I tried that and it done nothing
(iptables-save -c -t nat | grep DNAT)
I tried that and it done nothing
(iptables-save -c -t nat | grep DNAT)
You are supposed to create port forwarding rules aka redirects.
Currently you have none.
I removed everything I done, then I created this post,
Everything I been doing is on web interface. However trendy assisted me with SSH,
So what do you mean by redirects ?
config redirect
option dest_port '1935'
option src 'wan'
option name 'Test'
option src_dport '1935'
option target 'DNAT'
option dest 'lan'
list proto 'tcp'
config redirect
option dest_port '3478'
option src 'wan'
option name 'Test2'
option src_dport '3478'
option target 'DNAT'
option dest 'lan'
list proto 'tcp'
config redirect
option dest_port '3479'
option src 'wan'
option name 'Test 3'
option src_dport '3479'
option target 'DNAT'
option dest 'lan'
list proto 'tcp'
config redirect
option dest_port '10070'
option src 'wan'
option name 'Test 4'
option src_dport '10070'
option target 'DNAT'
option dest 'lan'
So I have opened ports, but router is still blocking them from when I test them via port checker
I am curious to know, it’s there a different protocol for opening ports for the wan side or not ?
In theory lan side ports open, but if wan side was rejecting them as to speak via firewall settings then this could be my issue, other than that, must be a software bug poetentiallly ?
Even with LAN IP address assigned iTs Same issue!
Check port opening from the internet and post the output:
Do i just input this into ssh ?
Yes, like that.
When I do this through ssh, nothing happens
uci export firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option synflood_protect '1'
option flow_offloading '1'
option flow_offloading_hw '1'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
option family 'ipv4'
config zone
option name 'wan'
option output 'ACCEPT'
option mtu_fix '1'
option network 'wan'
option input 'REJECT'
option forward 'REJECT'
option masq '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config redirect
option dest_port '1935'
option src 'wan'
option name 'Test'
option src_dport '1935'
option target 'DNAT'
option dest 'lan'
list proto 'tcp'
config redirect
option dest_port '3478'
option src 'wan'
option name 'Test2'
option src_dport '3478'
option target 'DNAT'
option dest 'lan'
list proto 'tcp'
config redirect
option dest_port '3479'
option src 'wan'
option name 'Test 3'
option src_dport '3479'
option target 'DNAT'
option dest 'lan'
list proto 'tcp'
config redirect
option dest_port '10070'
option src 'wan'
option name 'Test 4'
option src_dport '10070'
option target 'DNAT'
option dest 'lan'
list proto 'tcp'
config redirect
option dest_port '10080'
option src 'wan'
option name 'Test 5'
option src_dport '10080'
option target 'DNAT'
option dest 'lan'
list proto 'tcp'
config redirect
option dest_port '3074'
option src 'wan'
option name 'Test 6'
option src_dport '3074'
option target 'DNAT'
option dest 'lan'
list proto 'udp'
config redirect
option dest_port '3478'
option src 'wan'
option name 'Test 7'
option src_dport '3478'
option target 'DNAT'
option dest 'lan'
list proto 'udp'
config redirect
option dest_port '3479'
option src 'wan'
option name 'Test 8'
option src_dport '3479'
option target 'DNAT'
option dest 'lan'
list proto 'udp'
config redirect
option dest_port '3658'
option src 'wan'
option src_dport '3658'
option target 'DNAT'
option dest 'lan'
list proto 'udp'
option name 'Test 9'
config redirect
option dest_port '9305'
option src 'wan'
option name 'Test 10'
option src_dport '9305'
option target 'DNAT'
option dest 'lan'
list proto 'udp'
config redirect
option dest_port '9308'
option src 'wan'
option name 'Test 11'
option src_dport '9308'
option target 'DNAT'
option dest 'lan'
list proto 'udp'
config nat
option src_port '3078'
option src 'lan'
option name 'Test'
option target 'SNAT'
option snat_ip '100.66.88.180'
option dest_port '3078'
list proto 'tcp'
list proto 'udp'
Yes I know about IP for fowarding
If you know why don't you fix it?
Because like I said, even with IPs assigned, it still doesn’t change the issue,
Something is blocking the ports for the opening, When I test them via port checker and of course consoles test as well, comes back as closed/strict
Could the software potentially have a bug ? Would it be worth updating to the newest version 19.07.5 ?
Not a bug, just a pebkac.
You can add the IPs and post the iptables command we mentioned above, or you can keep wondering why it doesn't work.
Don’t know what pebkac is
root@OpenWrt:~# iptables-save -c -t nat | grep DNAT
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 100.66.88.180/32 -p tcp -m tcp --dport 1935 -m comment --comment "!fw3: Test (reflection)" -j DNAT --to-destination 192.168.1.10:1935
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 100.66.88.180/32 -p tcp -m tcp --dport 3478 -m comment --comment "!fw3: Test2 (reflection)" -j DNAT --to-destination 192.168.1.10:3478
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 100.66.88.180/32 -p tcp -m tcp --dport 3479 -m comment --comment "!fw3: Test 3 (reflection)" -j DNAT --to-destination 192.168.1.10:3479
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 100.66.88.180/32 -p tcp -m tcp --dport 10070 -m comment --comment "!fw3: Test 4 (reflection)" -j DNAT --to-destination 192.168.1.10:10070
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 100.66.88.180/32 -p tcp -m tcp --dport 10080 -m comment --comment "!fw3: Test 5 (reflection)" -j DNAT --to-destination 192.168.1.10:10080
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 100.66.88.180/32 -p udp -m udp --dport 3074 -m comment --comment "!fw3: Test 6 (reflection)" -j DNAT --to-destination 192.168.1.10:3074
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 100.66.88.180/32 -p udp -m udp --dport 3478 -m comment --comment "!fw3: Test 7 (reflection)" -j DNAT --to-destination 192.168.1.10:3478
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 100.66.88.180/32 -p udp -m udp --dport 3479 -m comment --comment "!fw3: Test 8 (reflection)" -j DNAT --to-destination 192.168.1.10:3479
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 100.66.88.180/32 -p udp -m udp --dport 3658 -m comment --comment "!fw3: Test 9 (reflection)" -j DNAT --to-destination 192.168.1.10:3658
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 100.66.88.180/32 -p udp -m udp --dport 9305 -m comment --comment "!fw3: Test 10 (reflection)" -j DNAT --to-destination 192.168.1.10:9305
[0:0] -A zone_lan_prerouting -s 192.168.1.0/24 -d 100.66.88.180/32 -p udp -m udp --dport 9308 -m comment --comment "!fw3: Test 11 (reflection)" -j DNAT --to-destination 192.168.1.10:9308
[0:0] -A zone_wan_prerouting -p tcp -m tcp --dport 1935 -m comment --comment "!fw3: Test" -j DNAT --to-destination 192.168.1.10:1935
[0:0] -A zone_wan_prerouting -p tcp -m tcp --dport 3478 -m comment --comment "!fw3: Test2" -j DNAT --to-destination 192.168.1.10:3478
[0:0] -A zone_wan_prerouting -p tcp -m tcp --dport 3479 -m comment --comment "!fw3: Test 3" -j DNAT --to-destination 192.168.1.10:3479
[0:0] -A zone_wan_prerouting -p tcp -m tcp --dport 10070 -m comment --comment "!fw3: Test 4" -j DNAT --to-destination 192.168.1.10:10070
[0:0] -A zone_wan_prerouting -p tcp -m tcp --dport 10080 -m comment --comment "!fw3: Test 5" -j DNAT --to-destination 192.168.1.10:10080
[0:0] -A zone_wan_prerouting -p udp -m udp --dport 3074 -m comment --comment "!fw3: Test 6" -j DNAT --to-destination 192.168.1.10:3074
[0:0] -A zone_wan_prerouting -p udp -m udp --dport 3478 -m comment --comment "!fw3: Test 7" -j DNAT --to-destination 192.168.1.10:3478
[0:0] -A zone_wan_prerouting -p udp -m udp --dport 3479 -m comment --comment "!fw3: Test 8" -j DNAT --to-destination 192.168.1.10:3479
[0:0] -A zone_wan_prerouting -p udp -m udp --dport 3658 -m comment --comment "!fw3: Test 9" -j DNAT --to-destination 192.168.1.10:3658
[0:0] -A zone_wan_prerouting -p udp -m udp --dport 9305 -m comment --comment "!fw3: Test 10" -j DNAT --to-destination 192.168.1.10:9305
[0:0] -A zone_wan_prerouting -p udp -m udp --dport 9308 -m comment --comment "!fw3: Test 11" -j DNAT --to-destination 192.168.1.10:9308
Zero hits everywhere, nothing reached the OpenWrt.
Either you didn't try to reach an internal server or something else is blocking you.
Nice explanation there, I told you I am not used to this system.
What do you mean by this ?
I prefer voice chat to typing to be fair...