Is it possible to open a port for specific LAN port?

One of my server is behind my router and needs a port open for SSH.

Following wiki page " IPv6 firewall examples" I came up with the rule below

config rule
        option src 'wan'
        option proto 'tcp'
        option dest 'lan'
        option dest_port '30000'
        option family 'ipv6'
        option target 'ACCEPT'

With "dest 'lan'" now every LAN device has port 30000 open to Internet, not just my server.

I know the ideal case is I also setup firewall on every computer on LAN, and only allow port 30000 on server. (Which I will do)

But I wonder if it's possible to limit this rule to my server somehow? (e.g. only lan port 2)

I've tried dest 'lan2' and dest 'lan2@eth0' but these didn't work, and IPv6 address probably changes every few days so I don't think dest_ip would work.

My router (Linksys E8450) currectly runs OpenWrt 22.03.1 r19777-2853b6d652 / LuCI openwrt-22.03 branch git-23.069.50944-cd8bea9, I set it up yesterday so it should be up to date.

Port forwarding to a dynamic IPv6 address - #2 by vgaetera


Thanks, after messing around I was able to get it to work.

tip for people: duid is shown on OpenWrt router's home page, under "Active DHCPv6 Leases"

rant: Don't blindly trust online port open checker services and public IP address api, first few Google search results are broken even though they says they support IPv6.


This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.