No właśnie, jednak wszystko zaczyna działać dopiero po utworzeniu:

config rule
        option target 'ACCEPT'
        option src 'wan'
        option proto 'udp'
        option dest_port '49151'
        option src_ip '192.168.1.100'
        option name 'P2P'

coś źle robię ? :-/

Dzięki wielkie, spróbuje jak będę na miejscu.

A z lanu idzie?

Witam
Mam problem z otwarciem portu dla domoticza na świat.
w /etc/config/firewall dopisałem port
config remote_accept 'ra_8080_8080'
        option local_port '8080'
        option remote_port '8080'
        option proto 'tcp'
        option zone 'wan'

Jak wyświetlę otwarte porty nmap dostaję
PORT     STATE SERVICE
8080/tcp open  http-proxy

iptables pokazuje
iptables -v-L -t nat
Chain zone_wan_prerouting (1 references)
pkts bytes target     prot opt in     out     source               destination
    0     0 REDIRECT   udp  --  any    any     anywhere             anywhere             udp dpt:openvpn redir ports 1194
    0     0 REDIRECT   tcp  --  any    any     anywhere             anywhere             tcp dpt:8080 redir ports 8080
  665 39426 REDIRECT   tcp  --  any    any     anywhere             anywhere             tcp dpt:ssh redir ports 22
    9   468 REDIRECT   tcp  --  any    any     anywhere             anywhere             tcp dpt:4433 redir ports 4433
    0     0 CONNMARK   tcp  --  any    any     anywhere             anywhere             tcp dpt:4433 CONNMARK or 0x80
    0     0 REDIRECT   tcp  --  any    any     anywhere             anywhere             tcp dpt:4433 redir ports 443
2259  136K prerouting_wan_rule  all  --  any    any     anywhere             anywhere             /* user chain for prerouting */

i jak łącze się na IP z lanu lub WAN-u lub też po tunelu OpenVPN  to strona otwiera się bez problemu.
Jednakże z IP ze świata dostaję komunikat "Domoticz Offline"
Restart router-a nie pomaga po wprowadzeniu ustawień.

Czy miał ktoś podobny problem może ??
Pozdrawiam

Jak łączę się od strony LAN-u (z domu lokalnie) na IP z klasy 172.20.1.254 jak i IP WAN- u 46.186.4.* zewnętrzne to otwiera mi się strona domoticza w przeglądarce.
Jak łącze się na IP WAN-u ze świata (np z pracy na IP routera) dostaję komunikat DOMOTICZ OFFLINE

tak łączę się i wyświetla strona domoticza "domoticz ofline na komórce a na komputerze stacjonarnym "Przekroczono limit czasu połączenia"

ok w takim razie poszukam na forach co może być problemem

http://eko.one.pl/?p=openwrt-konfigurac … estronywan

Podbijam temat, żeby nie zakłądać nowego wątku... Mam najnowszego Garygoylea i modem hilink z dynamicznym adresem ip od CP. Odpaliłem Openvpn oraz ddns i przekierowania portów. NIestety nie działa mi open vpn oraz przekierowania. Dostaję connection refused.
Konfiguracja firewalla:
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@defaults[0].enforce_dhcp_assignments='1'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].network='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].network='wan' 'wan6'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].target='ACCEPT'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='tcp'
firewall.@rule[3].dest_port='8123'
firewall.@rule[3].src_ip='192.168.1.70'
firewall.@rule[3].name='Hassss'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-DHCPv6'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='udp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].src_port='547'
firewall.@rule[4].dest_ip='fe80::/10'
firewall.@rule[4].dest_port='546'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-MLD'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].src_ip='fe80::/10'
firewall.@rule[5].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Input'
firewall.@rule[6].src='wan'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-ICMPv6-Forward'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='*'
firewall.@rule[7].proto='icmp'
firewall.@rule[7].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[7].limit='1000/sec'
firewall.@rule[7].family='ipv6'
firewall.@rule[7].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.@include[0].reload='1'
firewall.@rule[8]=rule
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].proto='esp'
firewall.@rule[8].target='ACCEPT'
firewall.@rule[9]=rule
firewall.@rule[9].src='wan'
firewall.@rule[9].dest='lan'
firewall.@rule[9].dest_port='500'
firewall.@rule[9].proto='udp'
firewall.@rule[9].target='ACCEPT'
firewall.@include[1]=include
firewall.@include[1].type='script'
firewall.@include[1].path='/usr/lib/gargoyle_firewall_util/gargoyle_additions.firewall'
firewall.@include[1].family='IPv4'
firewall.@include[1].reload='1'
firewall.openvpn_include_file=include
firewall.openvpn_include_file.path='/etc/openvpn.firewall'
firewall.openvpn_include_file.reload='1'
firewall.vpn_zone=zone
firewall.vpn_zone.name='vpn'
firewall.vpn_zone.network='vpn'
firewall.vpn_zone.input='ACCEPT'
firewall.vpn_zone.output='ACCEPT'
firewall.vpn_zone.forward='ACCEPT'
firewall.vpn_zone.mtu_fix='1'
firewall.vpn_zone.masq='1'
firewall.vpn_lan_forwarding=forwarding
firewall.vpn_lan_forwarding.src='lan'
firewall.vpn_lan_forwarding.dest='vpn'
firewall.lan_vpn_forwarding=forwarding
firewall.lan_vpn_forwarding.src='vpn'
firewall.lan_vpn_forwarding.dest='lan'
firewall.ra_openvpn=remote_accept
firewall.ra_openvpn.zone='wan'
firewall.ra_openvpn.local_port='1194'
firewall.ra_openvpn.remote_port='1194'
firewall.ra_openvpn.proto='udp'
firewall.vpn_wan_forwarding=forwarding
firewall.vpn_wan_forwarding.src='vpn'
firewall.vpn_wan_forwarding.dest='wan'
firewall.redirect_enabled_number_0=redirect
firewall.redirect_enabled_number_0.name='Hass'
firewall.redirect_enabled_number_0.src='wan'
firewall.redirect_enabled_number_0.dest='lan'
firewall.redirect_enabled_number_0.proto='tcp'
firewall.redirect_enabled_number_0.src_dport='8123'
firewall.redirect_enabled_number_0.dest_ip='192.168.1.70'
firewall.redirect_enabled_number_0.dest_port='8123'
firewall.redirect_enabled_number_1=redirect
firewall.redirect_enabled_number_1.name='Hass'
firewall.redirect_enabled_number_1.src='wan'
firewall.redirect_enabled_number_1.dest='lan'
firewall.redirect_enabled_number_1.proto='udp'
firewall.redirect_enabled_number_1.src_dport='8123'
firewall.redirect_enabled_number_1.dest_ip='192.168.1.70'
firewall.redirect_enabled_number_1.dest_port='8123'
firewall.redirect_enabled_number_2=redirect
firewall.redirect_enabled_number_2.name='Tp-Link'
firewall.redirect_enabled_number_2.src='wan'
firewall.redirect_enabled_number_2.dest='lan'
firewall.redirect_enabled_number_2.proto='tcp'
firewall.redirect_enabled_number_2.src_dport='8121'
firewall.redirect_enabled_number_2.dest_ip='192.168.1.1'
firewall.redirect_enabled_number_2.dest_port='80'
firewall.redirect_enabled_number_3=redirect
firewall.redirect_enabled_number_3.name='Tp-Link'
firewall.redirect_enabled_number_3.src='wan'
firewall.redirect_enabled_number_3.dest='lan'
firewall.redirect_enabled_number_3.proto='udp'
firewall.redirect_enabled_number_3.src_dport='8121'
firewall.redirect_enabled_number_3.dest_ip='192.168.1.1'
firewall.redirect_enabled_number_3.dest_port='80'
firewall.redirect_enabled_number_4=redirect
firewall.redirect_enabled_number_4.name='Raspi'
firewall.redirect_enabled_number_4.src='wan'
firewall.redirect_enabled_number_4.dest='lan'
firewall.redirect_enabled_number_4.proto='tcp'
firewall.redirect_enabled_number_4.src_dport='8122'
firewall.redirect_enabled_number_4.dest_ip='192.168.1.70'
firewall.redirect_enabled_number_4.dest_port='22'
firewall.redirect_enabled_number_5=redirect
firewall.redirect_enabled_number_5.name='Raspi'
firewall.redirect_enabled_number_5.src='wan'
firewall.redirect_enabled_number_5.dest='lan'
firewall.redirect_enabled_number_5.proto='udp'
firewall.redirect_enabled_number_5.src_dport='8122'
firewall.redirect_enabled_number_5.dest_ip='192.168.1.70'
firewall.redirect_enabled_number_5.dest_port='22'

Na ping ze świata mój adres publiczny odpowiada. Firewall w zmodowanym modemie Hilink jest wyłączony.
Jakieś sugestie co moze nie puszczać?

Dzięki Cezary! Działa. Zapiął mi sie VPN, działa przekierowanie portów. Jeszcze tylko musze zweryfikować czemu nie mogę dostać się do adresów lokalnych 192.168.x.x za tunelem. wpis push topology subnet w configu open vpna mam.  Dostęp do zasobów lokalnych włączony. Póki co próbuję z androida

Zrobiłam wpis w konfiguracji serwera, przekierowanie portu 1194 zrobiłem nową konfigurację i jak zapnę opnvp z komputera to jest ok i dostaje sie do zasobów wewnętrznych. Z androida na telefonie niestety nie. Jakies pomysły?

Błąd w aplikacji:
Error parsing IPv4 route: [route] [192.168.0.0] [255.255.255.0] [10.0.8.1] : tun_prop_route_error: route destinations other than vpn_gateway or net_gateway are not supported

Widziałem rozwiązanie:

Tylko pytanie co to jest vpn_gateway, bo z tego co widzę to adres 10.8.0.1 chyba? Ponadto widzę, że nie dodaje routingu do 192.168.x.x na moim androidzie.