Opening ports over 4G USB interface

james88 · December 8, 2023, 5:40pm

Hello,

I have been struggling for hours. Using a WE826-T2 router with a USB 4G interface inside. Internet connection works and DDNS also. (My ISP gives me a routable IP (not CGNAS)).

I want to open a few ports to the internet so I can reach a server on the local network. Under port forwarding I have added a rule that matches any tcp/udp from any host in WAN via any route IO at port 8888 to forward to the specific IP address of the server on LAN.

This does not seem to be enough.
do I have to modify stuff under the firewall -> general settings -> Zones or set traffic rules?
what about the bridging between the interfaces?

AndrewZ · December 8, 2023, 5:43pm

Please show a proof from your device, feel free to partially hide the end of the address for privacy.
Currently your screenshot shows only private IP's.

james88 · December 8, 2023, 5:51pm

the output log from ddns

AndrewZ · December 8, 2023, 5:53pm

"Local IP bla-bla-bla detected on web", not on your device.

mk24 · December 8, 2023, 5:53pm

Start with something real simple like opening (not forwarding) port 22 TCP on wan, which is the internal SSH server (make sure you have a secure password configured, because it will get probed).

IPs that start with 100 are from a block set aside for CGNAT. It is extremely rare to have an IPv4 cellular connection that is not CGNAT.

The IP reported by "whats my IP" sites must match the IP that the router holds on its WAN interface.

Also even if the ISP is not NATing your connection, they can and often do block incoming connections, especially to well-known ports like 80 and 443 to discourage you from running a web server.

james88 · December 8, 2023, 5:55pm

yes it is very rare. But I had bugged my ISP for weeks about it and eventually they gave me a new APN address and did some stuff on their end and made gave me a different kind of IP. This all works on my little router that came with the SIM card (before it broke)

james88 · December 8, 2023, 5:56pm

ok yes I see. should I see the public address in the interfaces?

AndrewZ · December 8, 2023, 5:57pm

Correct. Before that there is no point in configuring a firewall.
Check with AT+CGDCONT? - do you see the correct APN there?
If yes, do you see a public IP in AT+CGPADDR response?
BTW, what modem is it?

james88 · December 8, 2023, 6:04pm

its a Quectel EC200T
echo AT+CGPADDR? or echo AT in the web CMD gives me no response. am i doing it wrong?

james88 · December 8, 2023, 6:05pm

AndrewZ · December 8, 2023, 6:09pm

Yes, wrong. Install picocom kmod-usb-serial-option
Then connect to the modem with picocom /dev/ttyUSB1 and send the AT commands.

Here you can see what needs to be configured for this modem: Quectel EC200T-CN LTE module not working in OpenWrt - #18 by AndrewZ

Check the current mode with AT+QCFG="usbnet", if you will see "3" there, change the mode with AT+QCFG="usbnet",1
Finally, send AT+QCFG="nat",1 followed by AT^RESET

Please do not use pictures to show text.

james88 · December 8, 2023, 6:30pm

picocom /dev/ttyUSB1

picocom v1.7

FATAL: failed to add I/O device: Filedes is not a tty

port is        : /dev/ttyUSB1
flowcontrol    : none
baudrate is    : 9600
parity is      : none
databits are   : 8
escape is      : C-a
local echo is  : no
noinit is      : no
noreset is     : no
nolock is      : no
send_cmd is    : sz -vv
receive_cmd is : rz -vv
imap is        : 
omap is        : 
emap is        : crcrlf,delbs,

AndrewZ · December 8, 2023, 6:31pm

Please show the output of cat /sys/kernel/debug/usb/devices

james88 · December 8, 2023, 6:32pm

T:  Bus=02 Lev=00 Prnt=00 Port=00 Cnt=00 Dev#=  1 Spd=12   MxCh= 1
B:  Alloc=  0/900 us ( 0%), #Int=  0, #Iso=  0
D:  Ver= 1.10 Cls=09(hub  ) Sub=00 Prot=00 MxPS=64 #Cfgs=  1
P:  Vendor=1d6b ProdID=0001 Rev= 4.04
S:  Manufacturer=Linux 4.4.61 ohci_hcd
S:  Product=Generic Platform OHCI controller
S:  SerialNumber=101c1000.ohci
C:* #Ifs= 1 Cfg#= 1 Atr=e0 MxPwr=  0mA
I:* If#= 0 Alt= 0 #EPs= 1 Cls=09(hub  ) Sub=00 Prot=00 Driver=hub
E:  Ad=81(I) Atr=03(Int.) MxPS=   2 Ivl=255ms

T:  Bus=01 Lev=00 Prnt=00 Port=00 Cnt=00 Dev#=  1 Spd=480  MxCh= 1
B:  Alloc=  0/800 us ( 0%), #Int=  2, #Iso=  0
D:  Ver= 2.00 Cls=09(hub  ) Sub=00 Prot=00 MxPS=64 #Cfgs=  1
P:  Vendor=1d6b ProdID=0002 Rev= 4.04
S:  Manufacturer=Linux 4.4.61 ehci_hcd
S:  Product=EHCI Host Controller
S:  SerialNumber=101c0000.ehci
C:* #Ifs= 1 Cfg#= 1 Atr=e0 MxPwr=  0mA
I:* If#= 0 Alt= 0 #EPs= 1 Cls=09(hub  ) Sub=00 Prot=00 Driver=hub
E:  Ad=81(I) Atr=03(Int.) MxPS=   4 Ivl=256ms

T:  Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=  2 Spd=480  MxCh= 4
D:  Ver= 2.00 Cls=09(hub  ) Sub=00 Prot=01 MxPS=64 #Cfgs=  1
P:  Vendor=05e3 ProdID=0608 Rev=85.38
S:  Product=USB2.0 Hub
C:* #Ifs= 1 Cfg#= 1 Atr=e0 MxPwr=100mA
I:* If#= 0 Alt= 0 #EPs= 1 Cls=09(hub  ) Sub=00 Prot=00 Driver=hub
E:  Ad=81(I) Atr=03(Int.) MxPS=   1 Ivl=256ms

T:  Bus=01 Lev=02 Prnt=02 Port=02 Cnt=01 Dev#=  3 Spd=480  MxCh= 0
D:  Ver= 2.00 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs=  1
P:  Vendor=2c7c ProdID=6026 Rev= 3.18
S:  Manufacturer=Android
S:  Product=Android
S:  SerialNumber=0000
C:* #Ifs= 5 Cfg#= 1 Atr=e0 MxPwr=500mA
A:  FirstIf#= 0 IfCount= 2 Cls=e0(wlcon) Sub=01 Prot=03
I:* If#= 0 Alt= 0 #EPs= 1 Cls=e0(wlcon) Sub=01 Prot=03 Driver=rndis_host
E:  Ad=85(I) Atr=03(Int.) MxPS=  64 Ivl=4096ms
I:* If#= 1 Alt= 0 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=rndis_host
E:  Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E:  Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E:  Ad=8c(I) Atr=03(Int.) MxPS=  64 Ivl=4096ms
E:  Ad=89(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=08(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E:  Ad=8a(I) Atr=03(Int.) MxPS=  64 Ivl=4096ms
E:  Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E:  Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms

AndrewZ · December 8, 2023, 6:35pm

Right, it is in the wrong mode (RNDIS) but the tty assignments should be the same. Try /dev/ttyUSB2 instead.
As a sanity check - ls /dev/ttyUSB* should show you only 3 ports.

james88 · December 8, 2023, 6:38pm

same response for ttyUSB0,1 and 2

AndrewZ · December 8, 2023, 6:40pm

Are you running the latest official version of OpenWrt ?

james88 · December 8, 2023, 6:42pm

Powered by LuCI Master (git-20.335.23838-231436e) / LEDE Reboot SNAPSHOT 17.01 22.0714_113204

Kernel Version
4.4.61

does this tell you enough?

this is the latest version the supplier sent me this morning.

james88 · December 8, 2023, 6:44pm

If I flash any other version I will have to configure all the modem stuff myself and that seems a bit daunting.

AndrewZ · December 8, 2023, 6:45pm

You're not running the latest official version of OpenWrt.
You'll need to upgrade if you expect to get any help here.