Hi,
I have configured the port forwarding.
These are the only setting I changed
Changed FORWARD traffic to accept but this didn't help.
cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option flow_offloading '1'
option flow_offloading_hw '1'
option forward 'ACCEPT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config redirect
option dest_port '8080'
option src 'wan'
option name 'System1_GUI'
option src_dport '28xxx'
option target 'DNAT'
option dest 'lan'
option dest_ip '192.168.1.xxx'
list proto 'tcp'
config redirect
option dest_port '22'
option src 'wan'
option name 'System1_SSH'
option src_dport '22xxx'
option target 'DNAT'
option dest_ip '192.168.1.251'
option dest 'lan'
list proto 'tcp'
config redirect
option dest_port '8080'
option src 'wan'
option name 'System2_GUI'
option src_dport '28xxx'
option target 'DNAT'
option dest_ip '192.168.1.xxx'
option dest 'lan'
list proto 'tcp'
config redirect
option dest_port '22'
option src 'wan'
option name 'System2_SSH'
option src_dport '22xxx'
option target 'DNAT'
option dest_ip '192.168.1.200'
option dest 'lan'
list proto 'tcp'
I see that some packets are being forwarded but still I cannot connect with SSH.
8 416 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22xxx /* !fw3: System_SSH */ to:192.168.1.xx:22
I have connected locally just fine.
Is there anything missing in the configuration?
Best regards