Posted: Thu Oct 14, 2021 16:32 Post subject: Port forwarding problems
This is my first post in this forum. I have read the rules, but please be kind if I forgot something...
I have spend quite a lot of time trying to find an answer in this forum and elsewhere without success... Maybe I did my search wrong...
I can only connect to a few computers from outside my network.
My setup :
Router Model : Linksys WRT1900ACv2
Firmware Version : DD-WRT v3.0-r44715 std (11/03/20)
Kernel Version : Linux 4.9.241 #2174 SMP Tue Nov 3 02:44:43 +03 2020 armv7l
When I try [name].duckdns.org:[port] outside, I can only connect to the ones starting with a "*" in the table below. Note that the table was extracted with the command "nvram get forward_spec". I changed the servers names and added spaces to make it more legible... I also added a description at the end of each line
* [Physical 100] : on : both : 10022 > 192.168.0.100 : 22 - Linux station
[Virtual 102] : on : both : 8000 > 192.168.0.102 : 8000 - Virtual Seafile server on ProxMox
[Virtual 102] : on : both : 8082 > 192.168.0.102 : 8082 - Virtual Seafile server on ProxMox
[Virtual 103] : on : both : 54321 > 192.168.0.103 : 58846 - Virtual Deluge server on ProxMox
[Virtual 103] : on : tcp : 58112 > 192.168.0.103 : 8112 - Virtual Deluge server on ProxMox
* [Virtual 104] : on : both : 80 > 192.168.0.104 : 80 - Virtual NextCloud server on ProxMox
* [Virtual 104] : on : both : 443 > 192.168.0.104 : 443 - Virtual NextCloud server on ProxMox
[Virtual 104] : on : both : 12320 > 192.168.0.104 : 12320 - Virtual NextCloud server on ProxMox
[Virtual 104] : on : both : 12321 > 192.168.0.104 : 12321 - Virtual NextCloud server on ProxMox
[Virtual 105] : on : both : 30080 > 192.168.0.105 : 80 - Virtual MeshControl server on ProxMox
[Virtual 105] : on : both : 30443 > 192.168.0.105 : 443 - Virtual MeshControl server on ProxMox
[Virtual 111] : on : both : 8006 > 192.168.0.111 : 8006 - Physical ProxMox server
[Physical 133] : on : both : 38080 > 192.168.0.133 : 8080 - Raspberry Pi 4
* [Physical 196] : on : both : 3389 > 192.168.0.196 : 3389 - Windows station[/list]
Port forwarding goes to virtual servers and physical machines. I use a DuckDNS address.
IP addresses with port (no forwarding) works fine in LAN...
Any help would be greatly appreciated. I thank you in advance !
If you have port forwarding working at all, then we know the routing is correct, and you have a public IP on the WAN. At that point, the most common source of problems is personal firewalls on the target device.
But there's one other potential problem ppl tend to overlook. If you're actively using an OpenVPN (or even Wireguard) client, and the target device of the port forward is bound to that VPN, either by default, or via PBR (policy based routing), it will NOT be remotely accessible over the WAN due to RPF (reverse-path filtering). RPF requires that packets "inbound to" and "outbound from" the local network use the same network interface. And when you port forward over the WAN to a device that's currently bound to the VPN, you're in violation of RPF, and it will block those outbound packets.