I cant port foward my archer C7 to run a dedicated game server

Hello forum , i am having a hard time to simply port foward 3 sets of ports for my Project Zomboid dedicated server . https://pzwiki.net/wiki/Dedicated_Server

I will try to be as complete as i can.

First of all my Modem is : Hitron CDA-RES

My router is : Archer c7 v.4 heres the full version on the login page:

Powered by LuCI openwrt-19.07 branch (git-21.044.30835-34e0d65) / ArgonTheme v2.2.5 / OpenWrt 19.07.7 r11306-c4a6851c72

im simply trying to open the following ports:

UDP: 16261,8766-8767
TCP :16262-16278

Here is the issue. i can connect myself on my server using my local ip adress (the server is hosted on my pc) but friends cant join me.

All the ports i have tried to open is returning closed anytime i do a check on this website

i have been looking around the web and forums today to see what i did wrong, and mind you its not the first time i port foward in my life and i cant find the reason why its blocking me .

i called my ISP and they said that they are not blocking any ports on their end . he told me that i have a dynamic ip adress and if i wanted a stactic one i needed to pay a service like private internet acess since they dont offer it for their consumers only for their business customers.

I dont think me having a dynamic ip is the reason why i cant port foward. ( What do i know anyway) since i have done it prior with the same isp network but not the same subcontractor. ( im with Allo Telecom. they are on the videotron network. I live in quebec / Canada.

i dont know what to do at this point. im starting to suspectr the Luci webinterface giving me trouble.

Anyway i learned how to ssh before posting here and here is my configs for my router.

cat /etc/config/network
cat /etc/config/firewall

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd0b:53f1:96ba::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option ifname 'eth0.2'
        option proto 'dhcp'

config device 'wan_eth0_2_dev'
        option name 'eth0.2'
        option macaddr 'MAC ADRESS1'

config interface 'wan6'
        option ifname 'eth0.2'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '2 3 4 5 0t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '1 0t'

root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option family 'ipv4'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option output 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        option input 'ACCEPT'
        option forward 'ACCEPT'
        option family 'ipv4'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config redirect
        option dest_port '16261'
        option name 'projectzomboid 2'
        option src_dport '16261'
        option target 'DNAT'
        option dest 'lan'
        option src 'wan'
        list proto 'udp'
        option dest_ip 'public ip here'

config redirect
        option name 'project zomboid'
        option target 'DNAT'
        option dest 'lan'
        option src 'wan'
        list proto 'udp'
        option dest_ip 'public ip here'
        option dest_port '8766-8767'
        option src_dport '8766-8767'

config redirect
        option src 'wan'
        option name 'pz4'
        option src_dport '16262-16272'
        option target 'DNAT'
        option dest_ip 'public ip here'
        option dest 'lan'
        list proto 'tcp'
        option dest_port '16262-16278'

This is where you may be going wrong. The dest_ip field is for the internal address of the host that runs the service. So it will be 192.168.1.x (where x is the IP address of that system). This will be true for all of your redirect (port forward) rules.

The other thing to check is that you have a true public IP on your OpenWrt WAN interface. You can look at the "IPv4 upstream" section of the status page and then compare it against the result when you google "what's my IP" -- if they match, you're good. If they don't, please post the first to octets of the address you see on your IPv4 upstream (aaa.bbb.ccc.ddd -- just what is in bold).

Blockquote This is where you may be going wrong. The dest_ip field is for the internal address of the host that runs the service. So it will be 192.168.1.x (where x is the IP address of that system). This will be true for all of your redirect (port forward) rules.

Thanks for the info , i changed all the adress for the internal one instead. the website still tell me that the ports are still closed.

Blockquote The other thing to check is that you have a true public IP on your OpenWrt WAN interface. You can look at the "IPv4 upstream" section of the status page and then compare it against the result when you google "what's my IP" -- if they match, you're good. If they don't, please post the first to octets of the address you see on your IPv4 upstream (aaa.bbb.ccc.ddd -- just what is in bold).

the adress matches but it has a /28 at the end. but the gateway has a different aaa.bbb.ccc.ddd

so i dont know if it matches so here is the first two octets

162.217.xxx.xxx

This is a public IP, so you're good there.

You must have the game or service running and ready/listening for connections. And some services don't respond to port scans, so port scan websites are not always accurate.

Feel free to post the updated /etc/config/firewall file. And double check that the IP address of the host that is running the service is the one that is entered into the port forward rules.

Here are the logs. is there a better way to test ports?

root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option family 'ipv4'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option output 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        option input 'ACCEPT'
        option forward 'ACCEPT'
        option family 'ipv4'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config redirect
        option dest_port '16261'
        option name 'projectzomboid 2'
        option src_dport '16261'
        option target 'DNAT'
        option dest 'lan'
        option src 'wan'
        list proto 'udp'
        option dest_ip '192.168.1.x'

config redirect
        option name 'project zomboid'
        option target 'DNAT'
        option dest 'lan'
        option src 'wan'
        list proto 'udp'
        option dest_port '8766-8767'
        option src_dport '8766-8767'
        option dest_ip '192.168.1.x'

config redirect
        option src 'wan'
        option name 'pz4'
        option src_dport '16262-16272'
        option target 'DNAT'
        option dest 'lan'
        list proto 'tcp'
        option dest_port '16262-16278'
        option dest_ip '192.168.1.x'

Did you put that "x" into the configuration itself, or did you just redact it for the purposes of posting here?

its indeed redacted

Ok... there is no need to redact RFC1918 IP addresses -- they do not actually reveal anything personal/private.

Was the game running and ready to accept connections when you ran the port scan test?
Sometimes the best way to test is simply to have your friends try to connect.

ah lol i didnt even think about it .

unfortunately they are not availlable atm . so i think ill have to wait.

even after a router reboot and a pc reboot the websites still says its closed btw.

Just noticing... these should be REJECT
Currently, your router itself is accepting connections from the internet -- this is very dangerous.
Please fix this immediately.

You can also remove these from the lan and wan zones.

Fix those issues and then try again. It may improve the situation with the port forwards (but at the very least, will improve your security).

It worked! Thank you.

i fixed the option input and foward.

i cant find the option family . where is it?

and i know i changed thoses settings when i was trying to find out the problem. is this the correct settings?

image2268×308 14.1 KB

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.