PC Router x64 - Can't port forward?

Hello everyone,

Just a little background. I'm familiar with basic networking, we use Verizon in my home, and have had a FiOS G1100 for the longest time. It had started to slow down, and we were having a lot of issues with the network lately.

I'm a big computer guy, and I had some old hardware in my closet doing nothing, so I took a crack at OpenWRT. In hopes for a stable network. (really just wanted an excuse to build a PC...)

Currently, OpenWRT x64 is installed on:

  • 60GB SSD
  • i7-6700K
  • Dual 4GB DDR4 2133MHz (8GB)
    (I know, its way overkill.)

It has been running for the past 2 weeks or so wonderfully. Every issue that I've had while using the G1100 is completely gone, the network is running faster than it ever has and the connection is very stable. So all happy with that...


This is where my issue begins. My family plays a lot of games, and I have a Server PC I use to host games servers with. Naturally I need to port forward to get these servers to host public.

I can setup a port forward on OpenWRT via web GUI (192.168.1.1) but every time I check the port, they keep saying "Connection Refused". I'm wondering if it is something basic that I missed, and you guys tell me to check a box and apply, or if perhaps its Verizon-end.

Weirdly enough, there are 2 ports that are opening properly, but even if I copy the settings exactly I can't get any other forward rules to stick. Just refuses connections...


(I doubt it matters but..) My network configuration is this:

Most of the OpenWRT Settings are default except:

  • I installed the SQM/QoS pkg for Bufferbloat.
    Which is interfacing on (eth1) on cake / piece_of_cake.qos | Link Layer : None

  • I enabled "Packet Steering" under "Global Networking Options"
    [Enable packet steering across all CPUs. May help or hinder network speed.]
    (4-core CPU with Hyperthreading, im not sure if this setting is beneficial, if someone could let me know that'd be awesome...)

  • IPv6 is disabled

Let me know if any other information is relevant. I thank you in advance! :slight_smile:

What is the IP address of eth1 ? Feel free to mask the last two octets.

Please show the output of uci export firewall, use forum formatting (</> icon).
No pictures please.

Is there a way I can access the CLI from another device? I don't know how I'm supposed to Copy/Paste the output for that command, since it isn't a VM. Worst case, I could manually type it if there is a method of scrolling up and down the CLI, is there?

Hi

yes, you need to access your router with SSH
suppose you using Windows, there is a free program, PUTTY which will let you SSH to 192.168.1.1 (this is your router IP address from LAN side)

2 Likes

Thank you.

I just actually got in using WinSCP to do the same thing as you responded! So nifty.

ssh client is also available on Windows 10/11 systems, you can run it from powershell.

1 Like
config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option synflood_protect '1'
	option forward 'REJECT'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	option output 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	option input 'REJECT'
	option forward 'REJECT'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option src 'wan'
	option dest_ip '192.168.1.102'
	option src_dport '32400'
	option dest_port '32400'
	option name 'PMS'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option src 'wan'
	option src_dport '27015-27036'
	option dest_port '27015-27036'
	option name 'Steam'


config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Minecraft Host'
	option src 'wan'
	option src_dport '25565-25575'
	option dest_ip '192.168.1.235'
	option dest_port '25565-25575'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option src 'wan'
	option src_dport '43594-53595'
	option dest_port '43594-53595'
	option name 'Runescape'


config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Neverwinter Nights'
	option src 'wan'
	option src_dport '5121'
	option dest_port '5121'
	option dest_ip '192.168.1.235'


Just for reference, the only port that worked was "PMS"

It has single port, not range.

Where is dest_ip?

1 Like

Its set to "Any"

dest_ip is obligatory!

1 Like

I have tried quite a few single port forwards, but only that 1 has worked. Even if the others had copied settings (except the port obviously). I have just since deleted them, because they weren't that important.

Start from single redirect section 'PMS', after that change single port by port range, and check again.

They were setup with destinations previously, I set it to "Any" because they weren't working, and Idk which device I wanted to set them to anyways atm.

I'll try that. Uno momento

config redirect
	option dest 'lan'
	option target 'DNAT'
	option src 'wan'
	option dest_ip '192.168.1.102'
	option src_dport '32400'
	option dest_port '32400'
	option name 'PMS'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option src 'wan'
	option dest_ip '192.168.1.102'
	option src_dport '5121'
	option dest_port '5121'
	option name 'NWN'

image
image

No dice, and its literally identical settings

Do you need TCP or UDP or both?

1 Like

It is very strange, and if replace 32400 by 5121 in PMS, and remove last section?