Port forwarding

Installing and Using OpenWrt
1

I left the firewall settings default.

Went to Network->Firewall->Port Forwards
and added my port forwards.

They don't work.

And yes I did set TCP/UDP from any host in wan etc properly just as in DD-wrt where the same settings work.

config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option src_dport '30'
option dest_ip '172.22.64.30'
option dest_port '443'
option name 'ENTRANCE'
option proto 'tcp udp'

this works on DD-wrt but not in LEDE. Any thoughts?

2

Did you test from wan or from within a lan host? Whats the output of iptables-save | grep ENTRANCE ?

3

-A zone_lan_postrouting -s 172.22.0.0/16 -d 172.22.64.30/32 -p tcp -m tcp --dport 443 -m comment --comment "!fw3: ENTRANCE (reflection)" -j SNAT --to-source 172.22.64.1
-A zone_lan_postrouting -s 172.22.0.0/16 -d 172.22.64.30/32 -p udp -m udp --dport 443 -m comment --comment "!fw3: ENTRANCE (reflection)" -j SNAT --to-source 172.22.64.1
-A zone_lan_prerouting -s 172.22.0.0/16 -d 192.168.2.2/32 -p tcp -m tcp --dport 30 -m comment --comment "!fw3: ENTRANCE (reflection)" -j DNAT --to-destination 172.22.64.30:443
-A zone_lan_prerouting -s 172.22.0.0/16 -d 192.168.2.2/32 -p udp -m udp --dport 30 -m comment --comment "!fw3: ENTRANCE (reflection)" -j DNAT --to-destination 172.22.64.30:443
-A zone_wan_prerouting -p tcp -m tcp --dport 30 -m comment --comment "!fw3: ENTRANCE" -j DNAT --to-destination 172.22.64.30:443
-A zone_wan_prerouting -p udp -m udp --dport 30 -m comment --comment "!fw3: ENTRANCE" -j DNAT --to-destination 172.22.64.30:443

4

From where do you test the port forward? Do you use masquerade?

5

Sorry!!! I should have trusted LEDE to be working perfect and myself being capable of port forwarding.

It's the Foscam camera Certificate that's not valid anymore. Valid until 7 december 2016.

And the iPhone i was using to test, kept the old certificate and thus simply refusing the connection without telling me it's the certificate. I only saw:"can't connect" since I changed everything just this week, I thought it must be my settings. But this is just a bad coincidence the foscam certificate to become outdated.

So everything works! Just had to reset my iphone certificates.

stupid iPhone not telling me the certificate isn't valid anymore and not asking me for an exception..

and stupid foscam their certificates wearing out within 12 months after my purchase.

Next time I switch from DD-WRT to LEDE i better "reset" my testing devices .. learned one more valuable lesson.

6

Thank you for sharing your conclusion and glad its working now :slight_smile:

7

And thank you for the quick response and help. It's a really nice community here at LEDE :smile: