New Member
Posts: 5
Registered: ‎03-05-2019
Accepted Solution

Port Forwarding Troubles

[ Edited ]

Hi All,

 

I can't figre it out.  

 

I've read a million threads and I'm just trying to forward a few ports.  I've set it up to automatically configure the firewall, the computer(s) are plugged in through Eth4 through an AP but I've also tried using switch0.  I've tried just one and currently I've just added them all.  I'm sure this is something stupid but I can't figure it out.  

Canyouseeme says everything is still closed off.  

 

Please advise config posted below.  

 

Thanks 

 

 

firewall {
    all-ping enable
    broadcast-ping disable
    group {
    }
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    name WAN_IN {
        default-action drop
        description "WAN to internal"
        rule 20 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 30 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }
    name WAN_LOCAL {
        default-action drop
        description "WAN to router"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
}
interfaces {
    ethernet eth0 {
        address dhcp
        description Internet
        duplex auto
        firewall {
            in {
                name WAN_IN
            }
            local {
                name WAN_LOCAL
            }
        }
        speed auto
    }
    ethernet eth1 {
        description Local
        duplex auto
        speed auto
    }
    ethernet eth2 {
        description Local
        duplex auto
        speed auto
    }
    ethernet eth3 {
        description Local
        duplex auto
        speed auto
    }
    ethernet eth4 {
        description Local
        duplex auto
        poe {
            output pthru
        }
        speed auto
    }
    loopback lo {
    }
    switch switch0 {
        address 192.168.0.1/24
        description Local
        mtu 1500
        switch-port {
            interface eth1 {
            }
            interface eth2 {
            }
            interface eth3 {
            }
            interface eth4 {
            }
            vlan-aware disable
        }
    }
}
port-forward {
    auto-firewall enable
    hairpin-nat disable
    lan-interface switch0
    lan-interface eth4
    lan-interface eth1
    lan-interface eth2
    lan-interface eth3
    rule 1 {
        description emby
        forward-to {
            address 192.168.0.69
        }
        original-port 8096
        protocol tcp_udp
    }
    rule 2 {
        description Radarr
        forward-to {
            address 192.168.0.69
        }
        original-port 7878
        protocol tcp_udp
    }
    rule 3 {
        description Sonarr
        forward-to {
            address 192.168.0.69
        }
        original-port 8989
        protocol tcp_udp
    }
    rule 4 {
        description Transmission
        forward-to {
            address 192.168.0.69
        }
        original-port 9093
        protocol tcp_udp
    }
    rule 5 {
        description NzbGet
        forward-to {
            address 192.168.0.69
        }
        original-port 6789
        protocol tcp_udp
    }
    rule 6 {
        description TEST
        forward-to {
            address 192.168.0.43
        }
        original-port 8898
        protocol tcp_udp
    }
    wan-interface eth0
}
service {
    dhcp-server {
        disabled false
        hostfile-update disable
        shared-network-name LAN {
            authoritative enable
            subnet 192.168.0.0/24 {
                default-router 192.168.0.1
                dns-server 192.168.0.228
                lease 86400
                start 192.168.0.70 {
                    stop 192.168.0.243
                }
                static-mapping MAC_Server {
                    ip-address 192.168.0.69
                    mac-address 70:73:CB:C4:00:C9
                }
                static-mapping raspberrypi {
                    ip-address 192.168.0.228
                    mac-address b8:27:eb:f2:a6:98
                }
            }
        }
        static-arp disable
        use-dnsmasq disable
    }
    dns {
        dynamic {
            interface eth0 {
                service custom-noip {
                    host-name xxxx
                    login xxx
                    password xxxx
                    protocol xxxx
                }
                web dyndns
            }
        }
        forwarding {
            cache-size 150
            listen-on eth0
        }
    }
    gui {
        http-port 80
        https-port 443
        older-ciphers enable
    }
    nat {
        rule 5010 {
            description "masquerade for WAN"
            outbound-interface eth0
            type masquerade
        }
    }
    ssh {
        port 22
        protocol-version v2
    }
    unms {
        disable
    }
}
system {
    host-name ubnt
    login {
        user xxxx {
            authentication {
                encrypted-password $6$0Pw2pvRW9esllAcD$tbn06Bos7khc.E/CEmYetlnVrHi1myavirbw/UAX8KOi1sEquv3yP0/ZE3N1IocD5qH6RFAkhkA5ygKzO/8gM0
            }
            full-name "***"
            level admin
        }
    }
    ntp {
        server 0.ubnt.pool.ntp.org {
        }
        server 1.ubnt.pool.ntp.org {
        }
        server 2.ubnt.pool.ntp.org {
        }
        server 3.ubnt.pool.ntp.org {
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone America/Denver
    traffic-analysis {
        dpi enable
        export enable
    }
}
traffic-control {
    smart-queue All {
        download {
            ecn enable
            flows 1024
            fq-quantum 1514
            limit 10240
            rate 60mbit
        }
        upload {
            ecn enable
            flows 1024
            fq-quantum 1514
            limit 10240
            rate 5mbit
        }
        wan-interface eth0
    }
}


/* Warning: Do not remove the following line. */
/* === vyatta-config-version: "config-management@1:conntrack@1:cron@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@5:nat@3:qos@1:quagga@2:suspend@1:system@4:ubnt-pptp@1:ubnt-udapi-server@1:ubnt-unms@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1" === */
/* Release version: v1.10.9.5166958.190213.1952 */

 


Accepted Solutions
SuperUser
Posts: 8,567
Registered: ‎01-05-2012
Kudos: 2259
Solutions: 1141

Re: Port Forwarding Troubles

Issue

Spoiler
configure
delete service dns forwarding listen-on eth0
delete port-forward lan-interface eth1
delete port-forward lan-interface eth2
delete port-forward lan-interface eth3
delete port-forward lan-interface eth4
commit;save

Then, open another SSH session, in the previously opened session, issue

Spoiler
sudo tcpdump -ni eth0 port 8096

In the second one,

Spoiler
sudo tcpdump -ni switch0 host 192.168.0.69 and port 8096

Connect from outside, on port 8096, what do the tcpdupm's outputs tell ?
Cheers,
jonatha

View solution in original post


All Replies
SuperUser
Posts: 8,567
Registered: ‎01-05-2012
Kudos: 2259
Solutions: 1141

Re: Port Forwarding Troubles

Issue

Spoiler
configure
delete service dns forwarding listen-on eth0
delete port-forward lan-interface eth1
delete port-forward lan-interface eth2
delete port-forward lan-interface eth3
delete port-forward lan-interface eth4
commit;save

Then, open another SSH session, in the previously opened session, issue

Spoiler
sudo tcpdump -ni eth0 port 8096

In the second one,

Spoiler
sudo tcpdump -ni switch0 host 192.168.0.69 and port 8096

Connect from outside, on port 8096, what do the tcpdupm's outputs tell ?
Cheers,
jonatha

New Member
Posts: 5
Registered: ‎03-05-2019

Re: Port Forwarding Troubles

Thank you Jonathan, up and running.  So it was the DNS forwarding eh?  

 

Appreciate your help.

 

Thanks

SuperUser
Posts: 8,567
Registered: ‎01-05-2012
Kudos: 2259
Solutions: 1141

Re: Port Forwarding Troubles

The dns forwarding listen-on , should be set on the internal interfaces, when the router acts as dns server, may be something went wrong in the first port-forward config, anyway, if now is ok .... Man Happy
Cheers,
jonatha

New Member
Posts: 5
Registered: ‎03-05-2019

Re: Port Forwarding Troubles

So I'm thinking about this... I am running a pi-hole on x.228 which is why I'm doing the dns through there.  

 

Did I just disable that?  

 

 

SuperUser
Posts: 8,567
Registered: ‎01-05-2012
Kudos: 2259
Solutions: 1141

Re: Port Forwarding Troubles

All is working as expected ? Yes, don't touch anything. No, then let's try to investigate .... Man Happy
Cheers,
jonatha

New Member
Posts: 5
Registered: ‎03-05-2019

Re: Port Forwarding Troubles

Yep, sorry misunderstanding, everything is up and running regarding RPI.  

 

Appreciate it again.

New Member
Posts: 5
Registered: ‎07-09-2016
Kudos: 1

Re: Port Forwarding Troubles

Matt, you've published your NOIP credentials.
New Member
Posts: 5
Registered: ‎03-05-2019

Re: Port Forwarding Troubles

good looks thanks buddy