OpenWrt Forum Archive

Topic: ACCESS to OpenWRT (LuCI) from WAN

The content of this topic has been archived on 28 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
roswitina
19 Aug 2014, 14:31

I use OpenWrt Chaos Calmer r42170 / LuCI Trunk (svn-r10520) from http://enduser.subsignal.org/~trondah

How do I set up correctly to access LuCI from the WAN?

With LuCI i make the follow "traffic rule" RULE in /etc/config/firewall

config rule
        option target 'ACCEPT'
        option src 'wan'
        option proto 'tcp'
        option name 'GUI'
        option family 'ipv4'
        option src_port '11111'
        option dest_port '443'

This rule does not work.

With LuCI i make the follow "Port Forwards" RULE in /etc/config/firewall

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option name 'GUI'
        option src_dport '11111'
        option dest_port '443'

This rule das WORK.

Can that be right? I had been of the opinion, the Port Forwarding Rules are used for forwarding to the LAN. The access to the router (OpenWRT) should be regulated differently. Am I completely wrong here

Rosi

Post #2
jow
19 Aug 2014, 14:38

option src_port '11111' in your first rule only allow accesses if the origin port is 11111, thats almost never the case. Don't use src_port for port opening rules.

Post #3
roswitina
19 Aug 2014, 15:47

OK. I think I am beginning to understand.
If I want to swap the external port, I have to take "Port Forwarding".

Rosi

Post #4
jow
19 Aug 2014, 17:36

Right, in this case it will install a special variant of a port forward which is equivalent to an iptables REDIRECT rule that merely relocates a port.

The discussion might have continued from here.