[SOLVED]Port forwarding issues

Hi, Been struggling this weekend with port forwarding set up on my mesh.
I need plex to work but also tested it on something random (uptime kuma)

So I did the mesh, disabled the firewall on the second router, on the second router, connected to a lan port I have my server, and on it I have a proxmox hyper visor, with an LXC container running a docker with plex.

So it's a bit complex but it use to work 100% so I think the issue is on openwrt.

Maybe my first question should be...is it enough to set up the port forwarding on the main router only?
The video I saw advised to disable the firewall and the wifi interfaces on the secondary router but not sure if I should have done that....
So I only have LAN on router 2.
All the VM's and host are getting DHCP ip addresses fine.

or....maybe I need to port forward to router 2 instead of the plex vm?

IF your second router is a layer 2 bridge it doesn't need to port forward as the LAN network exists on the main router. Basically if the main router is the router for the server's subnet (it holds an IP on that network) it is not a separate network so no need to forward.

The hypervisor network should be bridged, not routed, so a direct IP connection can be made in either direction in or out of the VM. Configuring that is outside the scope of this forum.

So if I understand correctly....everything is set up ok on the OPENWRT side?
I also enable upnp but its just stays empty and nothing is being added to it.

quick test that I also tried, I installed transmission on my PC (that is just connected to the mesh via wifi)
enable upnp and its still not coming up on the router....I am using luci-app-upnp

You can easily verify if the port forwarding on OpenWrt works by looking at the hit counter for the particular port forward on the Status/Firewall page in Luci. If the counter is 0 then no packets arrived, or you have something wrong in the classification options. If there are hits, then the packets were forwarded and you should look at the container why it is not working.

1 Like

counter is 0
Do I need to also open the port on the firewall?

I mean in traffic rules?

No. Only the single rule is needed. A forward from wan means that incoming packets will be received and forwarded.

Run tcpdump on the wan interface to see if the ISP is letting the port through. Of course it is necessary that your Internet connection is no CGNAT. The wan IP in the main must be the same IP that is reported by "what's my IP" test sites.

2 Likes

Hi

maybe you should check your public WAN IP ?
http://checkip.dyndns.org/
is it same as address on your WAN port ?

1 Like

Ok let me check....not sure why it would be different but maybe thats the reason.
Could it be related to IPv6?I think my ISP is adding support for IPV6 and I am seeing some ipv6 addresses, I also enabled ipv6 on my DHCP....but still not 100% sure how to work with it.

Many ISPs implement CGNAT for IPv4 addresses. Customers of those ISPs have much less control over permitting inbound traffic than customers of ISPs which provide real public IP addresses.

2 Likes

Ok wow...not the same!
how is it even possible?
and how do I fix it?

ok I see thanks!
Let me contact my ISP.

CGNAT I assume it's the same as me natting my internal 192.168 range at home?

That's exactly it, but it's done by the ISP, not by the customer.

1 Like

Your ISP might provide a public IP address on request (some do). If your ISP is one which does provide a public IP address on request, there might be a small charge. That's between you and your ISP.

1 Like

the ISP is busy moving me back to the public pool, i'll update once I have success.
Really need to start looking at IPV6....

Success, thanks everyone!
ISP sorted it out quickly and free....but I spent the whole weekend looking at firewall rules!
:frowning:

4 Likes

Hi

if your issue is solved, please mark answer/topic

2 Likes