I'm testing a new router setup here, thought I had everything correct, but I don't.
Outgoing traffic works just fine, but incoming traffic isn't getting where it needs to go. I tried a web tool that can do a port scan, it was showing that the ports I wanted were open, I tried another tool and it got no response at all. Also, the router's WAN address is not pingable, my WhiteRussian setup was pingable on the WAN address externally.
Here is my current network setup:
root@OpenWrt:/etc/config# cat network
#### VLAN configuration
config switch eth0
option enable 1
config switch_vlan eth0_0
option device "eth0"
option vlan 0
option ports "0 1 2 3 4 5u"
#### Loopback configuration
config interface loopback
option ifname "lo"
option proto static
option ipaddr 127.0.0.1
option netmask 255.0.0.0
#### LAN configuration
config interface lan
option type bridge
option ifname "eth0"
option macaddr "00:1D:7E:1E:A0:F8"
option proto static
option ipaddr 192.168.1.2
option netmask 255.255.255.0
#### WAN configuration
config interface wan
option ifname "eth1"
option macaddr "00:1d:7e:1e:a0:f9"
option proto dhcp
And now a snipped from my Firewall config showing traffic on port 80 should redirect to a different system on the LAN:
root@OpenWrt:/etc/config# cat firewall
config 'defaults'
option 'syn_flood' '1'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'ACCEPT'
config 'zone'
option 'name' 'lan'
option 'input' 'ACCEPT'
option 'output' 'ACCEPT'
option 'forward' 'ACCEPT'
config 'zone'
option 'name' 'wan'
option 'output' 'ACCEPT'
option 'masq' '1'
option 'mtu_fix' '1'
option 'input' 'ACCEPT'
option 'forward' 'ACCEPT'
config 'forwarding'
option 'src' 'lan'
option 'dest' 'wan'
config 'rule'
option 'src' 'wan'
option 'proto' 'udp'
option 'dest_port' '68'
option 'target' 'ACCEPT'
config 'rule'
option 'src' 'wan'
option 'proto' 'icmp'
option 'icmp_type' 'echo-request'
option 'target' 'ACCEPT'
config 'include'
option 'path' '/etc/firewall.user'
config 'redirect'
option 'src' 'wan'
option 'proto' 'tcp'
option 'src_dport' '80'
option 'dest_ip' '192.168.1.10'
option '_name' 'www'
From the web interface, I think I have everything set correctly? I'm sure I'm missing something very basic here...
Also, my prior setup in WhiteRussian was such that I could access internal services by their external DNS name, for example, if the web server listed above was reachable externally as http://example.com, if I used that same URL from the LAN, my page would load correctly. I'd like to keep this same capability, I'm not sure if the default LUCI setup will allow that. Any tips on making that work via the LUCI interface would be appreciated. I'm trying to avoid any unnecessary direct IPTABLES commands if I can avoid it.