Can't forward any ports

So, I’m trying to forward ports using the port forwarding interface in lucl, but nothing seems to work. Do I have to do something in addition to adding the rule under Firewall->Port Forwarding?

I set only this and fixed adress for TS3 server, second is umurmur server on router.

Hmm, works after rebooting the router(again), as well as the device I was forwarding ports to. Looks like it wasn’t an issue with the forwarding after all. Strange.

I have the same issue - set the port forwarding and not working.
I read a lot about restarting (I tried) byt still not work…
I is simple rule, PORT 80 to (my router IP is and PORT 21 to…
I try also to set the exact WAN IP (I have fixe ip assigned from ISP) in the rule but nothign changed.

Is there a need to setup something in Firewall rules also? Or in the main settings of Firewall?

have exactly the same experience…

  • setting it up via Luci -> apply/save… not working
  • setting it in /etc/config/firewall -> restart fw… not working
  • messing around more, few more FW restarts and it’s fine.

It’s not that it is not working, it’s just pretty inconsistant.

Have you also really checked if the port is open or not?

In my own case having opened up a port for a torrent-client on my NAS. It seemed like it was not working when checking it on the client. However when i tested it on that website, it showed that it was open.

Marek > did you folow up what is the exact order of your steps? What if you change the configuration now again?

Big boss> I tried your port tester and it says: port is closed…

Can enybody operate the Port Forwarding in 100%?

My port forwarding is working fine. 80 and 443 go to a DMZ based reverse proxy that doesn’t run on the Omnia and I’ve got a bunch of non standard ports. These all worked straight after setting up the forwards (which I’ll admit was done by copying an existing firewall config file onto the Omnia rather than via LuCI. I’ve subsequently modified some of the ports and all is still good.

Yes working here too. Just searching for the port range forwarding… :confused:

I tried to edit /etc/config/firewall manualy, than restart fw but no luck - what is your settings of “wan zone” for forward?

config zone
<------>option name ‘wan’
<------>list network ‘wan’
<------>list network ‘wan6’
<------>option input ‘REJECT’
<------>option output ‘ACCEPT’
<------>option masq ‘1’
<------>option mtu_fix ‘1’
<------>option forward ‘REJECT’

I have this simple rule on the first line of config - everything looks ok:
config redirect
<------>option target ‘DNAT’
<------>option src ‘wan’
<------>option dest ‘lan’
<------>option src_dport ‘21’
<------>option dest_ip ‘’
<------>option dest_port ‘21’
<------>option name ‘FTP’
<------>option proto ‘tcp’

the DNAT looks fine. Here’s an example of mine:

config redirect
option src 'wan’
option dest 'dmz’
option proto 'tcp’
option target 'DNAT’
option name 'DMZ Web’
option src_dport '80’
option dest_port '80’
option dest_ip ‘AA.BB.XX.YY’ <-- redacted

the Zone looks good too (you have list for the two wan entries, I have those bundled into a single option. Have you tried dropping the firewall on the recieving device to make sure it’s not getting blokced elsewhere?

The FTP server and WEB server is running on internal adress for long time (and was accessable from wan) and now I just switch the router box… so there should be no firewall blocking this. Of course it is working from internal network also…

I read similar problem with port forwarding and restarting the router few times on cz forum, so there should be something what is different on our routers (the same issue as @Marek_Ruzicka and @NCLI) - if yours is working ok…
The router is almost with no chage after factory reset… just update and network setup…

I see someting different - you configure your own area - not lan or wan but DMZ… maybe there is the point?

Correct, I don’t have any externally accessible devices connected on the core LAN, only via the DMZ vlan.

Well I have them on same lan and forwarding works…

@Big_boss yup i did check it… I was setting up my Plex server (or rather FW for it), so it was very easy for me to test if it’s working or not. (playing music/videos on my phone via lte connection) .

@Vojtech_Pihrt seems to be working fine ever since. (I just now removed all my rules and recreated them via /etc/config/firewall + /etc/init.d/firewall reload, again successfully).

Maybe something to do with configuration via Luci… that one was rather weird for me. It said i have uncommited changes even though everything was saved/applied and verified via iptables directly.
Once I was able to get rid of that by deleting the rule via Luci and even “restoring the rule” (or whatever the option is in that “uncommited changes window”), and then 2 or free firewall restarts, it started to work as expected.

I understand this is not very helpful story :slight_smile: and there is a real (and probably high) possibility the problem was with the moron behind the keyboard (that would be me if there is any doubt) :wink:

Anyway everything seems to be in order right now, whatever the issue was.

Bingo! I managed the factory reset - then I leave the default IP instead of changing it (but this is probably nothing to do with this) and the first thing I was made was PortForwarding - and it is working…

So I look in the firewall config and I can see that the “redirect” section is on the END of the config… before I have it on the top (first lines…)

So my deducation (maybe wery poor) is:

  • first time I was managing the firewall and other stuff before, the luci inteface then put the new config section on the top of the file
  • now it is at the end

…or is this missleading and there is no matter where it is? I suppose (I used only basic iptables on my previous router) that the order is important…

Btw, port forward: did anyone find out how to forward a port range, not only single port?

start:stop should work (don’t know about webinterface, but in /etc/config/firewall at least)

Doesn’t work in gui, seems like a console job then.

Hm funny, no picture upload button in mobile version of Discourse…