I can't find a specific example documented anywhere. Is it possible to create a firewall port-forward rule to a service running on the router itself?
So traffic hitting WAN IP on port 1234 gets forwarded to the router service running on port 5678?
I can see I could forward to the WAN interface back to the router on it's WAN IP but as the WAN IP could change this seems fragile. I could also forward to LAN interface and back to the router on it's LAN IP, but this seems like an unnecessary traversal. Is there a way to forward directly to the router (like an ingress rule but with a port forward)?
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
It appears you are using firmware that is not from the official OpenWrt project.
When using forks/offshoots/vendor-specific builds that are "based on OpenWrt", there may be many differences compared to the official versions (hosted by OpenWrt.org). Some of these customizations may fundamentally change the way that OpenWrt works. You might need help from people with specific/specialized knowledge about the firmware you are using, so it is possible that advice you get here may not be useful.
Ask for help from the maintainer(s) or user community of the specific firmware that you are using.
Provide the source code for the firmware so that users on this forum can understand how your firmware works (OpenWrt forum users are volunteers, so somebody might look at the code if they have time and are interested in your issue).
If you believe that this specific issue is common to generic/official OpenWrt and/or the maintainers of your build have indicated as such, please feel free to clarify.
However taking inspiration from another DNAT rule I saw in the wild, if I omit the dest option from the rule then LuCI displays it like this, which better matches the intent of the rule: