Is it possible to open a port for specific LAN port?

One of my server is behind my router and needs a port open for SSH.

Following wiki page " IPv6 firewall examples" I came up with the rule below

config rule
        option src 'wan'
        option proto 'tcp'
        option dest 'lan'
        option dest_port '30000'
        option family 'ipv6'
        option target 'ACCEPT'

With "dest 'lan'" now every LAN device has port 30000 open to Internet, not just my server.

I know the ideal case is I also setup firewall on every computer on LAN, and only allow port 30000 on server. (Which I will do)

But I wonder if it's possible to limit this rule to my server somehow? (e.g. only lan port 2)

I've tried dest 'lan2' and dest 'lan2@eth0' but these didn't work, and IPv6 address probably changes every few days so I don't think dest_ip would work.

My router (Linksys E8450) currectly runs OpenWrt 22.03.1 r19777-2853b6d652 / LuCI openwrt-22.03 branch git-23.069.50944-cd8bea9, I set it up yesterday so it should be up to date.

Port forwarding to a dynamic IPv6 address - #2 by vgaetera

2 Likes

Thanks, after messing around I was able to get it to work.

tip for people: duid is shown on OpenWrt router's home page, under "Active DHCPv6 Leases"

rant: Don't blindly trust online port open checker services and public IP address api, first few Google search results are broken even though they says they support IPv6.

3 Likes

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.