I'm using OpenWRT 19.07 and configured the following Firewall rule (via LuCI):
Internal IP address:
because I have an application running behind a Traefik proxy on port 443, so when I access
https://mydomain:61000 I expect to see that application.
The problem is that, after adding that rule (and also restarting the router), port 61000 seems to be still closed!
The output of
19:40:40.020622 IP (tos 0x0, ttl 64, id 34373, offset 0, flags [DF], proto TCP (6), length 60)
192.168.1.5.34832 > MYIP.61000: Flags [S], cksum 0x810a (incorrect -> 0x65a6), seq 72278350, win 64240, options [mss 1460,sackOK,TS val 493153586 ecr 0,nop,wscale 7], length 0
Checking that port on
https://www.yougetsignal.com/tools/open-ports/ says that it's closed!
What am I doing wrong or missing?
P.s. the Firewall is configured as following:
is that correct?
Please confirm you have a
public IP on your WAN port.
.... and your ISP isn't blocking incoming traffic on port 443, to prevent people from setting up sites.
Don't you need to test port 443 , why are you testing 61000
Instead of when I access
no in my case I have a Dynamic DNS so a public domain that points to my local machine (public IP always mapped to that domain)
I'm not sure, how can I check that?
well I remember that with my previous ISP and router (Asus, not OpenWRT) I just needed to add that mapping in the port forwarding rules: 61000 -> 443 and accessing
https://mydomain:61000 just worked! Now with my new router (with OpenWRT) and ISP I cannot!
sorry, but I did not solve my issue, I was just saying that with my previous not OpenWRT router it was working and now it's not!
Please show a proof that you have a public IP on your WAN.
I've just a
noip domain that I use as a public domain for my PC!
Internal IP address:
Swap the external and internal ports.
Please answer the question asked. It was no question about your domain or your PC, only about your router.
I'm sorry, I'm afraid I did not understand your question, could you please elaborate it and what exactly I need to check? Thanks
You need to check your WAN IP.
yes I got a public IP on my WAN and the DDNS domain is correctly updated with it! If I ping my DDNS domain it resolves to my current internet IP address
Please show a proof from your router.
how do you want me to do that?
Why the obsession with the WAN IP? Especially when he's already said he has a public IP. The port forward doesn't work because the ports have been set up back to front.
JKhjus123 ignore the stuff about your WAN IP for now and fix your port forward. You need to have 61000 as the external port and 443 as the internal port.
thanks I've just done it but it still does not work
https://www.yougetsignal.com/tools/open-ports/ says that port 61000 is still closed!
Can you SSH into the router and run
uci export firewall then post the output here?