Port forwarding in OpenWrt

I have a Raspi plugged into the LAN port on my router. The raspi is running a http server, which works fine on the local network. I also have a domain pointing to my IP address, but somehow I can never reach the raspi from outside my network. I have added port forwarding rules for port 80 (tcp/udp) to the correct device. I also enabled port forwarding in the modem which the router is connected to. From the modem diagnostics I was able to gather that the packets reach the modem when I try to ping my IP, so they should also at least reach the router.

The modem is a ZyXEL VMG4005-B50A and the router is Netgear WAC124/AC2000.
Below is the only entry I added to the firewall section.

config redirect
        option target 'DNAT'
        option name 'http'
        option src 'wan'
        option src_dport '80'
        option dest_ip ''
        option dest_port '80'
        option dest 'lan'

Thank you for any help!

not necessarily. It sounds like you have a double-NAT situation here, so you need to setup things accordingly. If your modem is a modem+router combo unit, you need to make sure that port forwarding is setup correctly from the modem > router. Let's see how that is setup -- a screenshot of that should be sufficient. Also, what is the WAN IP address of the Netgear device?


The port forwarding setup in the modem is just two rules, one for UDP, one for TCP, incoming port 80 and outgoing port 80. I don't think there's more to it, but I could get you a screenshot later.

The WAN IPv4 address on the openwrt router is, of which only the 151 part (last byte?) matches my public IP address.

Ah, this sounds like CG-NAT... in other words, the ISP is not providing you with a public IP address. You will not be able to access your server from the internet in this case.

You can ask your ISP about getting public IP address (IPv4) -- this may or may not be possible, and it may involve extra cost. If they say no (or it is too costly), you are out of luck on the IPv4 side. If you have IPv6, you should presumably be able to use that. Otherwise, your options are significantly more complex involving remote VPN servers and stuff.


Ah ok, yeah I think a static IP would be 3 euros/month more, and would presumably involve an actual public IP address.
I do get IPv6, how would that work, just use my dynamic dns provider with a IPv6 address?

Generally speaking, yes. As long as your dynamic dns service supports IPv6, you should be able to do what you want.

Well, I'll try that. Thanks for your help!