[FS#4259] Cannot reach public-facing service in LAN from LAN; only reachable from WAN

OpenWrt Bugs openwrt-bugs at lists.openwrt.org
Mon Feb 7 10:20:51 PST 2022


A new Flyspray task has been opened.  Details are below. 

User who did this - Douglas Silva (harpia) 

Attached to Project - OpenWrt/LEDE Project
Summary - Cannot reach public-facing service in LAN from LAN; only reachable from WAN
Task Type - Bug Report
Category - Base system
Status - Unconfirmed
Assigned To - 
Operating System - All
Severity - Medium
Priority - Very Low
Reported Version - Trunk
Due in Version - Undecided
Due Date - Undecided
Details - ====CONTEXT====
I run a publicly accessible web server at home, behind an OpenWrt router. The router has firewall rules allowing incoming connections to ports 80 and 443 (forwarding rules for ipv4; port access rules for ipv6).

A recent snapshot upgrade made the web server unreachable from LAN using ipv4, while still being reachable from WAN. Ipv6 is unaffected and works as expected from both LAN and WAN.

1. Setup a web server inside your LAN network and confirm that it can be reached from outside. I use my phone's 4G connection for that.

2. Download https://downloads.openwrt.org/snapshots/targets/ramips/mt7621/openwrt-ramips-mt7621-tplink_archer-c6-v3-squashfs-sysupgrade.bin and move it to "/tmp" on the router that is already running OpenWrt.

3. Run "sysupgrade openwrt-ramips-mt7621-tplink_archer-c6-v3-squashfs-sysupgrade.bin" and wait for the device to reboot.

4. SSH into it as root, set a root password, apply any needed UCI configuration* and reboot.

5. See if you can reach the web server from inside the LAN using its public ipv4 address.

* I use a shell script to automatically configure everything using UCI commands. It defines DHCP hosts, firewall rules, PPPoE authentication, etc.

Device: TP-Link Archer C6 V3 (ramips/mt7621)
OpenWrt version: SNAPSHOT (r18754-f6a01d7f5c)
- Last working snapshot I used was from December 2021, but I don't have its snapshot number.

More information can be found at the following URL:

You are receiving this message because you have requested it from the Flyspray bugtracking system.  If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

More information about the openwrt-bugs mailing list