Port Forwarding - basic config

Hi,

I’ve replaced my old router with my TO and I’m having problems with setting up the port forwarding. I need 85, 9000 and 18004 open and forwarded to my CCTV device @ 192.168.1.96. These are my forwards.


I’ve also opened the same ports.

However, https://www.yougetsignal.com/tools/open-ports/ still reports these ports as closed.

I assume that I’ve missed some other config setting that my previous router didn’t have. Can someone please point me in the right direction to fix this? Many thanks.

Yes you missed it completely. Because it is two different things on both sheets.

If you open port that means traffic from wan end up on this device eg. there has to be some daemon running on turris that handle incoming traffic on choosen port.

If you set up port forwarding to other device in your lan, than all traffic is forwarded to choosen IP 192.168.1.96 in your case. So delete rules Open85, Open9000, Open 18004 and keep ONLY Swann Media, Swann Host and Swan HTTP and it should redirect all traffic from wan to your camera.

Hi,

Thanks for the reply. The setup that you have suggested is what I had originally and that didn’t work either. However, I see what you mean about opening the ports to “device”. They should be “forwarded” to “lan” I assume. However this means that I don’t understand the difference between the “Port Forwards” section and the “Traffic Rules” section? Both appear to be able to forward ports. Is there a difference?

Anyway, this is what I now have, but it still doesn’t work.


Let me know what I’m doing wrong there. :slight_smile:

Your setting is correct and should definitely work. But there could be some other problem with your connection likely on your ISP side could be those ports blocked. So you need to troubleshoot it somehow. I would recommend you to install NGINX on Turris and configure it to listen on port 85. Then you have to open port 85 (not forward!) in Traffic Rules. Then use some other network connection to connect to your wan IP from this connection (Mobile LTE or other) try open in web browser http://your_wan_ip:85 and see if you get some response. Of course you should first make some hello page on nginx server and test it from your lan just to verify your NGINX server return any page on port 85 from your lan. This way you made sure that something is listening on port 85 and if it is not reachable from wan internet there is something wrong with your network connection at ISP.If you get some correct response from wan then you remove 85 from traffic rules and setup port forwarding to your camera and that should work.

As default turris firewall setup is deny all request and then it looks like port is closed from wan.
In order to enable some communication you have to have something running on certain port on turris device itself or forwarding port to another device within you lan. So that’s the difference.

Or better idea, if you have forris running on turris then you could setup port forwarding rule for port 85 or any other you want and forward it to your turris local ip address (usually 192.168.1.1 if you did not changed it) but make change in destination port to 80. This way if you open your wan IP address from mobile phone entering like http://your_wan_ip_address:85 should open forris login page and you had verified that port 85 is not blocked on the way.

Hi,

I’ll try NGINX. My ISP isn’t blocking as this was working perfectly well before I changed my router. I’ll update here with the results either way later. Thanks.

Are you sure about source ports? I doubt other party starts its session at the same source port as destination port. I would try to remove source port criteria.

Hi,

Nope, I’m not sure at all. I’ve never done any forwarding on an OpenWrt router before. I assumed that source port referred to incoming port when the request arrived at the router, but without some clear documentation, I can’t be sure. The OpenWrt documentation implies that my interpretation is correct, but as it doesn’t actually work, I could easily be wrong. I’m going to have t just try stuff…

I use the port forwards section and that works ok. Try to move your rules there. Good luck.

Untitled

Did you manage to work it out? I too am unable to set up port forwarding or find any documentation for the Turris Omnia to help.