Port Forwarding Issues

Hello all. I am fairly new to Openwrt, having only installed it on my Netgear R7800 a month ago.

I had previously used the stock firmware and allowed a couple of ports to forward to an internal PC which was:
-An FTP server (port 21)
-A Minecraft server (port 25565)
-DNS Redirect (port 53)

After flashing Openwrt, I have opened the same ports (followed a guide: https://www.cfos.de/en-us/cfos-personal-net/port-forwarding/openwrt.htm). I can verify that the FTP port works, but only if I use something like Filezilla...not the FTP built into Windows File Explorer, I am unable to connect.

I also found a forum post about installing some extra packages (their issue passive ftp was not working so they installed kmod-nf-nathelper). I tried installing that package, rebooted my router...but no change.

Can anyone advise?

Thanks,

FTP = TCP # should able to verify it's open using an application as it seems you have already
Minecraft = TCP/UDP? # If UDP, you may have to use NMAP from an external box to verify
DNS = UDP - # NMAP

TCP can also be verified using wireshark and looking for the particular flow and that has a syn-ack.
UDP is connectionless so it will only be verified if something can probe it to react.

2 Likes
opkg update
opkg install kmod-nf-nathelper kmod-ipt-raw
/etc/init.d/firewall restart
1 Like
  1. I assume I need to enter those commands, can you help direct me to the terminal where I enter them?

(I am familiar with Linux and SSH, but have not dabbled much in the openwrt OS.)

  1. In case they do work, can someone explain why I needed to use them and install the additional packages?

FYI: I confirmed that before any other changes are made, I tested the access to my Minecraft server...it could not connect so I assume there is something strange with the way that Openwrt handles port forwarding since none of the ports I opened seem to be very accessible...

I can't speak for specific requirements of passive FTP, but my stock standard port forwarding config for openwrt is just adding the two configs for each port via terminal.

Remember that port forwarding is basically two steps:
1. redirect port from outside to internal (NAT)
2. allow access from outside to inside via this port (firewall)

Added to /etc/config/firewall (example port 80):

config redirect
        option name 'PassthroughformyProgram'
        option src 'wan'
        option proto 'tcp'
        option src_dport '80'
        option dest_ip '192.168.1.25'
        option dest_port '80'
        option target 'DNAT'
        option dest 'lan'

config rule
        option src 'wan'
        option proto 'tcp'
        option dest_port '80'
        option target 'ACCEPT'

Adjust as needed.

https://openwrt.org/docs/guide-quick-start/sshadministration

It is stripped off in OpenWrt since FTP forwarding is not an essential use case.

No need since OpenWrt firewall allows DNAT traffic by default.

1 Like

I can give that a try...but I am not clear on why the non of my port forwarding would work (Minecraft, DNS, FTP)? What is so special about FTP that it requires additional "stuff"?

I assume that a port is open or its closed...not complicated?

FTP protocol:

I will read more on that. I executed those commands from a terminal (though I am not sure why it was necessary if I already installed the package through the gui?). After performing those steps, FTP is now working.

The minecraft server however, is not accessible. Does anyone have an explanation as to why I have issues with that?

1 Like

Little update...I think I needed to allow additional ports for Minecraft to work. Most likely not an Openwrt issue at this time.

2 Likes