By default, GRC scans the first 1024 ports. If you want to scan a higher port number, you need to specify the port manually.
As for pentest-tools, my apologies. I'd forgotten that the custom port number probe requires an account; it's not part of the free scan. Sorry about that.
Hmm. That's pretty conclusive.
By any chance, is there another router/firewall in the way? Maybe one which you don't have control over?
Does the IP address shown by ifconfig.co match the IP address shown on OpenWRT's status page?
Please check the firewall of host 192.168.1.240. If there is a firewall rule rejecting/dropping incoming traffic outside the lan, the port scanner should not show port 8096 as open.
The laptop that I'm hosting the server on had already installed UFW but I have allowed port 8096/tcp on it. Do I need to make some other changes as well?
There are no hits, nothing reached the firewall. Check your internet provider that they don't block something.
OpenWRT has an optional tcpdump package which may help here.
If you set tcpdump to listen to the WAN interface on port 8096, it should produce some output if you do another external port scan.
If it does, then you know the incoming traffic is reaching your router, and you can then direct your troubleshooting at your router and your internal network.
If it doesn't, then you know that the incoming traffic isn't reaching your router. Depending on the reason why not, it may be something you can correct, or it may be out of your control.
I have installed tcpdump, how to set it to listen to port 8096?
Identify which interface is your WAN interface. On my test installation here it's eth1 - yours may be different.
Then issue the command tcpdump -ni <interface> port 8096
Replace <interface> with the name of your WAN interface. For example, on mine it would be tcpdump -ni eth1 port 8096.
I ran this command, and tried connecting to my public IP with port 8096 in Jellyfin app from my phone over LTE, and it did not throw any output.
In which case, I can only refer you back to this post: How to port forward to my Jellyfin server? - #10 by iplaywithtoys
Also this post: How to port forward to my Jellyfin server? - #13 by trendy
If nothing's hitting your WAN interface, then there's a good chance that something else might be blocking the incoming traffic.
Do you have a public IP address on your WAN interface?
How to check that?
To preserve your privacy, shw us the first two octets of your WAN address.
Look at the status page which is shown when you first sign into the router. There's a section called "Network". Inside that section there's an entry called "IPv4 Upstream". Here's a (redacted) screenshot of what mine looks like.
I'm not sure what I can show, but here is what is looks like on my side,
Which field am I looking for here?
You're looking for the Address and Gateway fields... without the complete redaction.
Do you have a private IP address or a public IP address shown there? Does it match what you can see from any of the myriad "what is my IP address" websites out there?
The address field starts from 10. and Gateway 45. and according to www.whatismyip.com the IP address matches the gateway, except the digits after the last . on the the website it has a number bigger than 100, but on router page it is just .1
Also the gateway field changes its not static.
That's a private IP address, not a public one. That means that there's another router upstream of yours, and it's possible you might not be able to configure it. Who's your ISP? Does your ISP use "carrier-grade NAT"?
There is a modem connect to my router, that is connect to some fiber optics coming from ISP.
I'm not sure what "Carrier-grade NAT" is..
