Hi, I'm running OpenWrt 18.06.1 on a minirouter GL.iNet GL-300M and I have some troubles with port forwarding.
On my WAN side of this router ( we will call MainRouter from now) I have a static IP address (140.80.0.10). I'm directly connected to MainRouter with my PC on WAN side and I'm the only one connected to it.
At MainRouter LAN port (IP 192.168.10.253) the only device that is connected is the LAN port of an identical device (we will call SecondaryRouter from now) (IP 192.168.10.254).
Now I'm trying to implement a port forwarding that would allow me to connect via SSH to SecondaryRouter from MainRouter WAN but it's not working.
I tried to forward WAN port 1022 to LAN port 22 of IP 192.168.10.253 (MainRouter WAN to MainRouter LAN) and it worked, I was able to connect via SSH (software putty) to MainRouter without opening port 22.
If i try to forward forward WAN port 1022 to LAN port 22 of IP 192.168.10.254 (SecondaryRouter IP) it doesn't work.
Here I attach myfirewall settings:
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option syn_flood '1'
option forward 'REJECT'
config redirect
option target 'DNAT'
option family 'ipv4'
option proto 'tcp udp'
option src 'wan'
option src_dport '1022'
option dest 'lan'
option dest_port '22'
option dest_ip '192.168.10.254'
option name 'fwd SSH'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option output 'ACCEPT'
option input 'REJECT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'tethering wan wan6 wwan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
option reload '1'
config include 'glfw'
option type 'script'
option path '/usr/bin/glfw.sh'
option reload '1'
config include 'glqos'
option type 'script'
option path '/usr/sbin/glqos.sh'
option reload '1'
config include 'mwan3'
option type 'script'
option path '/var/etc/mwan3.include'
option reload '1'
config zone 'guestzone'
option name 'guestzone'
option network 'guest'
option forward 'REJECT'
option output 'ACCEPT'
option input 'REJECT'
config rule 'guestzone_dhcp'
option name 'guestzone_DHCP'
option src 'guestzone'
option target 'ACCEPT'
option proto 'udp'
option dest_port '67-68'
config rule 'guestzone_dns'
option name 'guestzone_DNS'
option src 'guestzone'
option target 'ACCEPT'
option proto 'tcp udp'
option dest_port '53'
config rule 'glservice_rule'
option name 'glservice'
option proto 'tcp udp'
option src 'wan'
option target 'ACCEPT'
option enabled '0'
option dest_port '83'
config rule 'glssh_rule'
option name 'glssh'
option dest_port '22'
option proto 'tcp udp'
option src 'wan'
option target 'ACCEPT'
config forwarding
option dest 'wan'
option src 'guestzone'
config forwarding
option dest 'wan'
option src 'lan'
config rule
option target 'ACCEPT'
option src 'wan'
option proto 'tcp'
option dest_port '80'
option name 'LuCi'
I believe I'm missing something maybe stupid but I'm new at it...
I thank you in advance for any help you can give me!