Hi,
I have a TP-Link Archer C7 v5 with 19.07.2 r10947.
My scenario is the following:
2 distinct ISP. One is used as Primary Link, the other as Backup. They work properly with OpenWRT Load Balance ( mwan3 - 2.8.4-2 / luci-app-mwan3 - git-20.136.49537-fb2f363-1).
I am able to remote access the OpenWRT from cloud, but not the devices inside NAT.
OpenWRT is on DMZ from my both ISP routers.
That is what is occurring (sudo tcpdump -n -i any) where 192.168.15.12, and 192.168.1.1 are the OpenWRT IP Address.
Port 8443 is the external port, and 443 is the internal port.
IP 192.168.1.228 is the VM that host the application on port 443 that I intent to access from cloud.
14:11:36.142105 ethertype IPv4, IP 189.X.X.212.39856 > 192.168.15.12.8443: Flags [S], seq 710327887, win 65535, options [mss 1370,sackOK,TS val 18012707 ecr 0,nop,wscale 9], length 0
14:11:36.142105 IP 189.X.X.212.39856 > 192.168.15.12.8443: Flags [S], seq 710327887, win 65535, options [mss 1370,sackOK,TS val 18012707 ecr 0,nop,wscale 9], length 0
14:11:36.142333 IP 192.168.1.1.39856 > 192.168.1.228.443: Flags [S], seq 710327887, win 65535, options [mss 1370,sackOK,TS val 18012707 ecr 0,nop,wscale 9], length 0
14:11:36.142356 IP 192.168.1.1.39856 > 192.168.1.228.443: Flags [S], seq 710327887, win 65535, options [mss 1370,sackOK,TS val 18012707 ecr 0,nop,wscale 9], length 0
14:11:36.142365 ethertype Unknown, Unknown SSAP 0x6c > Unknown DSAP 0x64 Information, send seq 32, rcv seq 0, Flags [Command], length 56
0x0000: 646c 4000 3506 5d1a c0a8 0101 c0a8 01e4 dl@.5.].........
0x0010: 9bb0 01bb 2a56 be4f 0000 0000 a002 ffff ....*V.O........
0x0020: 62db 0000 0204 055a 0402 080a 0112 da23 b......Z.......#
0x0030: 0000 0000 0103 0309 ........
14:11:36.142616 ethertype IPv4, IP 192.168.1.228.443 > 192.168.1.1.39856: Flags [S.], seq 2939002406, ack 710327888, win 8192, options [mss 1460,nop,wscale 8,sackOK,TS val 312171 ecr 18012707], length 0
14:11:36.142616 IP 192.168.1.228.443 > 192.168.1.1.39856: Flags [S.], seq 2939002406, ack 710327888, win 8192, options [mss 1460,nop,wscale 8,sackOK,TS val 312171 ecr 18012707], length 0
Occurs that when the package arrives from VM 192.168.1.228.443 > to OpenWRT (192.168.1.1.39856) I believe iptables discard the packages, per above tcpdump.
Question. Is anyone aware if I could create an iptables rules in order to OpenWRT return to my ISP router?
I am not able to create static routes on my both ISP router, reason I am using double NAT.