Port forward doesn't work

I try build connection to Dahua video recorder using Dyndns.

Video recorder work in internal network;

But, I try add Dyndns, and it not work: Port forward not work.

In Dahua manual:

"Before use, the device must be connected to the Internet, please check if the connection
works properly. Please confirm Internet access port is open and default port to open is: 80,
554, 37777. Enable UPnP and PPPOE function of the device. For more information,
please refer to DDNS User’s Manual."

Ok. I add port forwarding as must; 80, 554, 37777. "From WAN 80 to LAN IP". Only "grey" is "UPnP and PPPOE", but after googling looks "it is dangerous". Or... "enable upnp and pppoe of the device" means this video recorder settings? Or Openwrt?

Problem is, in dyndns service "open port tool" say "timeout". I take my ip "whatismyip" etc, and then test is it port open or not. Answer is only "timeout".

So... Openwrt port forward need somethin more? How about this UPnP and PPPOE? (It looks only way activate this is put router to "everyone welcome"-mode...)

You are currently setting the forward destination as “this device” (the router itself). You need to change that to forward to in the LAN zone.

1 Like

Do you have a public IP on your router WAN port?
Just yes or no, please.

1 Like

WAN port is connected to dynamic ip (4G modem).

Yes or No?
I'm pretty sure the answer should be No, that means that port forwarding, dynamic DNS, etc. make no sense.

1 Like

Edit, it show this. In my opinion this is right; "wan" is, as it name, wan. Port 80, and destination zone "lan", and videorecorder ip-address (private, inside lan).


This looks correct. But as @AndrewZ points out, you must have a public ipv4 address for this rule to work. Wireless isp connections often do not provide a public address, but some do.

What is the first part of your WAN up address (aaa.bbb.ccc.ddd - just the bold part)


" Do you have a public IP on your router WAN port?
Just yes or no, please."

Now I does not understand. I go to "www.whatismyip" etc etc etc, this type webpage show "your ip is w.x.y.z". SO, I have public ip- it is dynamic, of course reason 4G, but this I put to service dyndns.org.

Also in router wan port is any ip- it is other than public ip. Of course, 4G-modem between 4G-cloud and openwrt router.


The question is only about your router, so you need to check on your router.
The only page to check is http:{routerIP}/cgi-bin/luci/admin/network/network
If you have no public IP on your WAN - it is not reachable from outside. Full stop.


No... https://www.whatismyip.com show public ip. This ip is how internet see me, and this is ip address I put to dyndns-setting. This ip is not ROUTER WAN ip reason between this ip and router wan is 4G-modem.

You must check the IP address that is reported by OpenWrt on the WAN. You can compare it against the IP address you get when you visit whatsmyip. If they do not match, you don't have a public IP address. Many wireless ISPs use NAT or CGNAT.

Look at the router's main status page and find the "IPv4 Upstream" section. Post the first two octets (aaa.bbb.ccc.ddd) and we can tell you if it is public or NAT/CGNAT.

Just so that you understand, if you have an internet connection, you will always see a public IP address listed on these types of pages... that doesn't mean that the public IP address is actually assigned to your router. It could mean that it is the IP address that is used by the ISP if they use NAT/CGNAT.


  1. How did you get the IP info for the 4G Modem -- was that from the whatsmyip site or did you see this on your modem's info page?
  2. Since your 4G modem is providing the OpenWrt router a NAT'd address, you must also setup port forwarding on the modem (pointing to the OpenWrt router). But this is moot if your modem doesn't actually have a public IP.

The WAN interface on your router has a private IP address...
You need to configure the forwarding on the modem first.


Your modem acts as a NAT router.
The same question about this router: Do you have a public IP on your router WAN port?
No: game over.
Yes: you need to configure port forwarding on it, or DMZ or switch it to a bridge mode.


1, "whatismyip.com" etc show this 80.221.x.y.

2, okay, I must fork also 4G-modem.

strong textFIRST AT ALLstrong text. This was my first screen capture. In my opinion INSIDE OPENWRT ROUTER this settings are right? In my opinion yes, Dahua say "open port 80, 554, 37777 on your router". Most important question is, "IS THIS SETTING RIGHT". This really does not need any wan-port-ip-forking. Video recorder privat ip inside my NAT is So, is this port forward I make right? Please do not say "put any ip to wan"- if so, it must not be true. Wan port ip is dynamic ip, 4G modem make it- and physically it is RJ45-patch cable between 4G-modem and Openwrt-router.


SECOND. I must make JUST SAME PORT FORWARD inside 4G-modem.

Right? So, 80, 554, 37777 forward inside 4G-modem--- it is maybe "forward all 80 from wan to lan" etc? And then, inside openwrtrouter, JUST AS I MAKE?

after this... I put whatismyip.com etc etc ip address to dyndns.org-settings, ok.

Forget about whatsmyip for a few minutes...

You need to determine if you are behind NAT/CGNAT at the 4G modem. Here's an analogy...

I work for a very large company. If we want a package delivered to work, we use the main address for the company (and attn: <$username>). We don't all get a unique address. The company uses 1 public address, and then the company is responsible for delivering packages to the employees based on the internal addresses (i.e. building/desk location). The rest of the world doesn't know (and doesn't need to know) my specific address within the buildings. In this case, the company has that one public address and thousands of internal/private addresses within. This is essentially how NAT/CGNAT works.

You need to start by figuring out what IP address the 4G modem has assigned to itself on the WAN side. You can probably find this on the modem's status page. If it is not the same as the public IP reported by whatsmyip, you will not be able to make port forwarding work. period.


You need to configure a DMZ zone on your 4G modem, or use double NAT.

  • If you can setup a DMZ, the 4G modem will transfer all incoming traffic to the router.
  • if you can't, you must config NAT rules on both the 4G modem and the router (double NAT).
  • another possibility is configuring the 4G as bridge, it will deliver the public IP to the openwrt router.

Many users have already explained this previously.


And this works also when he has CGNAT?

I don't have the experience to tell. :roll_eyes: