Hi,
I'm using OpenWRT 19.07 and configured the following Firewall rule (via LuCI):
Protocol: TCP
Source zone: WAN
External port: 443
Destination zone: LAN
Internal IP address: 192.168.1.5
Internal port: 61000
because I have an application running behind a Traefik proxy on port 443, so when I access https://mydomain:61000 I expect to see that application.
The problem is that, after adding that rule (and also restarting the router), port 61000 seems to be still closed!
The output of tcpdump
says:
19:40:40.020622 IP (tos 0x0, ttl 64, id 34373, offset 0, flags [DF], proto TCP (6), length 60)
192.168.1.5.34832 > MYIP.61000: Flags [S], cksum 0x810a (incorrect -> 0x65a6), seq 72278350, win 64240, options [mss 1460,sackOK,TS val 493153586 ecr 0,nop,wscale 7], length 0
Checking that port on https://www.yougetsignal.com/tools/open-ports/ says that it's closed!
What am I doing wrong or missing?
P.s. the Firewall is configured as following:
is that correct?
Thanks
Please confirm you have a public IP on your WAN port.
1 Like
.... and your ISP isn't blocking incoming traffic on port 443, to prevent people from setting up sites.
1 Like
mbo2o
July 22, 2021, 6:25pm
4
Don't you need to test port 443 , why are you testing 61000
Instead of when I access https://mydomain:61000
no in my case I have a Dynamic DNS so a public domain that points to my local machine (public IP always mapped to that domain)
I'm not sure, how can I check that?
well I remember that with my previous ISP and router (Asus, not OpenWRT) I just needed to add that mapping in the port forwarding rules: 61000 -> 443 and accessing https://mydomain:61000 just worked! Now with my new router (with OpenWRT) and ISP I cannot!
sorry, but I did not solve my issue, I was just saying that with my previous not OpenWRT router it was working and now it's not!
Please show a proof that you have a public IP on your WAN.
1 Like
I've just a noip domain that I use as a public domain for my PC!
krazeh
July 23, 2021, 6:40am
12
JKhjus123:
Protocol: TCP
Source zone: WAN
External port: 443
Destination zone: LAN
Internal IP address: 192.168.1.5
Internal port: 61000
Swap the external and internal ports.
4 Likes
Please answer the question asked. It was no question about your domain or your PC, only about your router.
1 Like
I'm sorry, I'm afraid I did not understand your question, could you please elaborate it and what exactly I need to check? Thanks
You need to check your WAN IP.
1 Like
yes I got a public IP on my WAN and the DDNS domain is correctly updated with it! If I ping my DDNS domain it resolves to my current internet IP address
Please show a proof from your router.
1 Like
how do you want me to do that?
krazeh
July 23, 2021, 8:04am
19
Why the obsession with the WAN IP? Especially when he's already said he has a public IP. The port forward doesn't work because the ports have been set up back to front.
JKhjus123 ignore the stuff about your WAN IP for now and fix your port forward. You need to have 61000 as the external port and 443 as the internal port.
1 Like
thanks I've just done it but it still does not work
https://www.yougetsignal.com/tools/open-ports/ says that port 61000 is still closed!
krazeh
July 23, 2021, 8:10am
21
Can you SSH into the router and run uci export firewall
then post the output here?