Problem when using port forwarding on OpenWrt while client same ip segment

I have configured port forwarding from ip 192.168.120.124 with port 5774 to ip_public_158 with port 5774, the problem I get is when a client from the same ip segment (or under the openwrt router) accesses the domain from ip_public_158 with port 5774 it can't, while access from outside the router can.

Arch : x86/64
firmware : 22.03.2 r19803-9a599fee93 / LuCI openwrt-22.03 branch git-23.093.57104-ce20b4a

some config
ip_public_158 (103.x.x.x with domain)
wan (192.168.x.x)
wan_2 (192.168.x.x)
loadbalance (wan & wan_2)
lan ip (192.168.120.0/24)

I have the following topology this one

image880×400 14.9 KB

config zone
firewall.@zone[4]=zone
firewall.@zone[4].output='ACCEPT'
firewall.@zone[4].name='ip_158'
firewall.@zone[4].input='ACCEPT'
firewall.@zone[4].device='eth2.10'
firewall.@zone[4].log='1'
firewall.@zone[4].forward='REJECT'
firewall.@zone[4].mtu_fix='1'
firewall.@zone[4].family='ipv4'
firewall.@zone[4].network='ip_public_158'

config port forwarding
firewall.@redirect[10]=redirect
firewall.@redirect[10].target='DNAT'
firewall.@redirect[10].name='web<>public'
firewall.@redirect[10].src='ip_158'
firewall.@redirect[10].src_dport='5774'
firewall.@redirect[10].dest_port='5774'
firewall.@redirect[10].dest='lan'
firewall.@redirect[10].dest_ip='192.168.120.124'
firewall.@redirect[10].proto='tcp'
firewall.@redirect[10].reflection='1'

while access on same ip segment with domain ip_public_158

while access outside router with domain ip_public_158

if they're on the same subnet, the traffic isn't going via the firewall.

but client access web using domain on ip_public_158..
if i access directly using ip 192.168.120.124:5774, ya it can. the problem is, user cannot access port 5774 on ip_public_158 while same subnet or under router openwrt

then you need to make sure your FQDN resolves to 192.168.120.124 when queried from within the network.

FQDN only use for domain openwrt.
already query when access only domain without port.

user when under router or outside router

apk.xx.id to openwrt
apk.xx.id:5774 to web 192.168.120.124

problem
while access on same ip segment with domain ip_public_158 to port 5774

while access outside router with domain ip_public_158 to port 5774

you might want to reread my answers, and understand them ...

if you have a port redirection done in the fw, it won't work for the internal traffic.
because of Problem when using port forwarding on OpenWrt while client same ip segment - #2 by frollic

not if the traffic is internal.

so how to fix that?, using reflection=1 still can't

Problem when using port forwarding on openwrt while client same ip segment - #4 by frollic and you can drop the fw rule.

same.. and user on outside cannot access

what "same" ?

the change you just made have nothing to do with the external access.

Are you sure the firewall on the machine hosting the website is configured to allow the traffic? Can you turn it off temporarily?

oh my bad, i just remove on redirect, and i no have traffic rules.

image992×395 12.8 KB

still cannot access while user access on under router with domain or ip on port 5774

firewall on web 192.168.120.124 already off and allow traffic.. and it can access on client using direct access with ip.

As frollic said

So internally when clients goto the website, they'll access it by the 192 IP instead of the external IP

you could also try a fw rule, catching calls towards the public IP, and redirect them to the 192 IP.
not 100% sure it'll work though, since the public IP sits on the same device.

hmm okeoke it fix the problem for now with one device if want to redirect, but multiple device forward will need multiple domain too.

I think I'll make another router using docker specifically for handling port forwarding

won't change anything for your LAN devices, as long they've on the same subnet...

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.