This website provides Linux server operation and maintenance, automated script writing and other services. If you need, please contact the blogger on WeChat: xiaozme
Recently, the network of "iKuai+OpenWrt side routing" mode has been configured in the office. It feels good to use it. Today, however, it was found that a port forwarding failed to take effect. After checking one by one, it was finally found that the problem was caused by the bypass routing.
Suggested Items
- Firewall settings of intranet host (try to turn off the firewall first)
- Router firewall settings
- Try to change the public IP port
- Attempt to temporarily cancel bypass routing
After troubleshooting one by one, it is finally determined that the problem is caused by bypass routing mode. When trying not to use bypass routing, the port mapping of iKuai is valid. How to make the port mapping of iKuai take effect when the bypass route is reserved? Please refer to the solution below.
terms of settlement
If there is no bypass route, the mode is as follows:
- Public IP (8.8.8.8:2222) ->iKuai router (192.168.1.1) ->intranet host (192.168.1.5:2222)
This is no problem, but if the bypass route is added, it is found that Public IP (8.8.8.8:2222)
Unable to access. At this time, we need to first forward the traffic to the bypass route, and then forward it to the target host in the intranet. The mode is as follows:
- Public IP (8.8.8.8:2222) ->iKuai router (192.168.1.1) ->bypass routing (192.168.1.2:2222) ->intranet host (192.168.1.5:2222)
With this network mode, the public network traffic can be normally forwarded to the target host, and the problem is solved. The specific operation steps are as follows:
1、 Add a forwarding to bypass routing rule in "iKuai Router Background - Network Settings - Port Mapping", as shown below.
2、 In the background of OpenWrt, the traffic from the LAN port (the intranet port in the above step) is forwarded to the target machine of the intranet in "Network Firewall Port Mapping", as shown below.
Finally, save and apply.
summary
- If the gateway of your intranet machine points to the primary route (192.168.1.1), there is no need to map the secondary route.
- However, if the gateway of your intranet machine points to the bypass route (192.168.1.2), you need to add port mapping in addition to the primary route, and add additional port mapping in the bypass route