0'
config interface 'wg0'
option proto 'wireguard'
option private_key '####'
list addresses '10.66.66.2/32'
list addresses 'fd42:42:42::2/128'
option auto '0'
option metric '30'
option mtu '1280'
config wireguard_wg0
option description '####'
option public_key '####'
option private_key '####'
option preshared_key '#####'
list allowed_ips '####'
list allowed_ips '####'
option route_allowed_ips '1'
option endpoint_host '####'
option endpoint_port '####'
config device
option name 'eth0.2'
option type '8021q'
option ifname 'eth0'
option vid '2'
option mtu '1500'
config device
option name 'eth0'
config device
option name 'eth0.1'
option type '8021q'
option ifname 'eth0'
option vid '1'
config device
option name 'wg0'
option mtu '1280'
option acceptlocal '1'
option ipv6 '1'
option multicast '0'
option promisc '1'
option ip6segmentrouting '0'
config device
option name 'wlan0'
option mtu '1500'
/etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
list network 'OpenVPN'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option name 'wg0'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'wg0'
option masq '1'
config forwarding
option src 'lan'
option dest 'wg0'
config include 'pbr'
option fw4_compatible '1'
option type 'script'
option path '/usr/share/pbr/pbr.firewall.include'
This indicates that there is no restriction on the lan (input = accept).
Are you sure the service is running? What is the output of the following:
netstat -plnt
4 Likes
trendy
April 27, 2023, 3:14pm
5
psherman:
-plnt
If they are udp sockets they won't show up. Better use -pln
5 Likes
my service is not in netstat -pln output. there must be an issue with my services, am I correct? I have to investigate whats wrong with those services.
Thank you so much for helping guys
Check the logs to see if your service is starting properly (or at all), or if it is hitting errors.
efahl
April 27, 2023, 5:46pm
8
Here are some things to try, where blah
is the service name or some part of it:
$ service
... list of services and their status ...
$ logread -e blah
$ dmesg | grep -i blah
... both of these might show any error messages ...
3 Likes
system
Closed
May 7, 2023, 5:46pm
9
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.