Port forwarding questions

Hello everyone!
i have a few questions about port forwarding in general.
My setup consists of one modem/router (with original firmware) that is connected to the internet, and one router (with openwrt) that my devices are connected to.
I need to forward some ports to use transmission, so i setup with default firewall settings a new forward with the following settings:

  config redirect
        option dest_port '51413'
        option src 'wan'
        option name 'transmission'
        option src_dport '51413'
        option target 'DNAT'
        option dest 'lan'
        option dest_ip ''
        list proto 'tcp'
        list proto 'udp'

it works when i assign the public ip to the openwrt router.
are there any drawbacks to using that?
if i would like to leave the router with a private ip, what do i have to do? i tried forwarding the same port to the openwrt router hoping that it would "relay" the connection to the "inner" network but it doesn't work.
i am noob in this field so please have patience with me :smiley:

You would need to also port forward on the modem/router. Your rule allows the port from OpenWrt's WAN-LAN, but your edge router would ALSO need to be forwarding (from the Internet to the OpenWrt WAN port). If you can, it would be easier to DMZ your OpenWrt box from the modem/router, then you only have to deal with the OpenWrt firewall.


Thank you for your reply !

When i port forward from the internet to openwrt it won't work. and i can't figure out why.

Yes in that case it works, openwrt gets a public ip and port forwarding works.
But i was thinking how to do that without assigning the public ip to the openwrt router...

This is not what DMZ is. With DMZ the ISP modem/router has the public IP and forwards all the ports towards the specified DMZ device (in this case the OpenWrt router).

If you set the modem to bridging mode, then the OpenWrt can terminate the connection and have the public IP on its wan interface.


Unless you have a good reason to keep your current double-NAT setup, I would configure the modem as a bridge, and give the router a public IP address.


I understand, there is no DMZ option in the ISP modem so the assign public ip option is "bridging mode"..
Thanks for clearing that up :wink:

Yep you're right and it's working actually.
I was only wondering what are the pros and cons of both configurations, and how to configure port forwarding in a "double-NAT" setup.

1 Like

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

1 Like

It sounds like your using your ISP modem for only the single device, so you might as well give the OpenWrt router the public address, if for no other reason it will vastly simply anything you do on OpenWrt for future management.

1 Like

Thank you all for your answers. port-forwarding with the public address assigned to the OpenWrt router works now, but it still looks erratic ( had to remove the public address then reassign it because it stopped working last night).

You can verify that the port forward is working by running the command iptables-save -c | grep DNAT and check that the counters are rising.


Thank you for this precious hint, that's much better than relying on the web interface.
i thought about using watch to see if the counters are rising but i can't find it in the repos... but this one does the job :smiley:

while true;do clear;iptables-save -c | grep DNAT;sleep 1;done

That's a fancy way to cover the lack of watch :smiley: