I was trying to setup my TS3 Server, so I needed to open port UDP 9987 on my Turris Omnia. I tried to open the port adding a rule under Traffic Rules, but it does not work. Then I tried on Port Forwarding, but still same problem.
I have read of other users having the same issue. For some restarting the router works but not for me. I have also tried a factory reset and also tried to reflash the router.
Same story, I am not able to open this port.
Any help or suggestion? Here below the screenshots:
In forward rule you have both source and destination port as 9987. Are you sure that the client software is also using port 9987? Or is it automatically selected by OS from unused port pool?
UDP and TCP connection always needs a port at the both ends for it to work but normally at the side starting the connection it is freely selected by OS from the unused port pool.
Yes, but when is TS3 server set to default port 9987, than in TS3 client server adress is need write off only IP. UDP is need write off only when is set another port than default, default port is set automatically by TS3 client, but not seen in server address.
Hi guys, thanks for the reply and the support.
I have tried as LeRacK suggests, but the result is always the same. Port closed.
I have tried to restart the router but it seems I cannot open this port.
The other doubt I have is in the firewall. The settings in my firewall are as below. Does this impact the port forwarding?
yes the server is running, but the ports are not open.
I have the same issue with utorrent. The UPNP automatic mapping does not work and the utorrent port is closed.
UPNP is broken in current releases of Turris (it was broken in OpenWRT itself, and Turris hadn’t picked up the upstream fix). I found this and submitted a fix here: https://forum.test.turris.cz/t/upnp-says-its-working-not-really/1644/6?u=tonyquan which the Turris devs have accepted. That won’t help for a static port forward though. If I get a chance I’ll try to take a look at this case. The zone rules you pointed out in the screenshots are prioritized lower than the ones in the filter table so should not be interfering.
as I mentioned this should be a redirect rather than a forward. Delete your other rules off the “Traffic Rules” screen, then click “Save and Apply” before going ahead. to create a redirect from LuCI go here:
The “Traffic Rules” screen you were trying is the wrong one to use for this. You want the forwards screen because for this to work you need a redirect firewall rule, the “Traffic Rules” screen can’t be used to create redirects. in your case it sounds like you want protocol UDP, external zone wan, external port 9987, internal zone lan, internal IP 192.168.1.130 (is that where your TS3 server is running?) and internal port 9987. Click “Add” to add the rule, then “Save and Apply”. No restart of the router should be required.
ssh to the router and look at /etc/config/firewall, you should see a section like this (assuming you called the rule ts3:
config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'udp'
option src_dport '9987'
option dest_ip '192.168.1.130'
option dest_port '9987'
option name 'ts3'
You could have skipped the web UI entirely and just added this info to the file and restarted the firewall using “/etc/init.d/firewall restart” to get the same effect.
thanks for your useful reply. I tried what you suggested but without success.
Here is what I have and what the router replies when I restart the firewall:
config rule
option name ‘Allow-DHCP-Renew’
option src ‘wan’
option proto ‘udp’
option dest_port ‘68’
option target ‘ACCEPT’
option family ‘ipv4’
config rule
option name ‘Allow-Ping’
option src ‘wan’
option proto ‘icmp’
option icmp_type ‘echo-request’
option family ‘ipv4’
option target ‘ACCEPT’
config rule
option name ‘Allow-IGMP’
option src ‘wan’
option proto ‘igmp’
option family ‘ipv4’
option target ‘ACCEPT’
config rule
option name ‘Allow-DHCPv6’
option src ‘wan’
option proto ‘udp’
option src_ip ‘fe80::/10’
option src_port ‘547’
option dest_ip ‘fe80::/10’
option dest_port ‘546’
option family ‘ipv6’
option target ‘ACCEPT’
config rule
option name ‘Allow-MLD’
option src ‘wan’
option proto ‘icmp’
option src_ip ‘fe80::/10’
list icmp_type ‘130/0’
list icmp_type ‘131/0’
list icmp_type ‘132/0’
list icmp_type ‘143/0’
option family ‘ipv6’
option target ‘ACCEPT’
config rule
option name ‘Allow-ICMPv6-Input’
option src ‘wan’
option proto ‘icmp’
list icmp_type ‘echo-request’
list icmp_type ‘echo-reply’
list icmp_type ‘destination-unreachable’
list icmp_type ‘packet-too-big’
list icmp_type ‘time-exceeded’
list icmp_type ‘bad-header’
list icmp_type ‘unknown-header-type’
list icmp_type ‘router-solicitation’
list icmp_type ‘neighbour-solicitation’
list icmp_type ‘router-advertisement’
list icmp_type ‘neighbour-advertisement’
option limit ‘1000/sec’
option family ‘ipv6’
option target ‘ACCEPT’
config rule
option name ‘Allow-ICMPv6-Forward’
option src ‘wan’
option dest ‘*’
option proto ‘icmp’
list icmp_type ‘echo-request’
list icmp_type ‘echo-reply’
list icmp_type ‘destination-unreachable’
list icmp_type ‘packet-too-big’
list icmp_type ‘time-exceeded’
list icmp_type ‘bad-header’
list icmp_type ‘unknown-header-type’
option limit ‘1000/sec’
option family ‘ipv6’
option target ‘ACCEPT’
this looks fine. I tested the same, the only difference was I used a TCP server rather than UDP. I can try setting up a UDP based server and see if it works for me. some obvious things:
is 192.168.1.130 the right IP address? if the server host is getting its IP address via DHCP, it may change. I’d suggest using a static IP assignment for a server, it will make this easier.
can you connect to the server from hosts on your LAN?
I can connect from inside the LAN but I cannot connect from outside.
The IP is given by DHCP, but I have checked everytime and it stayed the same, 192.168.1.130
what is upstream of your Turris Omnia? (what do you connect your Turris Omnia to for internet service?) is there any device there that potentially has a firewall or is blocking ports? Many ISPs supply their own modem/router combination devices that have built in firewalls, you might need to disable that firewall, open holes there, or bridge that device.
I was about to write down this same conclusion. I have a router which I have set up in bridge mode. This might probably be the one giving the issue…
I will try and check if there is any setting I need to change.
I will keep you updated.
