I have recently got a td-lte connectiona that has an outdoor modem that give a ethernet cable output and I connect that to the wan portmy linksys openwrt-installed router. but this has make port forwardinf an issue.
I think either the modem(td-lte model router) is broken insternally(doesnt actually port forward) or it is because of different subnet that exist on my network.
the modem-router connection has a 192.168.0.0/24 subnet with modem as a dhcp server and openwrt router as a client (or with static ip) with both on the 192.168.0.0/24 subnet that is configued in the modem.
but the openwrt router and its own lan clients have the 192.168.1.0/24 subnet.
my guess is that ssh is blocked somehow because of wan-->lan side?
or maybe subnets?
also I have noticed that modem has ssh running on it but I dont have access to it (cpe equipment that is the isp owned) and also when the ssh failior is with a connection refused that happens very fast. when i connect from my lan side to internet (with dynamic dns) and I have tried with my phone and 4g internet to connect to it and that didnt work also.
so ro wrap it up I have this config
tlde-modem-router ------> linksys router ---->> local lan clients.
I dont think this is anything to the lan side on openwrt that served other clients. I am just trying to connect to ssh server on openwrt from outside home and that worked before with adsl modem that was bridged (so no portforwding needed on modem)
OpenWrt doesn’t block outbound (lan > wan) connections by default. unless you have added firewall rules, connecting to devices upstream of your openwrt router shouldn’t be an issue.
Your LTE ISP might not allow you to connect to the ssh server on the modem/router. And if you’re trying to forward inbound ssh connections, this may not be possible If the carrier is using CG-NAT.
I was able to ssh from outside home with 4G network to my home when I have adsl and I had bridged the adsl modem to openwrt router so that packet directly hit router ssh server and it worked.
but now I have a td-lte modem/router that just gives a lan output that I insert in wan port of openwrt router.
and the modem has a port forward feature but I think because the subnet of modem and openwrt router are different the port forwarding doesnt work.( i think that is the issue but I am not sure).
I am trying to ssh to my openwrt router frmo outside home and because the modem itself has an ssh that I cant access (user and pass are not given to me and it is isp owned so when I ssh on my public ip I get the modem that I cant login into ) I am trying to ssh on another port that would be forwarded from modem to my router.
that is port forwarding right?
even if I change my openwrt ssh server port to another than 22 ,say 2222, still if I ssh on that port from internet then it would hit td-lte modem first and because no ssh server are on than port it would reject it so I have to forward that port to my openwrt router.and I have done that on modem.
but it doesnt seem to work.
You need to set up port forwarding on the lte modem/router first. So you need to start by figuring out if it is possible to configure that device to do port forwarding - if not, you have no way to do what you want. Even if you can setup port forwarding, if the isp uses cg-nat, it will be impossible since you might not have a normal public IP address
I did do port forwarding on that modem.
and as I said twice the modem is reachable from internet and I can even try to ssh to itself from the internet (which I dont have the password to).
If the modem is responding to SSH connections from outside, then it is not forwarding the port to the router.
Perhaps you need to use a different port, but I would try to put the modem in a bridged / transparent / DMZ configuration, so the router has a direct connection to the internet.
please read the my posts before answering.
I did say that I have changed the ssh port for openwrt
and also I cant put that in bridge mode as I said in my post because I cant change its setting (it is isp owned)
for next person that reads this and tries to answer please read the others posts first.