Port-Forwarding not working inside LAN

  • Hostname
    GL-MT6000

  • Modell
    GL.iNet GL-MT6000

  • Architektur
    ARMv8 Processor rev 4

  • OpenWrt Version
    OpenWrt 24.10.0-rc2 r28161-ea17e958b9

If I use VPN, I can access the Port-Forwarding! It's only not working from inside the LAN.

Please help, thanks!

Forther investigations show that I have devices in my LAN that can reach Port-Forwarding via HTTP(S).
But other devices do not. But those devices are still able to ping my wan-port.

could this be related to the 2.5 Gbit-Port I use?
If I connect the same device to the Flint2-Wlan, I can access the Port-Forwarding-Service

Hello,

It could be not related to 2.5G port, LAN and WLAN are both on the same bridge by default br-lan.

Please provide a network topology, including wired topology and wireless topology, and IP, which device to ping to which device

1 Like

IP stays the same, but only the green connection works to access the Service provided by the external IP.

IPv6 is deactivated, only active on Window11-Systems (like the Client)
I also tested this with other devices and an android devices (both only Wifi). Same picture, only using the WiFi provided by flint2 itself works.

So what they all have in common is that they go over the flint2-switch (which is part of the bridge-LAN-device).

I'm realy a beginner in regards to OpenWrt, but If you guide me I can debug this further.

any idea?

Hello,

Sorry for the late reply.

  1. May I confirm that when this PC is wired, can't access the server through HTTPS://WAN IP or HTTP://WAN IP? When it is wireless, can access the server through the above WAN IP, right?

  2. If the PC on the external network, it is normal to access the server through HTTPS://WAN IP or HTTP://WAN IP?

  3. ping 192.168.178.139 on the PC (192.168.178.117) which wired connect to Flint 2 LAN, is the ping available?

@bruce
1 YES neither HTTP nor HTTPS
2 YES HTTP and HTTPS - also on Wireless Flint2
3 YES and I also can ping the WAN IP

Well, this point is strange.
PC in LAN and wired connections, since the ping server LAN IP is reachable, it means the PC should be able to access server HTTP or HTTPS at this time.

Please confirm the switch does not have firewall rules?
Flint 2 firewall, LAN zone forwarding allow all traffic by default.

To test I connected a PC directly on the ports original used for the 2,5 gbit-switch and the other port used by the avm router (configured as IP-Client): Same picture, no connect to HTTPS.

Hello,

If Flint2 replaces another router, and configure the same port forwarding settings, is the PC Wired LAN <--> Wired LAN Server accessible?

It seems that Flint2 firewall setting is fine.
BTW, please try to enable the LAN -> WAN Masquerading

activated it and did not change / fix the error

I do not understand the question

Just try replacing Flint2 with other routers to check if there will be the same problem.

I assume that the routing table of the PC (may be since the dual network card, wifi + wired) may cause it cannot access the server 192.168.178.139:2443 and 1380.

@bruce Before I used the flint2 I was using the avm-7590 as my router. I had no issues with it. The issue is with the flint2! Or OpenWrt?!

Could you please give some insight on when the next OpenWrt24-Firmware will be released?

To say it again: The issue is not with one pc. I can reproduce this issue with a variety of clients.
To say it again too: The issue is everywhere except using the wireless Interface of the flint2.
And also, to say it again: Every system can reach the target of the port-forwarding from everywhere using the local LAN IP. BUT only using flint2 Wi-Fi it can reach it using the external DNS-Entry (which points to the WAN-IP).
Also: Being on LTE, some external network, outside my local LAN: Using external DNS (over the WAN-IP) the port-forwarding works like a charm.

So, my idea would be to have a look at openwrt and figure out what's the difference between flint2 wireless and wired interfaces.

Again, I kindly asked for your help.

it is do a bit strange, could you please provide a remote desktop of PC (192.168.178.117) to check?