Posted: Thu Oct 14, 2021 16:32 Post subject: Port forwarding problems
Hi all,
This is my first post in this forum. I have read the rules, but please be kind if I forgot something...
I have spend quite a lot of time trying to find an answer in this forum and elsewhere without success... Maybe I did my search wrong...
I can only connect to a few computers from outside my network.
My setup :
Router Model : Linksys WRT1900ACv2
Firmware Version : DD-WRT v3.0-r44715 std (11/03/20)
Kernel Version : Linux 4.9.241 #2174 SMP Tue Nov 3 02:44:43 +03 2020 armv7l
When I try [name].duckdns.org:[port] outside, I can only connect to the ones starting with a "*" in the table below. Note that the table was extracted with the command "nvram get forward_spec". I changed the servers names and added spaces to make it more legible... I also added a description at the end of each line
* [Physical 100] : on : both : 10022 > 192.168.0.100 : 22 - Linux station
[Virtual 102] : on : both : 8000 > 192.168.0.102 : 8000 - Virtual Seafile server on ProxMox
[Virtual 102] : on : both : 8082 > 192.168.0.102 : 8082 - Virtual Seafile server on ProxMox
[Virtual 103] : on : both : 54321 > 192.168.0.103 : 58846 - Virtual Deluge server on ProxMox
[Virtual 103] : on : tcp : 58112 > 192.168.0.103 : 8112 - Virtual Deluge server on ProxMox
* [Virtual 104] : on : both : 80 > 192.168.0.104 : 80 - Virtual NextCloud server on ProxMox
* [Virtual 104] : on : both : 443 > 192.168.0.104 : 443 - Virtual NextCloud server on ProxMox
[Virtual 104] : on : both : 12320 > 192.168.0.104 : 12320 - Virtual NextCloud server on ProxMox
[Virtual 104] : on : both : 12321 > 192.168.0.104 : 12321 - Virtual NextCloud server on ProxMox
[Virtual 105] : on : both : 30080 > 192.168.0.105 : 80 - Virtual MeshControl server on ProxMox
[Virtual 105] : on : both : 30443 > 192.168.0.105 : 443 - Virtual MeshControl server on ProxMox
[Virtual 111] : on : both : 8006 > 192.168.0.111 : 8006 - Physical ProxMox server
[Physical 133] : on : both : 38080 > 192.168.0.133 : 8080 - Raspberry Pi 4
* [Physical 196] : on : both : 3389 > 192.168.0.196 : 3389 - Windows station[/list]
Port forwarding goes to virtual servers and physical machines. I use a DuckDNS address.
IP addresses with port (no forwarding) works fine in LAN...
Any help would be greatly appreciated. I thank you in advance !
Joined: 08 May 2018 Posts: 14246 Location: Texas, USA
Posted: Thu Oct 14, 2021 19:45 Post subject:
Keep in mind there are nvram variable changes and you will likely wish to do a hard reset on the device. Screenshot / save your current configurations prior to that so that you can reconfigure from scratch without issue. Don't expect to restore from an nvram backup, though. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Ha well, this is going to take a lot of time then. I will try that and come to you with results when done. I won't have time this weekend... I'll keep you posted.
If you have port forwarding working at all, then we know the routing is correct, and you have a public IP on the WAN. At that point, the most common source of problems is personal firewalls on the target device.
But there's one other potential problem ppl tend to overlook. If you're actively using an OpenVPN (or even Wireguard) client, and the target device of the port forward is bound to that VPN, either by default, or via PBR (policy based routing), it will NOT be remotely accessible over the WAN due to RPF (reverse-path filtering). RPF requires that packets "inbound to" and "outbound from" the local network use the same network interface. And when you port forward over the WAN to a device that's currently bound to the VPN, you're in violation of RPF, and it will block those outbound packets.