OpenWrt Forum Archive

Topic: Port forwarding; hard to get it working

The content of this topic has been archived on 22 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
Toutatis
2 Sep 2016, 14:41

I want to add here my testimony regarding the difficulties to get port forwarding working. I had a lot of reading in this forum and I am NOT the only one to have this issue and mostly, OP didn’t give any solution, the thread stops; Found the solution?, Workaround?, Abandonment?
I spent at least 12 full hours to get it set-up and even now I don’t know why it’s working.

Hardware: TP-Link-W8970
Software: OpenWrt Chaos Calmer 15.05.1 / LuCI 15.05-149-g0d8bbd2 Release (git-15.363.78009-956be55)
New install.

I have in my LAN a Linux laptop (Software firewall off) with Transmission and I’d like to open port 51413.
With LuCI, Menu > Network > Firewall > Port Forwards
New port forward:
Name: Transmission
Protcol: TCP+UDP
External zone: wan
External port: Blank
Internal zone: lan
Internal IP address: 192.168.1.115
Internal port: 51413

Yuo can also follow these posts from
https://forum.openwrt.org/viewtopic.php … 47#p336547

cat /etc/config/firewall
...
config redirect
    option target 'DNAT'
    option src 'wan'
    option dest 'lan'
    option proto 'tcp udp'
    option dest_ip '192.168.1.115'
    option dest_port '51413'
    option name 'Transmission'

Unfortunately, this set-up didn’t open the port; tested directly by Transmission on the destination host, in preferences > Network > Test port button, or by http://www.canyouseeme.org/
I did NOT forget to send by ssh /etc/init.d/firewall restart (x2) and check cat /etc/config/firewall at every change.

From here I tried, separately and together, from ssh or LuCI, followed by reboot or firewall restart:
- option proto 'tcpudp'
- option src_port '51413'
- Deleted the full port set-up and re-write with LuCI
- Modify cat /etc/config/firewall thought ssh with vi
- Check almost all the points from The basic check list to run through before considering port forwards "broken"

And today I tried again:
Open LuCI, Menu > Network > Firewall > Port Forwards > Edit the above set-up.
When one edits with LuCI he can see more options that there are in the first GUI to add port forwarding:
External IP address and External port
I had a try and filled in:
Source port: 51413
External port: 51413

I never forgot to send /etc/init.d/firewall restart
Didn’t work nether.

Edit it again and filled ONLY External port: 51413, deleted Source port (nothing in the Source port area).
As if by magic, port was OPEN.

But I didn’t stay here, I’d like to understand.
1) I changed the set-up for the first one, see on the very top of the post.
Saved, switched OFF (hardware) the modem and Transmission on the laptop…
Restated everything, remember with the first set-up, and now the port is OPEN.

2) Deleted the port forwarded, saved, switched OFF (hardware) the modem and Transmission on the laptop…
Restated everything and now Port is CLOSED, this is OK there is no port forwarded

3) Re-set-up with LuCI with the first set-up, saved, switched OFF (hardware) the modem and Transmission on the laptop…
Restated everything, remember with the first set-up at the very top of this post, and now Port is OPEN.


Conclusion:
This set-up is working, done with LuCI:

config redirect
    option target 'DNAT'
    option src 'wan'
    option dest 'lan'
    option proto 'tcp udp'
    option dest_ip '192.168.1.115'
    option dest_port '51413'
    option name 'Transmission'

Nothing else needed: No other port needed
But I can’t say more, I don’t have any explanation.
- Why it was not working previously? I am sure, certain to follow the same process to test as now, I spent more that 12 full hours between 30th August and now 1st September, so 3 days. Modem and PC was switched OFF at night. I restarted all the applications. I was very precise, meticulous, careful and did a lot of checks in the process to test. I don't have any doubt that I didn't do any mistake in the set-up process.

Yes it’s working with ONLY dest_ip and dest_port. NO need other port, NO NEED
This confirms what I learned in a SISCO network training where I passed the exam few years ago.

For reference
http://docstore.mik.ua/orelly/networkin … h02_06.htm
https://en.wikipedia.org/wiki/User_Data … _structure

This is just a testimony, I don’t know if this could help other, I am sure there will be others, but at least I don’t close the case without explanation.

Thank you for your reading and thank you to all here who helped me.

Post #2
stangri
2 Sep 2016, 20:44
Toutatis wrote:

...
This confirms what I learned in a SISCO network training where I passed the exam few years ago.
...

If you were struggling with setting up port forwarding manually, have you considered installing miniupnpd on your router?

PS. If it says SISCO on your test paperwork, you were ripped off.

The discussion might have continued from here.