Problems setting up Port Forwarding


#1

Hi folks, I’m trying to set up port forwarding so I can SSH to the computer in my basement from outside of my home.

Within my home, I can ssh to my local machine at 192.168.1.2, and I can also ssh to it using the remote IP of 107.4.193.235. When I’m outside of the home, the connection times out. So I think it might have something to do with the WAN -> LAN forwarding rules.

I’ve tried using LuCI and the command line, I have this forwarding rule set up:

config redirect
	option name 'ssh'
	option src 'wan'
	option proto 'tcpudp'
	option src_dport '22'
	option dest_ip '192.168.1.2'
	option dest 'lan'

As described by this page: https://lede-project.org/docs/user-guide/firewall_configuration

Since I think something else is interfering, here’s the whole list:

Another suspicion is that it might have something to do with ipv6, but I experimented with that and didn’t really figure anything out.

My router and software version info:

Hostname	LEDE
Model	Linksys WRT1900ACv2
Firmware Version	Lede leviathan V SNAPSHOT r3582-8873474 / LuCI Master (git-17.056.73941-fd2c692)
Kernel Version	4.4.50

Thanks in advance for the help, let me know if there is anything else I can provide that will help.


#2

I have a very similar type of setup on mine except I’m on the 17.01 stable release and it works fine. I have 2 questions: Have you tried using a different source port? Maybe your ISP is blocking port 22 connections. Second, Does the port 80 redirect work?


#3

Same problem with the port 80 redirect. Port 22 is okay with my ISP- it was working yesterday when I was using OpenWRT, but I decided to upgrade because of problems with the outdated wifi drivers.

Demonstration of it working from lan, but both ssh and port 80 timing out remotely:


#4

One other piece of the puzzle. My Firewall zone settings are like this:

I’ve played around with it a fair bit, but I’m not sure what it’s supposed to look like.

If someone is willing to post a working /etc/config/firewall file I’d be willing to try that also. I don’t understand all the rules in it and I think it might be more complicated than I need. (I’m using a build from davidc and I think it came with some extra defaults)


#5

These are the settings I’m using for the firewall. I’m pretty sure it’s the default.


#6

Thank you Hennings, I applied those changes, but it didn’t fix my port forwarding problems. I will probably reset the router and flash to a stable version later this evening.


#7

I’m having similar problems with 17.01.0, r3205-59508e3 on a new Archer C7 ac1750. I was using OpenWRT and it was working, but not with ath10k (5 GHz radio). So I switched to LEDE and now the 5 GHz radio works, apparently, but port forwarding does not appear to work at all. The configuration is identical to a firewall config that was working on OpenWRT. Gotta have port forwarding. Don’t quite know what to do about this, or how to debug it. I’d be glad to send along any info that might be helpful.

One thing that may be relevant is that it’s a PPPOE installation.

fab is also having this problem. On that thread, jow suggested rebind_protection ‘0’, but it had no discernible effect. (The suggestion by hennings here also didn’t work for me.)


#8

@SteveNewcomb up till now I get the forwarding to work by disabling the firewall (not that I am happy about it at all) and perform a daily reboot of the router…


#9

Here’s what i have in the firewall configuration file for exactly the same that you want … only difference is that I SSH into the router, not a PC (change the dest_ip ). I also use the external port 2022 instead of the default 22.

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option src_dport '2022'
        option dest_ip '192.168.1.1'
        option dest_port '22'
        option name 'SSH from WAN'

#10

BTW: Looks like your problem is solved already! I SSH’d into your Public IP and “someone” answered, and it was not the router :wink:


#11

I fixed my problem by completely resetting all of the settings and then repeating the instructions. My only guess is that I had some configuration that carried over the first time I installed the software. I’m still running:
Lede leviathan V SNAPSHOT r3582-8873474 / LuCI Master (git-17.056.73941-fd2c692)
Kernel Version 4.4.50

I believe I configured everything through the web interface here:

I do think i had some IPv6 problems… (including some related to my dynamic DNS setup. I had to set that up to only do ipv4.

I don’t know about the Archer C7 ac1750, but for my WRT1900ACv2, I needed the updated wifi radio drivers and the snapshot was the easiest way for me to get them.


#12

Nicely done! Windows-style (reinstall) ! :slight_smile:


#14

I am also struggling getting port forwarding to work on archer c7.
Can anybody confirm a lede version where port-forwarding works with the archer c7
when configured via the GUI?


#15

I’m having exactlly the same problem with an archer c7 running lede.
to a run of the mill install, I am adding my first forwarding rule without success.


#16

It works for me now, the problem was double NATing, cf.:

https://bugs.lede-project.org/index.php?do=details&task_id=1334&string=archer+forwarding&advancedsearch=on&search_name=&type[0]=&sev[0]=&pri[0]=&due[0]=&reported[0]=&cat[0]=&status[0]=&percent[0]=&opened=&dev=&closed=&duedatefrom=&duedateto=&changedfrom=&changedto=&openedfrom=&openedto=&closedfrom=&closedto=&order=dateopened&sort=desc