How to open UDP ports 500, 4500 & 123?

Completely new to networking and openWRT so I’d appreciate the help. I have an LTE router running the latest version of openWRT and I need to open UDP ports 4500, 500 and 123. How can i do this?

Would putting the router in DMZ mode also do this? If so, how do I put it on DMZ mode?

Start by making sure you're not CGNATed.

1 Like

Ain’t port 123 the NTP port if I remember right?
Why do you want to open that?

Not entirely sure on your question.
The purpose, I have a Cellspot, basically a mani antenna that’s supposed to improve my phones signal strength. It used to work fine but after updating to the latest openWRT- it stopped working. The manual gave a specific error stating I must open those UDP ports for it to work. Unsure how to go about that as I have no idea what that even means. I believe it’s under the firewall settings though


No worries about being new to networking. :wink: I've been using OpenWRT on my own router for about 1-year now and I still feel a bit new myself - I'm always learning something new!

Anyway, to answer your question about opening certain UDP ports, configuring the LTE router ports can be done via CLI (e.g., SSH terminal) or by editing the respective firewall configuration file
/etc/config/firewall. Either way, you might find some solutions HERE.

Before I provide further details on modifying ports, would you mind clarifying the following?

[Yes/No] UDP 4500 = NAT Traversal
Are you experiencing problems with NAT? I believe the firewall rules have that configured by default.

{Yes/No} UDP 500 = Internet Key Exchange (IKE)
Are you connecting the LTE router via VPN between endpoints? If not, this may not be a required function to configure.

Ex. [ROUTER-A] < - - - - VPN - - - - > [ROUTER-B]

[Yes/No] UDP 123 = Network Time Protocol (NTP)
Most routers that is support OpenWRT don't typically have a built in hardware clock, although running an ntp-client per say is doable. That being said, I'll just provide you with the link to the OpenWRT NTP Settings HERE.

As for the DMZ, unless you are operating a website from within your internal network (e.g., LAN) that is properly segregated (protected) from your internal network - then it would NOT be advisable. Granted, in the interest of testing, you could temporarily configure the LTE router to operate through the DMZ for a quick test to see if network connectivity improves or not. Definitely, a workable solution that may help validate blocked network traffic. NOTE: Just be sure to remove the LTE router from the DMZ immediately afterwards, otherwise, you might find yourself dealing with another problem - potential intruders (e.g., hackers)

I know this may not be all the info you might have been looking for but its a start, but feel free to post a response to the above questions and either I or someone else should respond.

~ Chad