summary: When I enable port forwarding, the outside traffic is not forwarded but instead just goes to the openwrt itself. I'm using wireguard as a device, not openVPN. My ISP permits the incoming connections to port 44818 (just a port I'm using to test with). Listening from openwrt itself the outside connections are working. But I want openwrt to forward the traffic to a different computer where I want to run my server so I can connect to that server from outside. However openwrt is not forwarding the traffic.
Can anyone help me here or tell me what more information I should provide to ask a better question?
Long version follows:
I'm using OpenWrt 22.03.0, r19685-512e76967f on a raspberry Pi
There are 4 "devices":
br-lan (bridged to eth0, and in the "LAN" zone).
eth0 (not in any zone),
eth1 (in the "outside" zone, physically connected to the modem),
wg0 (in the "wan" zone; this is the wireguard device)
There are 3 interfaces:
br-lan is bridged to eth0 where the internal network is connected.
eth1 is the uplink to the fiber modem.
wg0 is the wireguard interface.
There are 3 zones:
The "LAN" zone is br-lan (physically connected to eth0, and the devices inside the house).
The WAN zone is the wireguard interface. All input/output/forwarded traffic forwarded from the lan zone to the wan zone is accepted. Only output traffic from the wan zone is accepted and masquerading from the wan zone is turned on.
The "Outside" zone only forward traffic from the outside zone is accepted.
I added a forwarding rule to send port 44818 to the computer at 10.10.137.233 (same port)
I also added a firewall rule to permit the above traffic:
If I listen to port 44818 at 10.10.137.233 and try to telnet in from the LAN, it works. That's just telnetting from one computer in the house to the computer where I want to run the server.
But, if i listen to port 44818 at 10.10.137.233 and try to telnet in from the outside, the connection is rejected. This is the outside traffic which I want opwnwrt to froward to 10.10.137.233. That telnet connection targets the public IP address assigned to openwrt by the ISP,
Finally, if i listen to port 44818 from openwrt and again try to connect from the outside, it is successful. That telnet connection also targets the public IP address assigned to openwrt by the ISP.
This tells me that my ISP is letting the traffic through and it's arriving at the openwrt router. But openwrt is keeping this traffic to itself rather than forwarding it to the computer that I want things to connect to.