Spent all day trying to figure out how to enable a single port but am going to give up for now
Omnia WAN IP 192.168.1.85 (DHCP and reserved on ISP router)
Omnia LAN IP 10.0.112.254
NAS IP:port (to be access from the internet) 10.0.112.40 (fixed IP and added hostname in Omnia)
What I tried using LuCI:
used fresh install default firewall config:
config defaults
option syn_flood ‘1’
option input ‘ACCEPT’
option output ‘ACCEPT’
option forward ‘REJECT’
config zone
option name ‘lan’
list network ‘lan’
option input ‘ACCEPT’
option output ‘ACCEPT’
option forward ‘ACCEPT’
config zone
option name ‘wan’
list network ‘wan’
list network ‘wan6’
option output ‘ACCEPT’
option masq ‘1’
option input ‘REJECT’
option forward ‘REJECT’
config forwarding
option src ‘lan’
option dest ‘wan’
…
Adding one of these 2 or both:
config redirect
option target ‘DNAT’
option src ‘wan’
option proto ‘tcp’
option src_dport ‘5001’
option dest_ip ‘10.0.112.40’
option dest_port ‘5001’
option name ‘nas’
option dest ‘lan’
config rule
option enabled ‘1’
option target ‘ACCEPT’
option name ‘nas’
option family ‘ipv4’
option src ‘wan’
option dest ‘lan’
option dest_ip ‘10.0.112.40’
option dest_port ‘5001’
Used https://www.yougetsignal.com/tools/open-ports/. to check port 5001
and enabled
tcpdump -pnvvi eth1 port 5001
to see if I would get any traffic from wan. Which I did get whenever I opened the ISP router FW port and probed the port fromm the outside (so Double NAT config I guess):
[mss 1460,sackOK,TS val 3200491581 ecr 0,nop,wscale 8], length 0
19:32:59.780868 IP (tos 0x0, ttl 51, id 43936, offset 0, flags [DF], proto TCP (6), length 60)
198.199.98.246.58956 > 192.168.1.85.5001: Flags [S], cksum 0xe65b (correct), seq 3614182306, win 14600, options