Port forwarding not working

xmpp · November 14, 2022, 8:49am

Having issues with port forwarding on a gl-inet gl-x750 spitz. I use LTE to get wan.

As a test, I set a static ip for a laptop running nginx. This laptop does not have a firewall running. I can access the nginx page on a laptop connected to the same lan.

$ nc -v 192.168.100.189 80
nginx.home.lab [192.168.100.189] 80 (http) open

Then in luci I go to firewall and port forwarding as shown in screenshot. I also attached my firewall general settings.

It does not work.

I run curl inpinfo.io to get my public ip and then I run the netcat command with that ip, but it simply times out:

$ nc -v my-public-ip-here 80
my-public-ip-here [my-public-ip-here] 80 (http): Connection timed out

What could I have missed? Where can I see debug messages for this?

Firewall setup:

Port forward:

frollic · November 14, 2022, 8:54am

ISP not allowing incoming traffic ?

xmpp · November 14, 2022, 9:03am

Hmm true, did not check that. Can call and check with them.

Btw, I have enabled logging for the LTE interface, I did not think it was logging anything, but seems there's something after all:

root@router:~# logread | grep -i wwan0
Mon Nov 14 10:47:23 2022 kern.warn kernel: [  155.596128] reject wan in: IN=wwan0 OUT= MAC= SRC=XXX.XX.XXX.XXX DST=XX.XXX.XX.XX LEN=98 TOS=0x10 PREC=0x20 TTL=52 ID=44618 DF PROTO=TCP SPT=443 DPT=55966 WINDOW=501 RES=0x00 ACK PSH URGP=0
Mon Nov 14 10:47:23 2022 kern.warn kernel: [  155.614076] reject wan in: IN=wwan0 OUT= MAC= SRC=XXX.XX.XXX.XXX DST=XX.XXX.XX.XX LEN=83 TOS=0x10 PREC=0x20 TTL=52 ID=44619 DF PROTO=TCP SPT=443 DPT=55966 WINDOW=501 RES=0x00 ACK PSH URGP=0
Mon Nov 14 10:47:23 2022 kern.warn kernel: [  155.632012] reject wan in: IN=wwan0 OUT= MAC= SRC=XXX.XX.XXX.XXX DST=XX.XXX.XX.XX LEN=52 TOS=0x10 PREC=0x20 TTL=52 ID=44620 DF PROTO=TCP SPT=443 DPT=55966 WINDOW=501 RES=0x00 ACK FIN URGP=0

Is this related to something else or possible I can reach it? The time matches when I was testing some stuff. I can not get it to reproduce at the moment when trying to run netcat again. The DST ip is my internal IP for the LTE interface so that makes sense, SRC IP I do not recognize.

Edit: Hmm, seems to pop up sometimes and SRC ip is always different so far.

eduperez · November 14, 2022, 9:33am

It's quite rare for LTE to issue public IP addresses to customers, are you sure that your public IP address is really public?

xmpp · November 14, 2022, 10:39am

Contacted my ISP and I needed to change the APN, the default one does not have a public address enabled. Changed the APN value for the interface in Network > Interfaces as they instructed and now it works.

Thanks guys for making me check with my ISP.

system · November 24, 2022, 12:37pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.