Port Forwards on WAN IP not working

Question

Port Forwards on WAN IP not working

jooost opened this issue a year ago · comments

Hi,

Firstly thank you for the fantastic scripts they are amazing, I maybe doing something stupid but would really appreciate your input to a problem I am having. I have a server on my LAN let's say 192.168.1.10 and I want all traffic from this server to go out the Mullvad VPN. I set the source IP in the config and it does this. All good.

However I also want inbound traffic into my normal WAN IP to be able to be port forwarded to the same 192.168.1.10 address and when the VPN is up this does not work, if VPN is down then it does. I feel I am probably missing something but would appreciate your suggestion in how I debug this.

Many thanks in advance

peacey · Answer 1 · Sun Feb 26 2023 03:04:23 GMT+0800 (China Standard Time)

Hello @jooost,

You need to exempt the port you want to access from your WAN IP using EXEMPT_SOURCE_IPV4_PORT option in vpn.conf, or else traffic from that port will always go out the VPN. So for example, say I want to exempt source port 443 traffic from exiting the VPN so I can host a web server on this port and still rest of traffic go out the VPN for this client, then you can do use this option in addition to your FORCED_SOURCE_* options.

EXEMPT_SOURCE_IPV4_PORT="both-192.168.1.10-443"

You can change both to udp or tcp if you only want one protocol. Also you can specific a range of ports with 443:446 for ports 443 through 446 for example, or 443,447,448 for ports 443, 447, and 448.

jooost · Answer 2 · Sun Feb 26 2023 05:08:36 GMT+0800 (China Standard Time)

Many thanks for the quick response and advice, I will try that first thing in the morning and report back.

jooost · Answer 3 · Mon Feb 27 2023 04:49:56 GMT+0800 (China Standard Time)

Thanks that worked perfectly, quick final question - can you have multiple entries with different IP’s in this list. Thanks again.

peacey · Answer 4 · Mon Feb 27 2023 05:34:11 GMT+0800 (China Standard Time)

Yes you can. Just separate them with spaces like:

EXEMPT_SOURCE_IPV4_PORT="both-192.168.1.10-443 both-192.168.1.11-25 udp-192.168.1.65-32400"

jooost · Answer 5 · Mon Feb 27 2023 05:38:49 GMT+0800 (China Standard Time)

Fantastic. Many thanks.

peacey · Answer 6 · Mon Feb 27 2023 10:26:54 GMT+0800 (China Standard Time)

No problem! Feel free to close this once you set everything up and confirm it's working without any issues.

jooost · Answer 7 · Mon Feb 27 2023 18:56:26 GMT+0800 (China Standard Time)

All working perfectly for me :)

signed2 · Answer 8 · Thu Jul 06 2023 03:11:22 GMT+0800 (China Standard Time)

Hi Peacey,

I hijack this topic...
I have problem to port forward from wan to local IP.

I can see by a port checker that a certain port is open when I enable it in udm pro firewall, and likewise I can see that the port is closed when I disable the rule.
With port forward rule turned on I'm failing to reach to the final destination even when vpn.conf is configed as follow: EXEMPT_SOURCE_IPV4_PORT="udp-192.168.0.10-443"
I have tried EXEMPT_SOURCE_MAC, without success.

And a newbie question, do I need to restart console everytime I change the vpn.conf file? So far I hade done it, but there might be a faster way to "kick in" the vpn.conf - or if its up and running when it's saved?

Can you please help me out and debug?
Once again, please let me know if there is any way to make a donation!

Thank you,