I can't port forward

yes i use PPPoE

Ifstatus dont find anything when i search it up

Warning: Unable to locate ipset utility, disabling ipset support
Warning: Section @zone[1] (wan) cannot resolve device of network 'wan6'
Warning: Section @zone[1] (wan) cannot resolve device of network 'EtherIP'
 * Flushing IPv4 filter table
 * Flushing IPv4 nat table
 * Flushing IPv4 mangle table
 * Flushing IPv6 filter table
 * Flushing IPv6 mangle table
 * Flushing conntrack table ...
 * Populating IPv4 filter table
   * Zone 'lan'
   * Zone 'wan'
   * Rule 'Allow-DHCP-Renew'
   * Rule 'Allow-Ping'
   * Rule 'Allow-IGMP'
   * Rule 'Allow-IPSec-ESP'
   * Rule 'Allow-ISAKMP'
   * Redirect 'WEBadm'
   * Redirect 'SSH'
   * Forward 'lan' -> 'wan'
 * Populating IPv4 nat table
   * Zone 'lan'
   * Zone 'wan'
   * Redirect 'WEBadm'
   * Redirect 'SSH'
 * Populating IPv4 mangle table
   * Zone 'lan'
   * Zone 'wan'
 * Populating IPv6 filter table
   * Zone 'lan'
   * Zone 'wan'
   * Rule 'Allow-DHCPv6'
   * Rule 'Allow-MLD'
   * Rule 'Allow-ICMPv6-Input'
   * Rule 'Allow-ICMPv6-Forward'
   * Rule 'Allow-IPSec-ESP'
   * Rule 'Allow-ISAKMP'
   * Forward 'lan' -> 'wan'
 * Populating IPv6 mangle table
   * Zone 'lan'
   * Zone 'wan'
 * Set tcp_ecn to off
 * Set tcp_syncookies to on
 * Set tcp_window_scaling to on
 * Running script '/etc/firewall.user'
# Generated by iptables-save v1.4.21 on Sat Jun 22 08:15:31 2019
:INPUT ACCEPT [144:211931]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
[140:206011] -A PREROUTING -m comment --comment "!fw3: user chain for prerouting" -j prerouting_rule
[1:291] -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
[139:205720] -A PREROUTING -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_prerouting
[0:0] -A POSTROUTING -m comment --comment "!fw3: user chain for postrouting" -j postrouting_rule
[0:0] -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
[0:0] -A POSTROUTING -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_postrouting
[0:0] -A zone_lan_postrouting -m comment --comment "!fw3: user chain for postrouting" -j postrouting_lan_rule
[0:0] -A zone_lan_postrouting -s -d -p tcp -m tcp --dport 80 -m comment --comment "!fw3: WEBadm (reflection)" -j SNAT --to-source
[0:0] -A zone_lan_postrouting -s -d -p tcp -m tcp --dport 22 -m comment --comment "!fw3: SSH (reflection)" -j SNAT --to-source
[1:291] -A zone_lan_prerouting -m comment --comment "!fw3: user chain for prerouting" -j prerouting_lan_rule
[0:0] -A zone_lan_prerouting -s -d -p tcp -m tcp --dport 8080 -m comment --comment "!fw3: WEBadm (reflection)" -j DNAT --to-destination
[0:0] -A zone_lan_prerouting -s -d -p tcp -m tcp --dport 2222 -m comment --comment "!fw3: SSH (reflection)" -j DNAT --to-destination
[0:0] -A zone_wan_postrouting -m comment --comment "!fw3: user chain for postrouting" -j postrouting_wan_rule
[0:0] -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
[139:205720] -A zone_wan_prerouting -m comment --comment "!fw3: user chain for prerouting" -j prerouting_wan_rule
[0:0] -A zone_wan_prerouting -p tcp -m tcp --dport 8080 -m comment --comment "!fw3: WEBadm" -j DNAT --to-destination
[0:0] -A zone_wan_prerouting -p tcp -m tcp --dport 2222 -m comment --comment "!fw3: SSH" -j DNAT --to-destination
# Completed on Sat Jun 22 08:15:31 2019

Guys new update = if i restart the firewall port forwarding is working on - 80,8080 but when i add new port they get closed once again

Fix those two warnings. You probably deleted the interfaces, but they are still in the wan zone.

Other than that something is messing up your firewall and it is not running properly, like here.
With a proper restart the rules are applied.

Besides the fact that your firewall is not working right even if it were I don't understand what those rules you show in the first post are designed to do. A whole bunch of them make no sense.

1 Like

I don't know how to fix this warnings but someone said "Just ignore them"

Like the "A242" rule:

it says: "if the router itself connects to itself on its WAN using as its source IP then send it to itself on LAN on the same port."

So first off the first case will never happen, it will never connect on WAN to itself using its LAN IP address, second of all, if it somehow does do that then you're just connecting it to itself anyway...so there is no port forwarding going on there...

Which is why I say please describe what you're trying to accomplish and we can help you sort out those port forward rules. Otherwise even if you figure out what is going wrong in your firewall, you'll still never get anything meaningful out of those rules.


I just wrote it:

1 Like

and how do i add them back? what settings should i use

Do you need them? If not, go to the wan firewall zone and delete them.
If yes, go to the interfaces and add them with the same exact name.