I switched ISPs and my forwarded ports stopped working. The ISP is saying that all of the ports are open from their end. What info can I provide to diagnose it?
Thanks in advance
- Use the correct public IP
- Verify you actually got a public IP
No 2 is checked by looking at the WAN side IP in Openwrt.
1 Like
Yes confirm that the wan IPv4 is the same IP that a "whats my IP" test site (from a LAN computer) reports. Do tcpdump on the wan interface while someone is trying to reach the port from the Internet. tcpdump looks at packets before the firewall, so if you don't have any coming in it is a problem in the ISP or the ISP modem. If you do have packets coming in, next dump the lan interface to see if they have been forwarded out.
On the WAN interface I have the ISP IP, not the public one.
That does "ISP IP" mean ?
IP I am getting from their FIOS box.
So, it's a private IP that starts with 10, 172, or 192? You don't have to redact those since they are only applicable when inside your house, they don't appear on the Internet.
The FIOS box needs to be configured as "bridge" or "IP Pass Through" so it allows the public IP to appear at your router.
Of your FIOS box have some kind of DMZ setting, check if your router is assigned to it.
That's a CGNAT IP, not a public one.
Go to any random whatsmyip site, compare your WAN IP with the one they're showing.
You'd have to look inside the FIOS box to see if its WAN IP is public (unique to your house) or part of a CGNAT system (an intermediate IP that leads to many customers sharing one public IP).
Or ask the ISP if they can provide a true public IP so you can run services accessible from the Internet.
Going to try to contact ISP again. They said that they are forwarding all ports to me.
For now Cloudflare tunnel is doing all I need, but would like to sort port forward out for future.
Thanks all for the info. Contacted the ISP and they will give me a dedicated IP.
Be aware that with the current wan zone settings, you don't actually have a firewall.
3 Likes
Yes good point. Set wan default input action target back to reject or drop. Individual rules will override this for wanted inputs.
2 Likes
It would also be good the wan=>lan forwarding to be removed.
2 Likes
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.