Hello everyone and welcome to my topic
lately i tried to forward several ports such as ssh 22 and 21 ftp but i had problem that is the only port that is forward is the 1st in the list 
like in this case only 22 is forwarded and when i put 21 in top of list it got forwarded too
any help with this PLZ
You should specify the incoming port also, even if it matches the port on the local computer; otherwise, you are forwarding all incoming connections on the first rule.
1 Like
You really don't want to forward the default ports to LAN, as you will end up with thousands of attempted connections a day.
- For SSH, forward an arbitrary WAN port to 22 LAN
- The higher the WAN side port, the better, as port scanners won't scan all 65,535 ports.
Choose a port that's >10,000 and is not on this list. For example:
/etc/config/firewallconfig redirect option target 'DNAT' option family 'ipv4' option proto 'tcp' option src 'wan' option src_dport 37476 option dest 'lan' option dest_port 22 option dest_ip 192.168.1.1 option name 'Allow Redirect WAN -> LAN (SSH)'
- The higher the WAN side port, the better, as port scanners won't scan all 65,535 ports.
- Same with FTP, albeit I'd ensure FTP is secured before opening it to WAN side connections.
Thanks for ur answer but in a normal router i just choose the port and it worked
also i wont know the incoming port cuz it is chosen randomly thats why i leave it any port
i will try this config when i get home but as i said i wont know the src_port
by the way i also want to forward SIP port which it 5060
option src_dport 37476 is not the source port, it's the source destination port.
so i chose it randomly too
and in the dest_ip i put my @ip
Thank you for ur answers and i will keep u posted when i get home