Portforwarding: internet modem/router -> OpenWrt -> webserver

Installing and Using OpenWrt Network and Wireless Configuration
1

Hi!

I have been hosting some web services on a subdomain on digital ocean that forwarded requests to my home IP address.

This was handled by a Speedport W 724V modem/router and worked pretty well. But since it's a modem specific to my internet service provider I wanted to put a Raspbeery Pi with OpenWRT inbetween so I can take my network setup with me when I move.

Before my setup was as follows:

https://homeserver.domain.com -> ISP modem -> Home Server

Now, what I would like to do is:
https://homeserver.domain.com -> ISP modem -> OpenWRT -> Home Server

I have forwarded basically all ports to OpenWRT apart from some ports needed by the ISP for modem configuration.

And in OpenWRT I have added this to the firewall config
image

But it doesn't seem to work.
Is there anything else I can do to make it forward the port correctly?

Speedport configs: https://imgur.com/a/0LYMQTP

Thank you!

2

What's the WAN IP on the OpenWrt?"

3

WAN (eth1)

**Protocol:** DHCP client
**IPv4:** 192.168.2.137/24

LAN(br-lan)

**Protocol:** Static address
**IPv4:** 192.168.1.1/24

The ISP modem resides on 192.168.2.1

1 Like
4

The modem is also serving as a router. By adding the OpenWrt router you have created a double-NAT situation.

You must first setup port forwarding in your ISP modem+router to point to the OpenWrt router (192.168.2.137) -- this can be done as a targeted port forwarding (i.e. port 80 and/or 443 for your webserver), or you can sometimes do what is typically called "DMZ" where you basically forward all ports to your OpenWrt router's WAN. Then you create port forwarding rules in the OpenWrt router to point to your actual server.

If you can set the ISP modem+router into a bridge mode, it will simply pass the public IP to the WAN of your OpenWrt router and that is easier.

4 Likes
5

Thanks! Unfortunately my ISP router does not allow a DMZ but I forwarded all ports with the exception of a few needed for ISP configuration.

I think the error that I made before was not to forward 443 but you reminded me of that and now it works.

So thanks again for the help. Much appreciated!

6

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.