I'm trying to setup a port forward, but I am really stuck.
I want WAN port 553 -> 192.168.1.2 553
To make sure that the server is running and accepting connections, I did the following.
> nc -v -v 192.168.1.2 553
Connection to 192.168.1.2 553 port [tcp/*] succeeded!
Try to connect through WAN
> nc -v -v {wan_ip} 553
nc: connect to {wan_ip} port 553 (tcp) failed: Connection timed out
Also tried an open port checker tool --> http://canyouseeme.org/
I've tried about 900 different firewall configurations, but here is the current state /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option drop_invalid '1'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option network 'lan'
option forward 'REJECT'
config zone
option name 'wan'
option output 'ACCEPT'
option masq '1'
option forward 'ACCEPT'
option log '1'
option network 'wan wan6'
option mtu_fix '1'
option input 'REJECT'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option src_dport '553'
option dest_ip '192.168.1.2'
option dest_port '553'
option proto 'tcp udp'
option name 'Allow Web Server'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option name 'guest'
option input 'ACCEPT'
option output 'ACCEPT'
option network 'Guest'
option forward 'REJECT'
config forwarding
option dest 'wan'
option src 'guest'
config forwarding
option dest 'wan'
option src 'lan'
config forwarding
option dest 'lan'
option src 'wan'
Also, is there anyway to monitor the firewall rules to see which rule is stopping a specific packet? I don't see anything when I run logread -f
that shows 192.168.1.2
or port 553
Thanks in advance for the help, I really appreciate it.