TP-Link 1043ND + Ubiquity UniFi-AC


i just flashed those two devices i still had here.

I am still unsure how to set them up.

I also have a Synology 218+ and a Raspberry pi and Steam Link.

Currently I use my ISPs Modem-Router.

To replace that device, I would need to buy a modem, which is 100€.
Is there any other way to connect to my ISP directly and replacing my ISPs Router/Modem?
Is is a Vodeafone Easybox 804, I couldnt find anything about if I can flash OpenWRT onto that one too.

I have a VDSL2+ Connection with vectoring, which is why the new modem would be that expensive.

I can still use the Easybox as a Modem and add my TP-Link 1043ND as an exposed host, but I don't have any experience with that so far.
Does anyone know, if everything would work like that, so that i can open ports from my 1043ND and never have have to touch the webinterface of my ISPs Modem/Router ever again?

Is it possible wo use my Ubiquity as a WLAN-Repeater and bridge to LAN and attach my Steam Link and Raspberry Pi to this? Would i have any benefit from that?

Which ports do you have opened on your network setup?

Should I open only a openVPN-Port? Or would forwarding all my devices SSH Ports be no security issue?
Is it no problem to open my Routers Webinterface securitywise (https)?

Is it possible to have a wake-on-lan interface in the web-UI?
I know about etherwake, but this is only terminal-based.

Which packages do you use and can you recommend?


Currently no, see and

If you can get your modem into "pass-through mode" where your OpenWRT device is assigned the public IP address, then you can likely manage all your port-forwarding through OpenWRT alone. How (and if) that is done depends on your specific modem and how your ISP has (remotely) provisioned it.

This really depends on what services you expect to provide to the rest of the Internet. "As few as possible" is the conservative answer.

If you can run "wired" you'll likely have higher bandwidth and lower latency and jitter than using it as a repeater. I'd only suggest going with a repeater-based configuration if you can't run cables. Running a cable to the Ubiquity and running it as an AP is a reasonable option.

What anyone here uses will depend on how they use their device. My list is likely very different from what you might use, between my nearly exclusive use of command-line interaction and some of the hardware that my devices interact with.

On several of your questions, knowing your objectives and use cases will hep others provide suggestions.

Well I have set up my TP-Link as the Router behing my ISPs Modem as an exposed host.

This works good so far.

One problem though:

Port-forwarding I set don't seem to work.

If i manually forward a port in my ISPs Modem it works, but how can I manage my Port-forwardings through my TP-Link?
Do I need to use UPNP for this?

If you can't configure the ISP modem in "bridge" or "pass through" mode so that the TP-Link has a public IP as previously discussed, the next best workaround is to look for a "DMZ" feature and make your router the DMZ machine. That will forward all incoming ports to the router.

As I said the Router is already an exposed host = DMZ.

But I think maybe there is something else I need to configure in my Firewall setting of the Routers?
Currently my setup is:
ISP Gatway: IP:, attached to OpenWRT with IP on WAN.
LAN Interfaces have IPs 192.168.2.x
I followed this Guide:

These are my current FW settings:

Is there some Package, that I can use to forward Ports I set up in OpenWRT to the Router via UPNP?

If you value your security, UPnP shouldn't even be a consideration.

I'm not sure why you're configuring your OpenWRT box as pass-through as well -- that doesn't sound like what you need to be able to selectively forward ports on your OpenWRT's WAN to specific hosts and ports within your local network(s).

You can add custom forward rules to your firewall for the services you want to expose from other hosts. No additional packages are required.

Where do you see, that I have pass-thruogh configured and how do I remove it?

If I remove thst, it should work?

As you said you followed

all traffic that reaches the gateway will be allowed to reach the devices in the DMZ without being blocked by NAT.

There's likely something "not right" in your configuration. What you are asking for seems to be standard port forwarding, which can be easily set up either through the config files or LuCI

Well, what is wrong with my configuration?

How can I set up my network without the pass-through, so I can open Ports from OpenWRT directly?

Assuming that you've got everything being forwarded through your modem to your OpenWRT's "WAN" port, then you just need "normal" port forwarding.

Here's a couple references on how to do that:

Set up a simple test where you allow one port internal to the router.

Under System--Administration, create an additional Dropbear instance that listens on WAN to port 2200. Uncheck the "allow password login" and "allow root login" boxes. (If you don't have any public keys loaded, this means there will be no way to actually log in with this instance. Which is OK since that is not the point of the test. The port will be open, but safe from hacking.)

Under Network--Firewall, Traffic Rules, open ports on router-- open port 2200 for TCP from WAN.

Then go to a port scan site and request a scan of port 2200 on your IP. It should show port 2200 is open.

If that does not work, it is likely that your ISP is blocking some or all ports for incoming connections.