I’ve replaced my old router with my TO and I’m having problems with setting up the port forwarding. I need 85, 9000 and 18004 open and forwarded to my CCTV device @ 192.168.1.96. These are my forwards.
I assume that I’ve missed some other config setting that my previous router didn’t have. Can someone please point me in the right direction to fix this? Many thanks.
Yes you missed it completely. Because it is two different things on both sheets.
If you open port that means traffic from wan end up on this device eg. there has to be some daemon running on turris that handle incoming traffic on choosen port.
If you set up port forwarding to other device in your lan, than all traffic is forwarded to choosen IP 192.168.1.96 in your case. So delete rules Open85, Open9000, Open 18004 and keep ONLY Swann Media, Swann Host and Swan HTTP and it should redirect all traffic from wan to your camera.
Thanks for the reply. The setup that you have suggested is what I had originally and that didn’t work either. However, I see what you mean about opening the ports to “device”. They should be “forwarded” to “lan” I assume. However this means that I don’t understand the difference between the “Port Forwards” section and the “Traffic Rules” section? Both appear to be able to forward ports. Is there a difference?
Anyway, this is what I now have, but it still doesn’t work.
Your setting is correct and should definitely work. But there could be some other problem with your connection likely on your ISP side could be those ports blocked. So you need to troubleshoot it somehow. I would recommend you to install NGINX on Turris and configure it to listen on port 85. Then you have to open port 85 (not forward!) in Traffic Rules. Then use some other network connection to connect to your wan IP from this connection (Mobile LTE or other) try open in web browser http://your_wan_ip:85 and see if you get some response. Of course you should first make some hello page on nginx server and test it from your lan just to verify your NGINX server return any page on port 85 from your lan. This way you made sure that something is listening on port 85 and if it is not reachable from wan internet there is something wrong with your network connection at ISP.If you get some correct response from wan then you remove 85 from traffic rules and setup port forwarding to your camera and that should work.
As default turris firewall setup is deny all request and then it looks like port is closed from wan.
In order to enable some communication you have to have something running on certain port on turris device itself or forwarding port to another device within you lan. So that’s the difference.
Or better idea, if you have forris running on turris then you could setup port forwarding rule for port 85 or any other you want and forward it to your turris local ip address (usually 192.168.1.1 if you did not changed it) but make change in destination port to 80. This way if you open your wan IP address from mobile phone entering like http://your_wan_ip_address:85 should open forris login page and you had verified that port 85 is not blocked on the way.
I’ll try NGINX. My ISP isn’t blocking as this was working perfectly well before I changed my router. I’ll update here with the results either way later. Thanks.
Are you sure about source ports? I doubt other party starts its session at the same source port as destination port. I would try to remove source port criteria.
Nope, I’m not sure at all. I’ve never done any forwarding on an OpenWrt router before. I assumed that source port referred to incoming port when the request arrived at the router, but without some clear documentation, I can’t be sure. The OpenWrt documentation implies that my interpretation is correct, but as it doesn’t actually work, I could easily be wrong. I’m going to have t just try stuff…
Hi.
I am also interested in this as I’m trying to set up wireguard VPN on LAN device.
Is there any manual at the moment explaining port forward?
Searched in documentation but had no luck (maybe I’m search noob there)
I will play a bit but will appreciate guidance from somebody experienced.
Port forwarding is actually needed when you want to forward traffic from some network to a host in another network. Such as from wan(internet) to one of your hosts in your local network. Normally that host is not reachable from internet, by port forwarding you make your internal host accessible from internet.
Assume your lan has 192.168.1.0/24 and router has ip 192.168.1.1, and a http server running on host 192.168.1.26, so you do port forwarding, incoming connection to wan port 80 (http: //wanIp:80) goes to 192.168.1.26:80, port opening not needed on the router.
On the other hand if the http server running on the router itself and you want it to be accesible from internet you just allow incoming connection for port 80 on the router, no port forwarding.
Regarding VPN, it makes your local networks accessible from internet by secure tunnelling. It is better choice than port forwarding.
There is wireguard turris community wiki for wireguard setup.
I played a lot with differentzones and forwards and all I coud find but it does no go through.
I will have to install web server with simple page but I’m not wrt linux skilled yet and manual how to install uhttp gives me error:
Looks good, but there must be a listening server(http server etc) on that host:port 192.168.1.2, otherwise it is pointless.
You will install http server on that host(pc whatever it is), not the router. You can try lighthttp for example.
No, nothing to install on the router which simply forwards the packets to the machine with LAN address 192.168.1.2 on port 12346. However that machine must have the port open and a server software (lighthttp or other) able to deal with the incoming packets. You do this port forwarding because you expect incoming requests from the outside world (=WAN).
Well it is already accessible within your LAN without port forwarding. You do port forwarding because want to access that machine from internet, you should test from internet like http: // wanIP : 80
See your setup it says from wan to 192.168.1.2
I know I can test port forward by typing my my-wan-IP:12346. It should work but this test is not success and I don’t know how to look where is the problem.
ISP says all ports are forwarded to my router (Omnia).
I tried and it is same postrouting missing somehow(might not be needed).
But forward rule also missing, It seems it doesn’t create forwarding rule just by adding port-forwarding unless forward from wan wasn’t allowed before.
