I am stuck configuring port forwarding

Hi,

I am pulling my hairs out on this one.. I am trying to open port 28967 from the modem towards my Linux file server. Please see my network diagram below. I tried including all that might be relevant.

I can do telnet 192.168.2.114 28967 from my Windows laptop and it gives me a blank screen immediately, which indicates to me that the firewall on my Linux fs is OK.

Next I want to configure my router 192.168.2.1 to forward port 28967 to 192.168.2.114. Please see the configuration below. I am stuck here. Currently I am forwarding from lan to lan to make it easy for me to test it from the couch. Later, when this works, I will be forwarding wan to lan. Now, when I telnet 192.168.2.1 28967 I get a connection time out and this is where I'm struggling to find out why.

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'ssh'
        option src_dport '28967'
        option dest_port '28967'
        option dest_ip '192.168.2.114'
        option src 'lan'`

You need firewall rule not redirect, it is next tab where you have ton of dhcp rules preset.

I changed it to the following, still no luck:

telnet 192.168.2.114 28967 works, telnet 192.168.2.1 28967 does not.

config rule
        option name 'storj'
        option src 'lan'
        option src_port '28967'
        option dest 'lan'
        list dest_ip '192.168.2.114'
        option dest_port '28967'
        option target 'ACCEPT'

By the way: my zones and forwarding are set like this:

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

Because this requires an additional SNAT rule.

Better make the DNAT rule as it should be - src 'wan' => dest 'lan'.

This will automatically create the necessary reflection rules.

Then from 192.168.2.109 initiate a connection to the router's wan address (192.168.178.108:28967) and you should be redirected to 192.168.2.114.