I got OpenWRT router. What i need to archeive is a port redirection within my lan zone. What i mean, every time i hit local adres on port 40413 it has to be redirected to 192.168.1.111:443 For example i put in browser: 192.168.1.111:40443 it should point to 192.168.1.111:443 That's pretty easy with plain iptable rule:

iptables -t nat -A PREROUTING -i br-lan -p tcp --dport 40443 -j REDIRECT --to-port 443

I tried to it into /etc/firewall.user but no effect...

I also tried with rule main firewall config: /etc/config/firewall

config redirect
   option name 'owncloud_internal'
   option src 'lan'
   option proto 'tcp'
   option src_dport '40443'
   option dest_ip '192.168.1.111'
   option dest_port '443'
   option target 'DNAT'
   option dest 'lan'

but still no effect... Can someone figure it out, how to approach this silly problem?

Thanks

The firewall sits between WAN and LAN, there is no firewall between LAN clients.

Is 192.168.1.111 the router's IP address? Or are you trying to redirect a port on another device?

https://wiki.openwrt.org/doc/uci/firewa … e_external

config redirect
        option src              lan
        option proto            tcp
        option src_ip           !192.168.1.111
        option src_dport        40413
        option dest_ip          192.168.1.111
        option dest_port        443
        option target           DNAT

config redirect
        option dest             lan
        option proto            tcp
        option src_dip          192.168.1.1
        option dest_ip          192.168.1.111
        option dest_port        443
        option target           SNAT

Well 'firewall' in term of netfilter/iptables. It has much more functions than firewalling....

Nope, 192.168.1.111 is webserver adress. So, i want to redirect all connections to 40433 to this webserver on port 443
With WAN connections it is easy port forwarding:

config redirect             
        option target 'DNAT' 
        option src 'wan'      
        option dest 'lan'      
        option proto 'tcp'
        option src_dport '40890'
        option dest_ip '192.168.1.111'
        option dest_port '443'

and it works smoothly,
Connection flow looks like that:
(WAN) ---> (router_external_IP):40443--->(LAN)192.168.1.111:443
So simple port forwarding...
But i want the same for inside lan connections:
(LAN)192.168.1.108:40443--- redirection ---->(LAN)192.168.1.111:443

As others have commented, you cannot redirect traffic for a device if that traffic does not goes through the router. WAN to LAN (or WAN to LAN) traffic goes through the router, but LAN to LAN goes directly from one device to another.

What you could try is to do "NAT reflection", point the clients to the 40443 port on the router, and redirect that traffic to port 443 on the webserver at 192.168.1.111.

Ahh, of course...stupid me. OK, problably i will try to change webserver listening port to 40443, which is not so obvious as Im using prepared docker but still it will be better approach than doing tricks on network. Thanks for replies guys.