I'm trying to forward a few ports to a server that I run, mainly port 80, 443, and 22. Right now I'm just trying to get a single port forward working but no dice. The firewall on the server accepts the ports, but I still can't connect to the server from outside my network, even if I disable the firewall and SELinux. Ironically mywebserver.com works inside my network, but not outside my network.
I had this working before I flashed OpenWRT so I know things are set up properly on the server, the only change is OpenWRT so I must be doing something wrong.
Well I only sort of understand what I'm looking at haha, but here is a pastebin of the first bit of results: https://pastebin.com/97837gFF
This time the connection didn't time out, but it appears that it was intercepted by OpenWRT. That is, when I navigated to myserver.com from outside my network, I got the OpenWRT login page. Not really what I want, but I'll take that as a mark of progress! Thank you!
While the command was running I kept trying to connect to the server from outside my network, not sure if that hurt of helped. I figured it would show up in the logs.
nc 192.168.1.152 80 doesn't return any results from the router:
@Pippo Yes I'm positive the ISP isn't blocking port 80. It was working for well over a year, right up until I flashed OpenWRT and then it stopped working instantly.
@vgaetera I'm seeing the IP address of the computer outside my network in the tcpdump log, but the external computer is still getting the luci login page. How can I change the port that this listens on? I modified /etc/config/uhttpd but that doesn't seem to have changed it. https://pastebin.com/Vh7qfb2U
First, let's fix some obvious errors and make it more clear:
uci set firewall.@redirect[0].dest_port=""
uci set firewall.@redirect[0].proto="tcp"
uci set firewall.@redirect[1].dest_port=""
uci set firewall.@redirect[1].proto="tcp"
uci commit firewall
service firewall restart
If this is not enough, try to disable firewall reflection rules.
If you have a domain name:
Create an A record for your domain pointed to 192.168.1.152 on the local DNS server and make sure your LAN clients use this DNS as primary.
Add the domain name to /etc/hosts on the server pointed to both 127.0.0.1 and ::1.