Hi,
1 month ago i have installed second omnia. First one works pretty well, but on this second one, which i have in the office, i cant make simple port forwarding working. I have there only 2 rules, one to enable router admin page from internet, this works, but second just to allow remote desktop of one PC in the LAN i cant propagate to internet, i have no idea, why it does not work. Remote dersktop works only if i try it from second PC inside LAN. But not from internet, even not from VPN (i used standard configuration from web UI). LAN4 port is reserved in my configuration for special cases, not used in this scenario.
firewall looks like this (not working redirect is that in the end MONIKA_RDP)
config defaults
option syn_flood '1’
option input 'ACCEPT’
option output 'ACCEPT’
option forward ‘REJECT’
config zone
option name 'lan’
option input 'ACCEPT’
option output 'ACCEPT’
option forward 'ACCEPT’
option network ‘lan’
config zone
option name 'wan’
option input 'REJECT’
option output 'ACCEPT’
option forward 'REJECT’
option masq '1’
option mtu_fix '1’
option network ‘wan wan6’
config forwarding
option src 'lan’
option dest ‘wan’
config rule
option name 'Allow-DHCP-Renew’
option src 'wan’
option proto 'udp’
option dest_port '68’
option target 'ACCEPT’
option family ‘ipv4’
config rule
option name 'Allow-Ping’
option src 'wan’
option proto 'icmp’
option icmp_type 'echo-request’
option family 'ipv4’
option target ‘ACCEPT’
config rule
option name 'Allow-IGMP’
option src 'wan’
option proto 'igmp’
option family 'ipv4’
option target ‘ACCEPT’
config rule
option name 'Allow-DHCPv6’
option src 'wan’
option proto 'udp’
option src_ip 'fe80::/10’
option src_port '547’
option dest_ip 'fe80::/10’
option dest_port '546’
option family 'ipv6’
option target ‘ACCEPT’
config rule
option name 'Allow-MLD’
option src 'wan’
option proto 'icmp’
option src_ip 'fe80::/10’
list icmp_type '130/0’
list icmp_type '131/0’
list icmp_type '132/0’
list icmp_type '143/0’
option family 'ipv6’
option target ‘ACCEPT’
config rule
option name 'Allow-ICMPv6-Input’
option src 'wan’
option proto 'icmp’
list icmp_type 'echo-request’
list icmp_type 'echo-reply’
list icmp_type 'destination-unreachable’
list icmp_type 'packet-too-big’
list icmp_type 'time-exceeded’
list icmp_type 'bad-header’
list icmp_type 'unknown-header-type’
list icmp_type 'router-solicitation’
list icmp_type 'neighbour-solicitation’
list icmp_type 'router-advertisement’
list icmp_type 'neighbour-advertisement’
option limit '1000/sec’
option family 'ipv6’
option target ‘ACCEPT’
config rule
option name 'Allow-ICMPv6-Forward’
option src 'wan’
option dest '*'
option proto 'icmp’
list icmp_type 'echo-request’
list icmp_type 'echo-reply’
list icmp_type 'destination-unreachable’
list icmp_type 'packet-too-big’
list icmp_type 'time-exceeded’
list icmp_type 'bad-header’
list icmp_type 'unknown-header-type’
option limit '1000/sec’
option family 'ipv6’
option target ‘ACCEPT’
config include
option path ‘/etc/firewall.user’
config include
option path '/usr/share/firewall/turris’
option reload ‘1’
config include
option path '/etc/firewall.d/with_reload/firewall.include.sh’
option reload ‘1’
config include
option path '/etc/firewall.d/without_reload/firewall.include.sh’
option reload ‘0’
config rule
option src 'wan’
option dest 'lan’
option proto 'esp’
option target ‘ACCEPT’
config rule
option src 'wan’
option dest 'lan’
option dest_port '500’
option proto 'udp’
option target ‘ACCEPT’
config include 'miniupnpd’
option type 'script’
option path '/usr/share/miniupnpd/firewall.include’
option family 'any’
option reload ‘1’
config zone 'guest_turris’
option enabled '0’
option name 'guest_turris’
option input 'REJECT’
option forward 'REJECT’
option output 'ACCEPT’
option network ‘guest_turris’
config forwarding 'guest_turris_forward_wan’
option enabled '0’
option name 'guest to wan forward’
option src 'guest_turris’
option dest ‘wan’
config rule 'guest_turris_dns_rule’
option enabled '0’
option name 'guest dns rule’
option src 'guest_turris’
option proto 'tcpudp’
option dest_port '53’
option target ‘ACCEPT’
config rule 'guest_turris_dhcp_rule’
option enabled '0’
option name 'guest dhcp rule’
option src 'guest_turris’
option proto 'udp’
option src_port '67-68’
option dest_port '67-68’
option target ‘ACCEPT’
config redirect
option target 'DNAT’
option src 'wan’
option dest 'lan’
option proto 'tcp udp’
option src_dport '8084’
option dest_ip '192.168.3.1’
option dest_port '80’
option name ‘ROUTER_ADMIN’
config redirect
option target 'DNAT’
option src 'wan’
option dest 'lan’
option proto 'tcp udp’
option src_dport '9100’
option dest_ip '192.168.3.3’
option dest_port '9100’
option name 'TISKARNA_MONIKA’
option enabled ‘0’
config forwarding 'vpn_turris_forward_wan_out’
option src 'vpn_turris’
option dest ‘wan’
config zone
option name 'lan4’
option input 'ACCEPT’
option forward 'REJECT’
option output 'ACCEPT’
option network ‘LAN4’
config forwarding
option dest 'wan’
option src ‘lan4’
config rule 'vpn_turris_rule’
option name 'vpn_turris_rule’
option target 'ACCEPT’
option proto 'udp’
option src 'wan’
option dest_port ‘1194’
config zone 'vpn_turris’
option name 'vpn_turris’
option input 'ACCEPT’
option forward 'REJECT’
option output 'ACCEPT’
option masq '1’
list network ‘vpn_turris’
config forwarding 'vpn_turris_forward_lan_in’
option src 'vpn_turris’
option dest ‘lan’
config forwarding 'vpn_turris_forward_lan_out’
option src 'lan’
option dest ‘vpn_turris’
config redirect
option target 'DNAT’
option dest 'lan’
option dest_ip '192.168.3.5’
option dest_port '3389’
option name 'MONIKANB_RDP’
option src 'wan’
option src_dport '3389’
option proto ‘tcp’
network looks like this
config interface 'loopback’
option ifname 'lo’
option proto 'static’
option ipaddr '127.0.0.1’
option netmask ‘255.0.0.0’
config globals 'globals’
option ula_prefix ‘fd39:9021:e0c8::/48’
config interface 'lan’
option force_link '1’
option type 'bridge’
option proto 'static’
option netmask '255.255.255.0’
option ip6assign '60’
option ipaddr '192.168.3.1’
option _orig_ifname 'eth0 eth2 wlan0 wlan1’
option _orig_bridge 'true’
option ifname ‘eth0’
config interface 'wan’
option ifname 'eth1’
option proto 'static’
option ipaddr '85.135.17.22’
option netmask '255.255.255.252’
option gateway '85.135.17.21’
option dns ‘62.129.50.20 85.135.32.100’
config interface 'wan6’
option ifname '@wan’
option _orig_ifname '@wan’
option _orig_bridge 'false’
option proto ‘none’
config switch
option name 'switch0’
option reset '1’
option enable_vlan ‘1’
config switch_vlan
option device 'switch0’
option vlan '1’
option ports ‘0 1 2 3 5’
config switch_vlan
option device 'switch0’
option vlan '2’
option ports ‘4 6’
config interface 'guest_turris’
option enabled '0’
option type 'bridge’
option ifname 'guest_turris_0 guest_turris_1’
option proto 'static’
option ipaddr '10.111.222.1’
option netmask '255.255.255.0’
option bridge_empty ‘1’
config interface 'LAN4’
option proto 'static’
option ifname 'eth2’
option ipaddr '192.168.10.1’
option netmask ‘255.255.255.0’
config interface 'vpn_turris’
option ifname 'tun_turris’
option proto 'none’
option auto ‘1’
Any help would be great.
