I'm testing a new router setup here, thought I had everything correct, but I don't.
Outgoing traffic works just fine, but incoming traffic isn't getting where it needs to go. I tried a web tool that can do a port scan, it was showing that the ports I wanted were open, I tried another tool and it got no response at all. Also, the router's WAN address is not pingable, my WhiteRussian setup was pingable on the WAN address externally.
Here is my current network setup:
root@OpenWrt:/etc/config# cat network #### VLAN configuration config switch eth0 option enable 1 config switch_vlan eth0_0 option device "eth0" option vlan 0 option ports "0 1 2 3 4 5u" #### Loopback configuration config interface loopback option ifname "lo" option proto static option ipaddr 127.0.0.1 option netmask 255.0.0.0 #### LAN configuration config interface lan option type bridge option ifname "eth0" option macaddr "00:1D:7E:1E:A0:F8" option proto static option ipaddr 192.168.1.2 option netmask 255.255.255.0 #### WAN configuration config interface wan option ifname "eth1" option macaddr "00:1d:7e:1e:a0:f9" option proto dhcp
And now a snipped from my Firewall config showing traffic on port 80 should redirect to a different system on the LAN:
root@OpenWrt:/etc/config# cat firewall config 'defaults' option 'syn_flood' '1' option 'input' 'ACCEPT' option 'output' 'ACCEPT' option 'forward' 'ACCEPT' config 'zone' option 'name' 'lan' option 'input' 'ACCEPT' option 'output' 'ACCEPT' option 'forward' 'ACCEPT' config 'zone' option 'name' 'wan' option 'output' 'ACCEPT' option 'masq' '1' option 'mtu_fix' '1' option 'input' 'ACCEPT' option 'forward' 'ACCEPT' config 'forwarding' option 'src' 'lan' option 'dest' 'wan' config 'rule' option 'src' 'wan' option 'proto' 'udp' option 'dest_port' '68' option 'target' 'ACCEPT' config 'rule' option 'src' 'wan' option 'proto' 'icmp' option 'icmp_type' 'echo-request' option 'target' 'ACCEPT' config 'include' option 'path' '/etc/firewall.user' config 'redirect' option 'src' 'wan' option 'proto' 'tcp' option 'src_dport' '80' option 'dest_ip' '192.168.1.10' option '_name' 'www'
From the web interface, I think I have everything set correctly? I'm sure I'm missing something very basic here...
Also, my prior setup in WhiteRussian was such that I could access internal services by their external DNS name, for example, if the web server listed above was reachable externally as http://example.com, if I used that same URL from the LAN, my page would load correctly. I'd like to keep this same capability, I'm not sure if the default LUCI setup will allow that. Any tips on making that work via the LUCI interface would be appreciated. I'm trying to avoid any unnecessary direct IPTABLES commands if I can avoid it.