Hi,
I apologize for the newbie question.. I am running OpenWrt 18.06.4 on my Linksys WRT3200ACM. I'd like to set up a web server to run from behind the OpenWrt firewall. I have set up the web server to respond to requests on ports 80 and 8080, and the web server responds to requests from other machines on the LAN. I used LuCI to set up port forwarding, resulting in the following two rules at the top of my /etc/config/firewall file:
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp udp'
option name 'HTTP 80'
option src_dport '80'
option dest_ip '192.168.1.100'
option dest_port '80'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp udp'
option src_dport '8080'
option name 'HTTP 8080'
option dest_ip '192.168.1.100'
option dest_port '8080'
...
From the outside world, I'm now trying to connect to the web server. What I am finding is that requests sent to port 8080 on the external IP address are being honored. But requests sent to port 80 are not getting through somehow.
Following some of the help articles, I enabled logging on rejected packets on the WAN. I'm seeing some activity there, but nothing corresponding to port 80. The only dropped packet that I see that came from the external machine (at abc.def.ghi.jkl):
Mon Dec 30 20:57:48 2019 kern.warn kernel: [182637.676888] REJECT wan in: IN=eth1 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=abc.def.ghi.jkl DST=mn.opq.rs.tuv LEN=152 TOS=0x10 PREC=0x00 TTL=56 ID=45889 DF PROTO=TCP SPT=22 DPT=49879 WINDOW=1026 RES=0x00 ACK PSH URGP=0
And I'm not seeing the packet on the internal network either. I'm seeing the 8080 packets on a tcpdump:
20:28:28.772739 IP externalipaddress.domain.com.49316 > webservermachine.lan.8080: Flags [S], seq 1542747305, win 29200, options [mss 1460,sackOK,TS val 545492952 ecr 0,nop,wscale 7], length 0
But I'm not seeing anything to webservermachine.lan.80 that's coming from the external ip address.
Some things that I don't think are related, but I wanted to mention in case it matters:
- I modified /etc/config/uhttpd to have LuCI listen on port 8080. I wanted to rule out that this was somehow interfering with the routing.
- I am running standard Adblock, HDD Idle, p910nd, watchcat, and samba services.
Thanks!
Greg