What's new

Open ports on WAN for service running on the router

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

trec74

New Around Here
Hello! I'm trying to allow incoming connections on port 5201 (iperf3) on my AC86U from the WAN port. I can't seem to find a way to do this. Iperf3 is installed on the router (using Entware) and running as a server/daemon (iperf3 -s -D). I am able to connect to it from the LAN/WIFI, but not from WAN.
I tried doing this via:
1. WAN > Virtual Server/Port Forwarding - for Internal IP address I tried both 192.168.0.1 and 127.0.0.1 - it didn't work.

2. Firewall > General > Inbound Firewall Rules - did basically the same, tried Local IP 192.168.0.1, 127.0.0.1 or blank, also didn't work.
1715786134343.png


I have successfully allowed Ping from WAN and Remote Web UI access from WAN (on port 8443/httpds), so I know my ISP is not blocking inbound connections. But can't seem to find a way to do the same for Iperf and port 5201.


Just as an experiment, I installed Iperf3 on a computer on the LAN and port forwarded to it, and it worked just fine, but I want to be able to run it on the router itself.
 
That looks like the IPv6 inbound firewall rules section. The IPv4 section should be above it, with fewer columns.

Edit: However, this section only adds FORWARD rules, so if you really need an INPUT rule to open a service on the router, you probably will want to use firewall-start script.
 
It does appear under section "IPv6 Firewall", but there is no other section for IPv4 specifically. Here's a screenshot of the entire page:
1715787949554.png


At the same time, under Advanced Settings - IPv6 seems to be completely disabled:
1715788127547.png
 
Sorry, I missed the fact you have an AC86U with 386 firmware. My 388.7 firmware has this extra useless firewall section:

1715788517379.png
 
As Dave said, you'll have to use a firewall-start script and add a rule to the INPUT chain.

Code:
iptables -I INPUT -p tcp --dport 5201 -j ACCEPT
That did it. Thank you both!

Can I sneak another question here or should I open a new topic - how can I start iperf3 automatically with the router start? Currently I'm manually starting it with iperf3 -s -D in Putty. I tried adding this string to the services-start script but that didn't work. Other stuff in the same script are executing as expected. I also tried providing the full path to iperf3, tried copying it to the /jffs folder, made sure the iperf3 permissions are 777 - all to no avail
 
Does your firmware include a copy of iperf (/usr/bin/iperf3)? It was added in recent firmware versions, but maybe not the 386.x branch.

If you only have the Entware version you'll have to start it after Entware is mounted from the USB drive. Have a look in /jffs/scripts/post-mount for Entware stuff and add your command after that.
 
Last edited:
Does your firmware include a copy of iperf (/usr/bin/iperf3)? It was added in recent firmware versions, but maybe not the 386.x branch.

If you only have the Entware version you'll have to start it after Entware is mounted from the USB drive. Have a look in /jffs/scripts/post-mount for Entware stuff and add your command after that.
It is indeed the Entware version. And your suggestion worked. Thanks again!
For the record, this is how my /jffs/scripts/post-mount looks like:
Code:
#!/bin/sh
. /jffs/addons/amtm/mount-entware.mod # Added by amtm
/jffs/addons/wireguard/wg_manager.sh init "" & # WireGuard Manager
/mnt/KINGSTON8GB/entware/bin/iperf3 -s -D
 
It is indeed the Entware version. And your suggestion worked. Thanks again!
For the record, this is how my /jffs/scripts/post-mount looks like:
Code:
#!/bin/sh
. /jffs/addons/amtm/mount-entware.mod # Added by amtm
/jffs/addons/wireguard/wg_manager.sh init "" & # WireGuard Manager
/mnt/KINGSTON8GB/entware/bin/iperf3 -s -D
Thanks for the update. You might want to change that hard-coded path just in case you decide to use a different device label in the future.
Code:
/opt/bin/iperf3 -s -D
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top