[SOLVED] Help on firewall setting through another router

Hi All,

I need Your help to get a working firewall setting which I'm struggling on.

  • my domestic lan is connected to a wrt3200acm running the latest openwrt ( running mwan3.
  • I've set as a WAN another router running LEDE 17.01.7 (
  • The LEDE router uses as a WAN a smartphone by usb tethering (
  • On the smartphone there is a webcam app accessible at port 7777.

In my previous setup the smartphone were connected as wan to the linksys and the webcam were accessible from any device in the domestic lan directly to

Now I tried several setting but I'm not able to reach the port 7777 from LAN now.
Since I'm able to reach the LEDE luci interface from any pc of the domestic LAN I tried setting port forwarding on LEDE from any pc on lan:7777 (the lan of the LEDE is actually the linksys) to but it doesn't work. Any suggestion?


Why are you running mwan3? Is there a second wan connection?
If so, have you configured mwan3 to send the packets towards via the other router?
Are you applying masquerade on both uplinks?

1 Like


I have 4 wan connected in load balancing to the linksys: 1 x fttc + 1 x usb_cdc_ether (4g router) + 2 x usb_rndis (2 android smartphones in usb tethering).
there were some performance issues and conflicts on having 2 x rndis active at the same time that forced me to use another router as wan where I connected the second rndis device.
I made a basic schematics:

What I'm trying to do is enabling a port forwarding on a5-V11 router (running LEDE) so the devices on LAN/WLAN can connect to port 7777 opened on android phone 2.

It's not so much as running two instances of rndis, but that both smartphones have the same IP address ( This is, as you would expect, a problem since IP4 routing is based on having unique addresses and subnets.

Requests for the camera have to go to the remote smartphone ( via, and not the local smartphone which exists locally on the main Linksys router.

As you were thinking, inside the A5 router it might work to forward port 7777 of to (since the A5 doesn't know about the other smartphone). Then access the camera as I have never tried that other than as a forward back through NAT, which is not the case here.

Try enabling masquerade on the lan zone. That is ordinarily a pointless thing to do, since no traffic will originate from the wan zone into the lan, but it might get the tables set up so that a port forward works.

1 Like

I found a way:

I added this

iptables -t nat -A PREROUTING -p tcp --dport 7777 -j DNAT --to-destination
iptables -t nat -A POSTROUTING -p tcp -d -p tcp --dport 7777 -j SNAT --to-source

as a custom rules in a5-V11 lede router.

Thanks all

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.