Topic: HELP! WNDR3700v4 Port Fowarding / UPnP & NAND Flash Problems

The content of this topic has been archived on 29 Mar 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Page 1 of 1

Post #1

billychow

26 Oct 2014, 10:19

Hello everyone!

I just installed latest BB from official download.

Linux version 3.10.49 (bb@builder1) (gcc version 4.8.3 (OpenWrt/Linaro GCC 4.8-2014.04 r42625) ) #3 Wed Oct 1 14:09:48 CEST 2014

Everything works fine except for...

1. I found rootfs only used 14M nand flash instead of 128M, but it's not very important to me...
2. port fowarding doesn't work (including UPnP). Does anyone have similar issue?

This is my firewall configuration:
/etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan wan6'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fe80::/10'
        option src_port '547'
        option dest_ip 'fe80::/10'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option src_dport '7789'
        option dest_ip '192.168.7.160'
        option dest_port '3389'
        option name 'MXCORE_RDP'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option src_dport '8080'
        option dest_ip '192.168.7.160'
        option dest_port '80'
        option name 'MXCORE_WEB'
        option enabled '0'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option src_dport '9092'
        option dest_ip '192.168.7.160'
        option dest_port '9092'
        option name 'MXCORE_UT'

config include 'miniupnpd'
        option type 'script'
        option path '/usr/share/miniupnpd/firewall.include'
        option family 'any'
        option reload '1'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option src_dport '26373'
        option dest_ip '192.168.7.160'
        option dest_port '26373'
        option name 'MXCORE_EDK'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'udp'
        option src_dport '49018'
        option dest_ip '192.168.7.160'
        option dest_port '49018'
        option name 'MXCORE_EDK2'

EDIT: add iptables info...

root@OpenWrt:~# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 89 packets, 5578 bytes)
 pkts bytes target     prot opt in     out     source               destination
   90  5618 delegate_prerouting  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain INPUT (policy ACCEPT 40 packets, 2877 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 151 packets, 7515 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 3 packets, 984 bytes)
 pkts bytes target     prot opt in     out     source               destination
  199 10087 delegate_postrouting  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain MINIUPNPD (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain delegate_postrouting (1 references)
 pkts bytes target     prot opt in     out     source               destination
  199 10087 postrouting_rule  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* user chain for postrouting */
    3   984 zone_lan_postrouting  all  --  *      br-lan  0.0.0.0/0            0.0.0.0/0
  196  9103 zone_wan_postrouting  all  --  *      pppoe-wan  0.0.0.0/0            0.0.0.0/0

Chain delegate_prerouting (1 references)
 pkts bytes target     prot opt in     out     source               destination
   90  5618 prerouting_rule  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* user chain for prerouting */
   60  4386 zone_lan_prerouting  all  --  br-lan *       0.0.0.0/0            0.0.0.0/0
   30  1232 zone_wan_prerouting  all  --  pppoe-wan *       0.0.0.0/0            0.0.0.0/0

Chain postrouting_lan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain postrouting_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain postrouting_wan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain prerouting_lan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain prerouting_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain prerouting_wan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain zone_lan_postrouting (1 references)
 pkts bytes target     prot opt in     out     source               destination
    3   984 postrouting_lan_rule  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* user chain for postrouting */
    0     0 SNAT       tcp  --  *      *       192.168.7.0/24       192.168.7.160        tcp dpt:3389 /* MXCORE_RDP (reflection) */ to:192.168.7.1
    0     0 SNAT       tcp  --  *      *       192.168.7.0/24       192.168.7.160        tcp dpt:9092 /* MXCORE_UT (reflection) */ to:192.168.7.1
    0     0 SNAT       tcp  --  *      *       192.168.7.0/24       192.168.7.160        tcp dpt:26373 /* MXCORE_EDK (reflection) */ to:192.168.7.1
    0     0 SNAT       udp  --  *      *       192.168.7.0/24       192.168.7.160        udp dpt:49018 /* MXCORE_EDK2 (reflection) */ to:192.168.7.1

Chain zone_lan_prerouting (1 references)
 pkts bytes target     prot opt in     out     source               destination
   60  4386 prerouting_lan_rule  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* user chain for prerouting */
    0     0 DNAT       tcp  --  *      *       192.168.7.0/24       59.172.93.252        tcp dpt:7789 /* MXCORE_RDP (reflection) */ to:192.168.7.160:3389
    0     0 DNAT       tcp  --  *      *       192.168.7.0/24       59.172.93.252        tcp dpt:9092 /* MXCORE_UT (reflection) */ to:192.168.7.160:9092
    0     0 DNAT       tcp  --  *      *       192.168.7.0/24       59.172.93.252        tcp dpt:26373 /* MXCORE_EDK (reflection) */ to:192.168.7.160:26373
    0     0 DNAT       udp  --  *      *       192.168.7.0/24       59.172.93.252        udp dpt:49018 /* MXCORE_EDK2 (reflection) */ to:192.168.7.160:49018

Chain zone_wan_postrouting (1 references)
 pkts bytes target     prot opt in     out     source               destination
  196  9103 postrouting_wan_rule  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* user chain for postrouting */
  196  9103 MASQUERADE  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain zone_wan_prerouting (1 references)
 pkts bytes target     prot opt in     out     source               destination
   29  1192 MINIUPNPD  all  --  *      *       0.0.0.0/0            0.0.0.0/0
   30  1232 prerouting_wan_rule  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* user chain for prerouting */
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:7789 /* MXCORE_RDP */ to:192.168.7.160:3389
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:9092 /* MXCORE_UT */ to:192.168.7.160:9092
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:26373 /* MXCORE_EDK */ to:192.168.7.160:26373
    0     0 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:49018 /* MXCORE_EDK2 */ to:192.168.7.160:49018

Please help!

(Last edited by billychow on 27 Oct 2014, 03:45)

Post #2

billychow

27 Oct 2014, 16:01

Can anyone help me?
Thanks!

Post #3

pheoxy

27 Oct 2014, 17:51

I'm having the same problem on WNDR3800 with upnp after port forwarding also wasn't working.

Post #4

jow

27 Oct 2014, 18:00

Can you please be more specific? What is not working exactly?

Post #5

billychow

27 Oct 2014, 18:39

jow wrote:

Can you please be more specific? What is not working exactly?

Thanks for the reply!

When I started eMule, I can see there is a port fowarding rule under "Service > UPnP".
But when I try to telnet to myIP:port from my Linode VPS, it shows connection failed.
The other port fowarding like RDP(7789-3389) is the same, none of them is working...

Then I switch back to my old router (WHR-HP-G300N/DDWRT) and try telnet again, It's OK.

I'm not familiar with UCI, so I'm not sure that there's any mistake in the configuration.

Please advice, thanks a lot!

Post #6

pheoxy

27 Oct 2014, 19:19

This is my /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option disable_ipv6 '1'

config zone
        option name 'lan'
        option network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan VyperVPN'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fe80::/10'
        option src_port '547'
        option dest_ip 'fe80::/10'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'
        option enabled '0'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'
        option enabled '0'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'
        option enabled '0'

config include
        option path '/etc/firewall.user'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option src_dport '21'
        option dest_ip '192.168.1.196'
        option name 'FTP'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option src_dport '23736'
        option dest_ip '192.168.1.1'
        option name 'Tixati'

config redirect
        option target 'DNAT'
        option dest 'lan'
        option proto 'tcp udp'
        option src_dport '32400'
        option dest_ip '192.168.1.196'
        option name 'Plex Media Server'
        option src 'lan'

config redirect
        option target 'DNAT'
        option dest 'lan'
        option proto 'tcp'
        option dest_ip '192.168.1.196'
        option name 'Minecraft'
        option src_dport '25565'
        option src 'lan'

config include 'miniupnpd'
        option type 'script'
        option path '/usr/share/miniupnpd/firewall.include'
        option family 'any'
        option reload '1'

And here's my iptables

Chain PREROUTING (policy ACCEPT 683 packets, 48506 bytes)
 pkts bytes target     prot opt in     out     source               destination
  686 48633 delegate_prerouting  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain INPUT (policy ACCEPT 163 packets, 16128 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 231 packets, 17538 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 23 packets, 3303 bytes)
 pkts bytes target     prot opt in     out     source               destination
  610 36769 delegate_postrouting  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain MINIUPNPD (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain delegate_postrouting (1 references)
 pkts bytes target     prot opt in     out     source               destination
  610 36769 postrouting_rule  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* user chain for postrouting */
   16  2814 zone_lan_postrouting  all  --  *      br-lan  0.0.0.0/0            0.0.0.0/0
  584 33308 zone_wan_postrouting  all  --  *      pppoe-wan  0.0.0.0/0            0.0.0.0/0

Chain delegate_prerouting (1 references)
 pkts bytes target     prot opt in     out     source               destination
  686 48633 prerouting_rule  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* user chain for prerouting */
  676 47535 zone_lan_prerouting  all  --  br-lan *       0.0.0.0/0            0.0.0.0/0
   10  1098 zone_wan_prerouting  all  --  pppoe-wan *       0.0.0.0/0            0.0.0.0/0

Chain postrouting_lan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain postrouting_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain postrouting_wan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain prerouting_lan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain prerouting_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain prerouting_wan_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain zone_lan_postrouting (1 references)
 pkts bytes target     prot opt in     out     source               destination
   16  2814 postrouting_lan_rule  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* user chain for postrouting */
    0     0 SNAT       tcp  --  *      *       192.168.1.0/24       192.168.1.196        tcp dpt:21 /* FTP (reflection) */ to:192.168.1.1

Chain zone_lan_prerouting (1 references)
 pkts bytes target     prot opt in     out     source               destination
  676 47535 prerouting_lan_rule  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* user chain for prerouting */
    0     0 DNAT       tcp  --  *      *       192.168.1.0/24       59.101.137.201       tcp dpt:21 /* FTP (reflection) */ to:192.168.1.196:21
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:32400 /* Plex Media Server */ to:192.168.1.196:32400
    0     0 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:32400 /* Plex Media Server */ to:192.168.1.196:32400
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25565 /* Minecraft */ to:192.168.1.196:25565

Chain zone_wan_postrouting (1 references)
 pkts bytes target     prot opt in     out     source               destination
  584 33308 postrouting_wan_rule  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* user chain for postrouting */
  584 33308 MASQUERADE  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain zone_wan_prerouting (1 references)
 pkts bytes target     prot opt in     out     source               destination
   10  1098 MINIUPNPD  all  --  *      *       0.0.0.0/0            0.0.0.0/0
   10  1098 prerouting_wan_rule  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* user chain for prerouting */
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:21 /* FTP */ to:192.168.1.196:21
    0     0 REDIRECT   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:23736 /* Tixati */ redir ports 23736
    0     0 REDIRECT   udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:23736 /* Tixati */ redir ports 23736

Hope that helps you as as well, same issue as billy.

Post #7

billychow

11 Jan 2015, 13:17

jow wrote:

Can you please be more specific? What is not working exactly?

Any update? :-(

The discussion might have continued from here.

Page 1 of 1