Port forwarding not working


I'm using OpenWRT 19.07 and configured the following Firewall rule (via LuCI):

  • Protocol: TCP
  • Source zone: WAN
  • External port: 443
  • Destination zone: LAN
  • Internal IP address:
  • Internal port: 61000

because I have an application running behind a Traefik proxy on port 443, so when I access https://mydomain:61000 I expect to see that application.

The problem is that, after adding that rule (and also restarting the router), port 61000 seems to be still closed!

The output of tcpdump says:

19:40:40.020622 IP (tos 0x0, ttl 64, id 34373, offset 0, flags [DF], proto TCP (6), length 60) > MYIP.61000: Flags [S], cksum 0x810a (incorrect -> 0x65a6), seq 72278350, win 64240, options [mss 1460,sackOK,TS val 493153586 ecr 0,nop,wscale 7], length 0

Checking that port on https://www.yougetsignal.com/tools/open-ports/ says that it's closed!

What am I doing wrong or missing?

P.s. the Firewall is configured as following:

is that correct?


Please confirm you have a public IP on your WAN port.

1 Like

.... and your ISP isn't blocking incoming traffic on port 443, to prevent people from setting up sites.

1 Like

Don't you need to test port 443 , why are you testing 61000

Instead of when I access https://mydomain:61000

no in my case I have a Dynamic DNS so a public domain that points to my local machine (public IP always mapped to that domain)

I'm not sure, how can I check that?

well I remember that with my previous ISP and router (Asus, not OpenWRT) I just needed to add that mapping in the port forwarding rules: 61000 -> 443 and accessing https://mydomain:61000 just worked! Now with my new router (with OpenWRT) and ISP I cannot!

sorry, but I did not solve my issue, I was just saying that with my previous not OpenWRT router it was working and now it's not!

Please show a proof that you have a public IP on your WAN.

1 Like

I've just a noip domain that I use as a public domain for my PC!

Swap the external and internal ports.


Please answer the question asked. It was no question about your domain or your PC, only about your router.

1 Like

I'm sorry, I'm afraid I did not understand your question, could you please elaborate it and what exactly I need to check? Thanks

You need to check your WAN IP.

1 Like

yes I got a public IP on my WAN and the DDNS domain is correctly updated with it! If I ping my DDNS domain it resolves to my current internet IP address

Please show a proof from your router.

1 Like

how do you want me to do that?

Why the obsession with the WAN IP? Especially when he's already said he has a public IP. The port forward doesn't work because the ports have been set up back to front.

JKhjus123 ignore the stuff about your WAN IP for now and fix your port forward. You need to have 61000 as the external port and 443 as the internal port.

1 Like

thanks I've just done it but it still does not work :disappointed_relieved:
https://www.yougetsignal.com/tools/open-ports/ says that port 61000 is still closed!

Can you SSH into the router and run uci export firewall then post the output here?