[Solved] OpenWrt behind fiber ONT

ffries · August 18, 2020, 2:36pm

Dear all,

The OpenWRT router is used as a replacement for my ISP router. The OpenWRT WAN is connected to the fiber ONT (a small device with fiber on one side and Gigabit on the other) provided by my ISP.

I opened UDP 51820 port on OpenWRT firewall

config rule
        option dest_port '51820'
        option name 'Allow-Wireguard'
        option target 'ACCEPT'
        list proto 'udp'
        option dest '*'
        option src '*'

Still, it seems that UDP 51820 port port is closed on OpenWRT router:

From the Internet, it seems that the UDP 62820 port is closed :
nmap -sU -p 51820 mabox

PORT      STATE  SERVICE
51820/udp closed unknown

From the local network, the UDP 62820 port is open ;
nmap -sU -p 51820 mabox

PORT      STATE         SERVICE
51820/udp open|filtered unknown

Does it mean that the ONT is filtering incoming access or did I miss something in OpenWRT configuration?

krazeh · August 18, 2020, 2:40pm

Change your rule to

config rule
        option target 'ACCEPT'
        option src 'wan'
        option dest_port '51820'
        option name 'Wireguard'
        option proto 'udp'

ffries · August 18, 2020, 2:45pm

Thanks, works perfectly now.

nmap -sU -p 51820 mabox
PORT      STATE         SERVICE
51820/udp open|filtered unknown

I was mislead by the "*" destination or ANY and whether firewall is part of ANY.
In LuCi we should select destination "This device".
It seems that this device is not part of ANY.

lleachii · August 18, 2020, 2:55pm

~~Whoa...are you saying nmap detects the port is opened?~~

Disregard, you're likely running default REJECT rules and not DROP.

Glad you got it working!

ffries · August 18, 2020, 4:18pm

Many thanks.

system · August 28, 2020, 4:18pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.