Port forwarding setup

Hello there,
This is the first time I am struggling to set port forwarding 51413 for Transmission. This was on a pure IP V4 though.
I have 2 linux computers where netstat -tulpn and ss -tulpn show port 51413 is open in the computers.
Openwrt setup is

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Transmission'
	option src 'wan'
	option dest_ip ''
	option dest_port '51413'
	option src_dport '51413'

But with ssh to Openwrt, netstat -tulpn doesn't show this port.

I can't see where is my mistake.
Any help is welcome

Netstat on OpenWrt wouldn't show this port open, as it's a firewall rule and not a process (e.g. a program with a listen port) running on the device. Do you see it when doing uci show firewall or looking at the raw nft rules?

BTW, you'll have to use a different port for the second computer.


Since the OpenWrt device is not actually listening on the port (simply forwarding it to a host on your lan), it is expected that it would not show as an open port on OpenWrt itself.

Have you tested your port forwarding from the outside?


Yes, this is only for test purpose one computer at a time.

Just did a test, unfortunately port is closed.

Forgot to say Transmission says closed as well.

Do you have a public IP address on the router?
Does the firewall on the computer accept connections from public addresses?


Router WAN IP v4 address is 100.71.xxx.xxx. Search on Internet returtn the message

Warning : This is not a valid IP address on the Internet because it belongs to a private network. It does not identify a unique destination as it is only meant to be used inside local area networks

This address is provided by my ISP, my router is DHCP client.
But when I ask my Internet IP address I get 185.42.xxx.xxx

1 Like

This is known as CG-NAT (carrier grade NAT).

You mean if you use an IP address checker (like googling "what's my IP" or other similar options)?

The CG-NAT address means that the ISP doesn't give you a public IP. A single public IP (well, actually banks for them) are shared among many users (much the same way as you have one address shared with all of your devices behind your router's NAT). Eventually, the traffic must egress to the internet, and in the case of your ISP, their public-facing IP is the 185.42... address you mentioned.

With CG-NAT, you will not be able to get incoming connections.

Your options are:

  1. Ask your ISP if they can give you a public IPv4 address. (this may or may not be possible and may or may not involve extra costs)
  2. Ask your ISP if they can setup port forwards to your CG-NAT address. (this is unlikely)
  3. Use IPv6, if you have it.

I forgot to mention that I get an IPv6 address
OK, I see I'll have to learn deeply IPv6. I am an retired old school never used it in LAN nor WAN.

So, I get
Prefix Delegated: with /56
Address: with /128 and another with /64

I'd guess I'll have to set the firewall with IPv6 addresses. Could you point me how to do?

BTW, do you have a good tuto link to get the knowledge?

IPv6 doesn't need port forward. You just have to allow the port 51413 to the device running the transmission. In case the prefix is dynamic, use this.


Thanks a lot.
After some reading, it looks there is a huge gap in the understanding of IP v4 vs IP v6.

Could you be more accurate in the

I think I need to know the DUID but in the OPenWRT "Static leases", only one computer has it filled although all of them are Opensuse Leap 15.5 with the stock network config.
Or you could point me to the right Howto.

Run a ip -6 addr and find the IPv6 the device has. Then add a firewall rule to allow the traffic.

1 Like