Port forwarding problems

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
mtroniac
DD-WRT Novice


Joined: 14 Oct 2021
Posts: 3

PostPosted: Thu Oct 14, 2021 16:32    Post subject: Port forwarding problems Reply with quote
Hi all,

This is my first post in this forum. I have read the rules, but please be kind if I forgot something...

I have spend quite a lot of time trying to find an answer in this forum and elsewhere without success... Maybe I did my search wrong...

I can only connect to a few computers from outside my network.

My setup :
Router Model : Linksys WRT1900ACv2
Firmware Version : DD-WRT v3.0-r44715 std (11/03/20)
Kernel Version : Linux 4.9.241 #2174 SMP Tue Nov 3 02:44:43 +03 2020 armv7l

When I try [name].duckdns.org:[port] outside, I can only connect to the ones starting with a "*" in the table below. Note that the table was extracted with the command "nvram get forward_spec". I changed the servers names and added spaces to make it more legible... I also added a description at the end of each line

* [Physical 100] : on : both : 10022 > 192.168.0.100 : 22 - Linux station
[Virtual 102] : on : both : 8000 > 192.168.0.102 : 8000 - Virtual Seafile server on ProxMox
[Virtual 102] : on : both : 8082 > 192.168.0.102 : 8082 - Virtual Seafile server on ProxMox
[Virtual 103] : on : both : 54321 > 192.168.0.103 : 58846 - Virtual Deluge server on ProxMox
[Virtual 103] : on : tcp : 58112 > 192.168.0.103 : 8112 - Virtual Deluge server on ProxMox
* [Virtual 104] : on : both : 80 > 192.168.0.104 : 80 - Virtual NextCloud server on ProxMox
* [Virtual 104] : on : both : 443 > 192.168.0.104 : 443 - Virtual NextCloud server on ProxMox
[Virtual 104] : on : both : 12320 > 192.168.0.104 : 12320 - Virtual NextCloud server on ProxMox
[Virtual 104] : on : both : 12321 > 192.168.0.104 : 12321 - Virtual NextCloud server on ProxMox
[Virtual 105] : on : both : 30080 > 192.168.0.105 : 80 - Virtual MeshControl server on ProxMox
[Virtual 105] : on : both : 30443 > 192.168.0.105 : 443 - Virtual MeshControl server on ProxMox
[Virtual 111] : on : both : 8006 > 192.168.0.111 : 8006 - Physical ProxMox server
[Physical 133] : on : both : 38080 > 192.168.0.133 : 8080 - Raspberry Pi 4
* [Physical 196] : on : both : 3389 > 192.168.0.196 : 3389 - Windows station[/list]

Port forwarding goes to virtual servers and physical machines. I use a DuckDNS address.

IP addresses with port (no forwarding) works fine in LAN...

Any help would be greatly appreciated. I thank you in advance !
Sponsor
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 12866
Location: Texas, USA

PostPosted: Thu Oct 14, 2021 17:11    Post subject: Reply with quote
Did you try testing this on the current release (47528)?

https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2021/10-10-2021-r47528/linksys-wrt1900acv2/

The only other factor that could be at play here is SFE (Shortcut Forwarding Engine). Try enabling / disabling that on the main setup page.

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Pogo - A minimal level of ability is expected and needed...
At some point, people just get plain tired of this place.

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
mtroniac
DD-WRT Novice


Joined: 14 Oct 2021
Posts: 3

PostPosted: Thu Oct 14, 2021 19:43    Post subject: Reply with quote
Thank you for your prompt response,

SFE was disabled. I have tried enabling it without success.

I will do the flash to version 47528 tomorrow morning and get back to you...
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 12866
Location: Texas, USA

PostPosted: Thu Oct 14, 2021 19:45    Post subject: Reply with quote
Keep in mind there are nvram variable changes and you will likely wish to do a hard reset on the device. Screenshot / save your current configurations prior to that so that you can reconfigure from scratch without issue. Don't expect to restore from an nvram backup, though.
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Pogo - A minimal level of ability is expected and needed...
At some point, people just get plain tired of this place.

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
eugene1973
DD-WRT User


Joined: 21 May 2017
Posts: 186

PostPosted: Thu Oct 14, 2021 22:48    Post subject: Reply with quote
Nat mappings comes next.
mtroniac
DD-WRT Novice


Joined: 14 Oct 2021
Posts: 3

PostPosted: Sat Oct 16, 2021 3:24    Post subject: Reply with quote
Ha well, this is going to take a lot of time then. I will try that and come to you with results when done. I won't have time this weekend... I'll keep you posted.
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9137

PostPosted: Sat Oct 16, 2021 4:04    Post subject: Reply with quote
If you have port forwarding working at all, then we know the routing is correct, and you have a public IP on the WAN. At that point, the most common source of problems is personal firewalls on the target device.

But there's one other potential problem ppl tend to overlook. If you're actively using an OpenVPN (or even Wireguard) client, and the target device of the port forward is bound to that VPN, either by default, or via PBR (policy based routing), it will NOT be remotely accessible over the WAN due to RPF (reverse-path filtering). RPF requires that packets "inbound to" and "outbound from" the local network use the same network interface. And when you port forward over the WAN to a device that's currently bound to the VPN, you're in violation of RPF, and it will block those outbound packets.

All that said, I suspect this is NOT the problem given most devices are bound in-whole to the VPN based on their local IP. And so if port forwarding works for any service on that device, it should work for all. But I thought it worth mentioning in case I misinterpreted the results of your nvram dump (esp. since you apparently edited it).

_________________
ddwrt-ovpn-split-basic.sh (UPDATED!) * ddwrt-ovpn-split-advanced.sh (UPDATED!) * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-remote-access.sh * ddwrt-ovpn-client-backup.sh * ddwrt-mount-usb-drives.sh * ddwrt-blacklist-domains.sh * ddwrt-wol-port-forward.sh * ddwrt-dns-monitor.sh (NEW!)
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum