Hello..
How can i do one to one Nat via Luci ?
My network is .....modem-router in bridge mode-----> Openwrt makes pppoe connection----->192.168.1.200 ip which i want to be in One to One Nat.
And what rules i must put in firewall--->custom rules?
pppoe connection has dynamic ip from my ISP.
I try in port forward ...
Incoming IPv4
from WAN
to this device
port 1-65535
forward to 192.168.1.200
but it doesn't work.
Post here the output of uci export firewall with the rule you have tried.
Please use the "Preformatted text </>" button for logs, scripts, configs and general console output.
root@OpenWrt:~# uci export firewall
package firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config redirect
option src 'wan'
option name '30000-45000'
option src_dport '30000-45000'
option target 'DNAT'
option dest_ip '192.168.1.100'
option dest 'lan'
list proto 'udp'
config redirect
option src 'wan'
option name '3074'
option src_dport '3074'
option target 'DNAT'
option dest_ip '192.168.1.100'
option dest 'lan'
config redirect
option src 'wan'
option name '3478-3480'
option src_dport '3478-3480'
option target 'DNAT'
option dest_ip '192.168.1.100'
option dest 'lan'
config redirect
option src 'wan'
option name '1935'
option src_dport '1935'
option target 'DNAT'
option dest_ip '192.168.1.100'
option dest 'lan'
list proto 'tcp'
config redirect
option src 'wan'
option name '10070-10080'
option src_dport '10070-10080'
option target 'DNAT'
option dest_ip '192.168.1.100'
option dest 'lan'
config redirect
option src 'wan'
option name '3658'
option src_dport '3658'
option target 'DNAT'
option dest_ip '192.168.1.100'
option dest 'lan'
config redirect
option src 'wan'
option name '465'
option src_dport '465'
option target 'DNAT'
option dest_ip '192.168.1.100'
option dest 'lan'
config redirect
option src 'wan'
option name '983'
option src_dport '983'
option target 'DNAT'
option dest_ip '192.168.1.100'
option dest 'lan'
config redirect
option src 'wan'
option name '5223'
option src_dport '5223'
option target 'DNAT'
option dest_ip '192.168.1.100'
option dest 'lan'
root@OpenWrt:~#
There is no port forward to .1.200
Something like this will do.
config redirect
option reflection '0'
option src 'wan'
option name 'test'
option src_dport '1-65535'
option target 'DNAT'
option dest_ip '192.168..1.200'
option dest 'lan'
list proto 'tcp'
list proto 'udp'
list proto 'icmp'My mistake..sorry i mean 192.168.1.100
I already try this and it doesn't work.
How i do this via luci?
What didn't work?
Aren't there hits on the firewall rule?
iptables-save -c | grep 192.168.1.100
Untick the 'Enable NAT loopback' in the advanced settings of the port forward.
Give me one minute i will test it now.
It says nat type 2 so it doesn't work.
root@OpenWrt:~# iptables-save -c | grep 192.168.1.100
[31:1429] -A zone_wan_prerouting -p tcp -m tcp --dport 1:65535 -m comment --comment "!fw3: nat" -j DNAT --to-destination 192.168.1.100:1-65535
[4:822] -A zone_wan_prerouting -p udp -m udp --dport 1:65535 -m comment --comment "!fw3: nat" -j DNAT --to-destination 192.168.1.100:1-65535
root@OpenWrt:~#
You can only get nat type 1 if you connect the Playstation directly on the internet, without a router in between, and it gets a public IP address.
Other than that type 2 nat works fine for all the games.
ok....other routers can do this from their settings...openwrt cannot.
Do what exactly?
Make ps4 as nat type 1.
If you have multiple public IPs from your provider you can assign it to the ps4 and have type 1.
They do ti with one IP....many called it DMZ.
You have already done DMZ by forwarding all ports to the ps4.
Not true DMZ.Openwrt isn't for gamers.
If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.