Problem with port forwarding

Hi everyone,

I have 2 MiWifi R3G, one with OpenWrt 18.06.1 and one with the original 2.25.122 firmware.

The problem I have is with the second one. Even though the original firmware is forked from OpenWrt, I'm guessing this does not count as a supported setup. Nonetheless, I don't want to migrate this one to OpenWrt, at least not yet, and I was hoping someone could still help me figure out what's wrong with my setup.

Here is the deal:

  • The WAN interface of the MIR3G is connected to a LAN port of my DSL switch/router;
  • The WAN interface is configured by a "fixed" DHCP lease from the DSL switch/router (192.168.1.75 gw 192.168.1.1);
  • I also have a HTTPS server running on 192.168.31.254;
  • The network can be summarized as follows (PUB_IP:DSL:192.168.1.1) <-----> (192.168.1.75:MIR3G:192.168.31.1) <-----> (192.168.31.254:SERVER)
  • Through the WEB management of the MIR3G, I have added a port forwarding rule, let's write it this way: 443>192.168.31.254:443

But it does not seem to work: with an additional host connected to the DSL switch/router (192.168.1.172) I cannot connect to https://192.168.1.75:443

If I wireshark both ends of the connection, I can see that the SYN packet emitted by 192.168.1.172 does indeed reach 192.168.31.254 on port 443, but the SYN/ACK packet 192.168.31.254 replies with never reach 192.168.1.172.

So, if I take a look at the NAT iptable on the MIR3G, here are the interesting lines:

Chain zone_lan_postrouting (1 references)
target     prot opt source               destination         
postrouting_lan_rule  all  --  anywhere             anywhere             /* user chain for postrouting */
SNAT       tcp  --  192.168.31.0/24      192.168.31.254       tcp dpt:https /* ssl_proxy (reflection) */ to:192.168.31.1

Chain zone_lan_prerouting (1 references)
target     prot opt source               destination         
parentalctl_nat  all  --  anywhere             anywhere            
prerouting_lan_rule  all  --  anywhere             anywhere             /* user chain for prerouting */
REDIRECT   tcp  --  anywhere             198.51.100.9         tcp dpt:www /* nxdomain */ redir ports 8190
DNAT       tcp  --  192.168.31.0/24      192.168.1.75         tcp dpt:https /* ssl_proxy (reflection) */ to:192.168.31.254:443

Chain zone_wan_postrouting (1 references)
target     prot opt source               destination         
postrouting_wan_rule  all  --  anywhere             anywhere             /* user chain for postrouting */
MASQUERADE  all  --  anywhere             anywhere            

Chain zone_wan_prerouting (1 references)
target     prot opt source               destination         
MINIUPNPD  all  --  anywhere             anywhere            
prerouting_wan_rule  all  --  anywhere             anywhere             /* user chain for prerouting */
DNAT       tcp  --  anywhere             anywhere             tcp dpt:https /* ssl_proxy */ to:192.168.31.254:443

Any idea about what's wrong ?

Thanks,
Regards,
Thomas M.

Well, I found where the problem lies in and it is not with the port forwarding rules. (but I haven't found a solution yet). I'll open a dedicated thread with more details.

Thomas M.

Is it in the firewall settings for wan port forwarding ? Please link the new thread here I am interested in the topic (meaning could help me to learn a little bit more on openwrt) thanks

@Pippo
The new topic: Port forward problem with relayd

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.