Port forwarding not working

I have re-kagiggered my ip range and netmask and re-setup my vpn and everything is working fine - with the exception of my firewall port-forwards (which I thought would be the easiest part!!)

Here are my port-forwards:

Here is my sftp port-forward configuration:

  • I can successfully connect locally by sftp to the host (megabyte) or its IP address, but when I try to remotely connect the wan-side port (via the wan IP address), nothing happens (it eventually times out)
  • If I try to connect to the host via the FQDN from inside my network (which used to work) it times out also.
  • On the other hand, I am able to access the sftp server from inside my network by going to the WAN address like this:
    sftp -p123 my.wan.ip.address

I have tried with and without NAT Loopback.

I just discovered that TWO of my port forwards (sprinklers and ted) are working here is one of them:

I am able to get to them from outside (OR INSIDE ) of my network via:

OK... I figured out that this:
iptables -t nat -A PREROUTING -i br-lan -p udp --dport 53 -j DNAT --to
iptables -t nat -A PREROUTING -i br-lan -p tcp --dport 53 -j DNAT --to
has hosed this up. The problem is, without this, I cannot access my hosts locally by hostname.

Any suggestions?

I presume you are using the "custom" port number for the FTP cliet software?

What's WAN connected to? Where you trying to connect from Internet or from a PC connect directly to the upstream router?

Correct. I've tried something like this (both of which worked before I changed my address range):
sftp -p123 my.wan.ip.address
sftp -p123 my.domain.com

The wan is connected to my Spectrum provider's cable modem.

I am able to connect directly to the host from inside my network like this:
sftp -p22 megabyte
sftp -p22

What aggravates me is this USED to work before I changed my address range (from to

I just found another clue where a couple of my web pages are actually working (see the bottom of the original posting). The ones I am having problems with are the sftp connection and the http and https connections.
ted.my.domain.com and sprinklers.my.domain.com are working from both inside and outside of my network(!) I don't see any difference between these working port-forwards and the ones that aren't working

As this question has changed too much as I discovered more information, I have opened a better question here

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.