Port-Forwarding not working inside LAN

morbloe · March 19, 2025, 8:50am

Hostname
GL-MT6000
Modell
GL.iNet GL-MT6000
Architektur
ARMv8 Processor rev 4
OpenWrt Version
OpenWrt 24.10.0-rc2 r28161-ea17e958b9

If I use VPN, I can access the Port-Forwarding! It's only not working from inside the LAN.

Please help, thanks!

morbloe · March 19, 2025, 3:35pm

Forther investigations show that I have devices in my LAN that can reach Port-Forwarding via HTTP(S).
But other devices do not. But those devices are still able to ping my wan-port.

morbloe · March 19, 2025, 3:44pm

could this be related to the 2.5 Gbit-Port I use?
If I connect the same device to the Flint2-Wlan, I can access the Port-Forwarding-Service

bruce · March 20, 2025, 2:57am

Hello,

It could be not related to 2.5G port, LAN and WLAN are both on the same bridge by default br-lan.

Please provide a network topology, including wired topology and wireless topology, and IP, which device to ping to which device

morbloe · March 20, 2025, 6:23pm

IP stays the same, but only the green connection works to access the Service provided by the external IP.

IPv6 is deactivated, only active on Window11-Systems (like the Client)
I also tested this with other devices and an android devices (both only Wifi). Same picture, only using the WiFi provided by flint2 itself works.

So what they all have in common is that they go over the flint2-switch (which is part of the bridge-LAN-device).

I'm realy a beginner in regards to OpenWrt, but If you guide me I can debug this further.

morbloe · April 2, 2025, 9:07pm

any idea?

bruce · April 8, 2025, 9:40am

Hello,

Sorry for the late reply.

May I confirm that when this PC is wired, can't access the server through HTTPS://WAN IP or HTTP://WAN IP? When it is wireless, can access the server through the above WAN IP, right?
If the PC on the external network, it is normal to access the server through HTTPS://WAN IP or HTTP://WAN IP?
ping 192.168.178.139 on the PC (192.168.178.117) which wired connect to Flint 2 LAN, is the ping available?

morbloe · April 11, 2025, 9:46am

@bruce
1 YES neither HTTP nor HTTPS
2 YES HTTP and HTTPS - also on Wireless Flint2
3 YES and I also can ping the WAN IP

bruce · April 14, 2025, 10:18am

Well, this point is strange.
PC in LAN and wired connections, since the ping server LAN IP is reachable, it means the PC should be able to access server HTTP or HTTPS at this time.

Please confirm the switch does not have firewall rules?
Flint 2 firewall, LAN zone forwarding allow all traffic by default.

morbloe · April 19, 2025, 3:05pm

To test I connected a PC directly on the ports original used for the 2,5 gbit-switch and the other port used by the avm router (configured as IP-Client): Same picture, no connect to HTTPS.