5653 questions

6863 answers

11066 comments

6945 members

0 votes
209 views 2 comments
by
Hi there,

I have an issue about port forwarding on this new firmware.

I have more then 2 devices, with old version is working just fine with same settings, but, with this new firmware, is not working at all.

Seems he keep blocking my access via a public ip or DDNS service.

|Any ideeas?

1 Answer

+1 vote
by


Yes man, same here I notice some abnormal behavior on my brand new RUT240, it's OpenWrt based and I know a little this kind of software trought years, so I do many test on my site to figure it out, and finally I get a solution working for me.

Well you need to simply "clear" unused zones/rules from firewall configuration located at /etc/config/firewall

then restart firewall with /etc/init.d/firewall restart or reboot a device for ensure kernel tables is cleared.

I write about this in many recent posts today, meow heart

First step fo make clear, is  remove unconfigured/unused zones from configuration and see if your nat/portfowarding rules return to work, of course make configuration backup as usual before starting to edit config files.

Zones below you can safe remove from configuration if not used:

config zone 'l2tp_zone'
	option name 'l2tp'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option masq '1'
	option network 'l2tp'
	option device 'l2tp+ xl2tp+'
	option forward 'REJECT'

config zone 'pptp_zone'
	option name 'pptp'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option masq '1'
	option network 'pptp'
	option device 'pptp+'
	option forward 'REJECT'

config zone 'gre_zone'
	option name 'gre'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option masq '1'
	option network 'gre'
	option device 'gre+'
	option forward 'REJECT'

config zone
	option name 'hotspot'
	option input 'REJECT'
	option output 'ACCEPT'
	option device 'tun0 tun1 tun2 tun3'
	option forward 'REJECT'

config zone 'sstp'
	option name 'sstp'
	option input 'REJECT'
	option output 'ACCEPT'
	option device 'sstp-+'
	option masq '1'
	option forward 'REJECT'

After this you also delete unused rules from firewall WEB UI or from firewall file, don't matter, uci subsystem of RUTos reparsing and adjusting if needed, but pay attention when editing firewall file with custom options, don't mistake syntax or you get parsing error under Firewall WEB UI.

Apply your changes step by step if you're not enough skilled, and watch behavior of RUTos by reloading Firewall page.

Regards

Best answer
by
Thanks for the answer.I found another solution, not so "safe" but is doing the  job, just downgrade the firmware for that version when i don't need to do all of that.
by
Good to know! Bye.