Hi everyone,
I have 2 MiWifi R3G, one with OpenWrt 18.06.1 and one with the original 2.25.122 firmware.
The problem I have is with the second one. Even though the original firmware is forked from OpenWrt, I'm guessing this does not count as a supported setup. Nonetheless, I don't want to migrate this one to OpenWrt, at least not yet, and I was hoping someone could still help me figure out what's wrong with my setup.
Here is the deal:
- The WAN interface of the MIR3G is connected to a LAN port of my DSL switch/router;
- The WAN interface is configured by a "fixed" DHCP lease from the DSL switch/router (192.168.1.75 gw 192.168.1.1);
- I also have a HTTPS server running on 192.168.31.254;
- The network can be summarized as follows (PUB_IP:DSL:192.168.1.1) <-----> (192.168.1.75:MIR3G:192.168.31.1) <-----> (192.168.31.254:SERVER)
- Through the WEB management of the MIR3G, I have added a port forwarding rule, let's write it this way: 443>192.168.31.254:443
But it does not seem to work: with an additional host connected to the DSL switch/router (192.168.1.172) I cannot connect to https://192.168.1.75:443
If I wireshark both ends of the connection, I can see that the SYN packet emitted by 192.168.1.172 does indeed reach 192.168.31.254 on port 443, but the SYN/ACK packet 192.168.31.254 replies with never reach 192.168.1.172.
So, if I take a look at the NAT iptable on the MIR3G, here are the interesting lines:
Chain zone_lan_postrouting (1 references)
target prot opt source destination
postrouting_lan_rule all -- anywhere anywhere /* user chain for postrouting */
SNAT tcp -- 192.168.31.0/24 192.168.31.254 tcp dpt:https /* ssl_proxy (reflection) */ to:192.168.31.1
Chain zone_lan_prerouting (1 references)
target prot opt source destination
parentalctl_nat all -- anywhere anywhere
prerouting_lan_rule all -- anywhere anywhere /* user chain for prerouting */
REDIRECT tcp -- anywhere 198.51.100.9 tcp dpt:www /* nxdomain */ redir ports 8190
DNAT tcp -- 192.168.31.0/24 192.168.1.75 tcp dpt:https /* ssl_proxy (reflection) */ to:192.168.31.254:443
Chain zone_wan_postrouting (1 references)
target prot opt source destination
postrouting_wan_rule all -- anywhere anywhere /* user chain for postrouting */
MASQUERADE all -- anywhere anywhere
Chain zone_wan_prerouting (1 references)
target prot opt source destination
MINIUPNPD all -- anywhere anywhere
prerouting_wan_rule all -- anywhere anywhere /* user chain for prerouting */
DNAT tcp -- anywhere anywhere tcp dpt:https /* ssl_proxy */ to:192.168.31.254:443
Any idea about what's wrong ?
Thanks,
Regards,
Thomas M.