Skip to main content Port Forwarding Port 80 & 443 : r/openwrt
Go to openwrt

Port Forwarding Port 80 & 443

EDIT: It seems to be NAT reflection which I can't get to work.

I'd never have thought I'd have to ask this again, but I can't seem to be able to forward port 80 & 443 on my openwrt box. I've got 2 WAN Ports and when only the first was active I was able to port forward these ports without a problem, but since having activated the second WAN and having installed mwan3 this does not work anymore. I've not yet configured mwan3, only having given my wan ports different metrics.

My port forward configuration to port 32400 works.

Attached is my port forward configuration. When trying to reach these ports I get a "Forbidden Rejected request from RFC1918 IP to public server address". I believe openwrt seems to just have opened the port instead of having forwarded it. What did I do wrong? 

config redirect
        option target 'DNAT'
        option name 'SoftRAM'
        option src 'wan'
        option dest 'lan'
        list proto 'tcp'
        option src_dport '32400'
        option dest_ip '172.16.0.181'
        option src_dip '95.222.x.x'

config redirect
        option target 'DNAT'
        option name 'HTTP'
        list proto 'tcp'
        option src 'wan'
        option src_dport '80'
        option dest 'lan'
        option dest_ip '172.16.0.135'
        option src_dip '95.222.x.x'

config redirect
        option target 'DNAT'
        option name 'HTTPS'
        list proto 'tcp'
        option src 'wan'
        option src_dport '443'
        option dest 'lan'
        option dest_ip '172.16.0.135'
        option src_dip '95.222.x.x'

(Just in case, 172.16.0.135 is NOT the IP of my OpenWRT Box)

Skip the pharmacy line and get prescriptions delivered right to you, with Amazon Pharmacy.
Learn More
amazon.com
Thumbnail image: Skip the pharmacy line and get prescriptions delivered right to you, with Amazon Pharmacy.
Sort by:
Best
Open comment sort options

"Forbidden Rejected request from RFC1918 IP to public server address"

I think this error message means you're accessing the public IP address from your private IP address and your web server is sensibly blocking this because it's normally an error for a private IP address to connect directly to a public IP address. The port is open and being forwarded correctly but because you're accessing it from a private IP address on your LAN the web server does not like this, it thinks that a private IP address has somehow been forwarded over the Internet and is filtering out the request.

You'll most likely need to add an exception of some sort in the web servers configuration to allow this.

More replies

Yes, you have opened the ports and that's Luci complaining (rightfully) an RFC1918 address has attempted to access it from a public (WAN) IP. Undo that!!

Move Luci away from 80 and 443, even better install luci-app-uhttpd and move it also onto LAN IP only.

Recreate the port forwarding rules you have from WAN to server, but replace the src as lan, instead of wan. You essentially have to NAT/Masquerade the LAN IP's to your WAN IP, as you forward it on to server (server will see your WAN IP access it).

More replies