Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Wed Mar 22, 2023 11:42 Post subject:
I am updating the instructions (still a WIP):
Port forwarding via WireGuard (oet) interface
This is an example to port forward via the oet interface which might come in handy if you are connected via the oet interface to a server and you want to port forward, this is an example where I chose port 444000 to port forward to port 80 on 192.168.1.1 and assuming you are using the first tunnel e.g. oet1.
Quote:
#!/bin/sh
ext_port=444000
int_port=80
int_ip=192.168.1.1
tunnelnr=1 # adjust for used tunnel number first tunnel is 1
#To allow to connect to processes on the router itself e.g. remote administration, lighttpd etc:
iptables -D INPUT -i oet${tunnelnr} -p tcp --dport $int_port -j ACCEPT
iptables -I INPUT -i oet${tunnelnr} -p tcp --dport $int_port -j ACCEPT
Test this script from the command line and if it works: Administration/Commands and Save as Firewall
Furthermore Disable CVE mitigation in the GUI and probably disable SFE (Shortcut Forwarding Engine) on Setup page.
Note
For some providers the oet endpoint address is not the same as the exit address (the address you have to use to connect from the outside).
You can look for the exit address with ipleak.net or dnsleaktest.com.
I have tried both http and https:://x.x.x.x:portnumber, but nothing.
It does seem lighttpd must be be listening else the port checker wouldn't be receiving a response though. Tried a couple of other port checkers too, and they all now say that the port is open, so I will focus on lighttpd and see if I can work out why it isn't serving up pages.
It's working perfectly off my phone. For whatever reason, when connected to the VPN, it doesn't work (I assume the VPN isn't allowing it), the computer connected through my phone, no VPN and it works perfectly.
Just swapped those and strangely it's the same. I can see the router login if I use my phone or turn the VPN off, but over the VPN it doesn't come through.
It seems as if the VPN is trying to protect me from my own website.
Obviously as my router gives my home network access to the world through the VPN, that is why the devices on it are seeing it through the server that the port is open on.
Everything works fine though.
Thank you again for all your help, it has enabled me once again to get the router doing everything I want it too.
Just for info, so far my experience seems to be that once you have opened a port on the VPN, you always seem to get the same IP (mine hasn't changed through many restarts). I can't confirm this 100% yet, but it does seem that way.
Also something I wasn't that fond of was for the webpages hosted on my router, I was only able to access them through http://domain.com:53777 which wasn't ideal. However setting up my DNS through cloudflare and using it's proxying service allows me to make a port forward here too, so the end users experience is transparent. They just put in http://domain.com or https://domain.com and cloudflare proxies them to the relevent open port on the VPN. It's also an added layer of security.