I hae a TL MR6400 running LEDE the DMZ from LTE module (inside modem) won’t work properly and incoming connections are never made. They idea port forwarding won't work since i want to port forward from my LTE static IP to the internal lan 192.168.1.0/24.
Internal LAN: 192.168.1.1/24
LTE Modem internal IP: 192.168.0.1/24
Static IP for WAN: 192.168.0.100
Static LTE IP: 10.100.25.140
How i can make it work if i type on the internet 10.100.25.140:8014 it will forward the rule to 192.168.1.60:8014
I know how to create port forwarding. WIll bridge between lan and wan work?
If you're using your router as a WAN facing router (i.e. Cable/DSL modem connected to WAN [internet] port on the router), then LAN and WAN should never be bridged.
If the only WAN connection you have is the LTE modem, and the router's WAN port is not being utilized, you could bridge the CPUs eth0 & eth1 (if dual interface CPU) and configure the vSwitch to place all vLANs under the LAN interface.
I've never used cellular modem on my routers, but I don't believe you should be running a DMZ for that type of connection
I could very well be wrong about the above, however a DMZ removes all control, and protection, from the router's firewall for the DMZ... for all intents and purposes, traffic within the DMZ has unfettered access to anything within the DMZ.
Majority of consumers have nothing in their configuration or environment requiring a DMZ
Why does your LTE modem have a second RFC1918 static IP on the router [192.168.0.1/24]?
Again, I could very well be wrong because I've never used a cellular modem on my router, but I'd assume the LTE modem should be configured the same way in OpenWrt as a traditional Cable/DSL modem.
I.E. it should be configured as a WAN network without the 192.168.0.0/24 subnet.
Either way, please post the following:
/etc/config/dhcp
/etc/config/firewall
Please mask/change all WAN forwarding ports being used for services such as SSH, VPN, etc. when posting
You don't have a public IP. A 10.x.x.x address is a private IP from the phone company. Their router is going to block incoming connections. In other words you're already being NATted on the company's side of the LTE link, and other than getting them to reconfigure their network, there is nothing you can do.
So the service type you have will never allow incoming connections from the Internet. This is common on 3G / LTE.
This issue has been reported by me here, the MR6400 have an LTE module running android, when you flash LEDE/OpenWrt LTE module still uses its own firmware.
With stock firmware on the router there's no problems with incoming connections, but with LEDE, the incoming connections never reach WAN interface on the router side. (probably because DMZ on LTE firmware not set properly).
As I said in that post, I ran tcpdump on the router side and on LTE module using adb shell (more info). The LTE always receives the incoming connection requests, but they never reach WAN interface on the router side. Conclusion, even if you set port forwards properly on the router side, there will be no incoming connections to forward from WAN to LAN.
Can you log into the module's web page? The stock router firmware may have been doing something to configure the module that would need to be done manually with OpenWrt.
As far as the router is concerned the module is merely a USB device-- even though it is plugged into a PCIe slot, the electrical interface is USB. And the modules always have closed firmware. Sometimes the phone company pushes new firmware.
Yes i can access the module web interface but there is no much settings to change. It has her own dhcp 192.168.0.1/24. What if i changed the whole module i plugged another wireless card (another model) to the pci it will work? If yes bow i can configure the new module. Because i have a sierrra wireless module i can test it
Well what i do, i removed the wireless module (3g/4g) and replaced it with another one. And open wrt worked fine for me. I spent 3 months of testing and trying.