Hello All,
i upgraded from OpenWrt (Barrier Breaker - 14.07) to LEDE Reboot 17.01.4 r3560-79f57e422d / LuCI lede-17.01 branch (git-17.290.79498-d3f0685)
Before upgrading all my port forwarding worked. Now they do not. Unsure as to why not.
Here is the rule as it appears in the config file. (note that I only used Luci to configure the rules and have never made any changes via ssh)
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan2'
option proto 'tcp udp'
option src_dport '35002'
option dest_port '80'
option name ' PacRim-HTTP'
option dest_ip '192.168.15.19'
My WAN side IP is 192.168.0.16
When I use a computer on the LAN side of my router and try http://192.168.0.16:35002 the expected connection is made.
When I use a computer on the WAN side of my router I am unable to make the connection.
I have no idea why at this point so if someone could help me out here I would be very happy.
Here is my complete configuration:
root@Home:~# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option name 'lan1'
option network 'lan_1'
option family 'ipv4'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
option log '1'
config forwarding
option dest 'wan'
option src 'lan1'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option input 'ACCEPT'
option output 'ACCEPT'
option name 'lan2'
option network 'lan_2'
option forward 'REJECT'
config forwarding
option dest 'wan'
option src 'lan2'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan2'
option src_dport '35001'
option dest_port '35001'
option name ' PacRim-UDP '
option proto 'udp'
option dest_ip '192.168.15.19'
config redirect
option target 'DNAT'
option proto 'tcp'
option src_dport '35000'
option dest_port '35000'
option name ' PacRim-TCP '
option src 'wan'
option dest 'lan2'
option dest_ip '192.168.15.19'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan2'
option proto 'tcp udp'
option src_dport '35002'
option dest_port '80'
option name ' PacRim-HTTP'
option dest_ip '192.168.15.19'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan2'
option proto 'tcp udp'
option src_dport '35003'
option dest_port '443'
option name ' PacRim-HTTPS'
option dest_ip '192.168.15.19'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan2'
option proto 'tcp'
option src_dport '35004'
option dest_port '554'
option name ' PacRim-RTSP '
option dest_ip '192.168.15.19'