Hello everyone,
I switched my router from an Archer D2 to an AC1750 with OpenWRT, and I had several ports open for nginx proxy, vpn, and jitsi. I'm having issues opening the ports for the latter as it worked fine with the old router with the TPLink firmware, here is a screenshot of the list:
However once I switched to OpenWRT on the new router, the only ports that wouldnt work are jitsi ports 10000 and 4443. Opening the jitsi server from outside the network works for the website but not for the audio/video, while it worked just fine on the older router so I assumed it's a configuration issue on my part with OpenWRT.
Here are my configurations:
/etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdfa:95d3:fb1f::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.0.1'
config interface 'wan'
option device 'eth0.2'
option proto 'pppoe'
option username 'username'
option password 'password'
option ipv6 'auto'
config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 6t'
/etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option input 'REJECT'
option forward 'REJECT'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled '0'
config include
option path '/etc/firewall.user'
config redirect
option target 'DNAT'
option name 'Jitsi10000'
option src_dport '10000'
option dest_ip '192.168.0.40'
option dest_port '10000'
list proto 'udp'
option src 'wan'
option dest 'lan'
config redirect
option target 'DNAT'
option name 'JitsiComVidAudTCP'
option src 'wan'
option dest 'lan'
option dest_ip '192.168.0.40'
option src_dport '4443'
option dest_port '4443'
list proto 'tcp'
config redirect
option target 'DNAT'
option src 'wan'
option src_dport '80'
option dest 'lan'
option dest_ip '192.168.0.26'
option dest_port '80'
option name 'NginxProxyHttp'
config redirect
option target 'DNAT'
option src 'wan'
option src_dport '443'
option dest 'lan'
option dest_ip '192.168.0.26'
option dest_port '443'
option name 'NginxProxyHttps'
config redirect
option target 'DNAT'
option name 'HomeWG-pve'
list proto 'udp'
option src 'wan'
option src_dport '51820'
option dest 'lan'
option dest_ip '192.168.0.25'
option dest_port '51820'
OpenWRT: OpenWrt 21.02.0 r16279-5cc0535800
Everything has been configured through Luci
[SOLVED]
ok solved, had to make Traffic rules to allow traffic from WAN to LAN (192.168.0.40) on those ports with ACCEPT
