[求教] 有公网ip但是用ip+端口号不能外网访问软路由

优秀***

有公网ip，用ip+端口号就是没法外网访问，其他也就开了个openclash还有docker网心云，是还有哪里没设置到位吗？

hejia***

我也不太懂，但是我看过一个教程说是需要做端口映射

优秀***

外网打不开，都是按照教程来的

weilaiz***

80端口和443是被封的

weilaiz***

80端口和443是被封的

优秀***

weilaizhixin123 发表于 2022-11-24 11:53
80端口和443是被封的

我设置的60000啊，没用这俩

av***

贴你的etc/config/firewall 配置
贴配置，不是图片

sun32***

优秀肥宅 发表于 2022-11-24 11:57
我设置的60000啊，没用这俩

哪里需要在这里添加映射啊，直接在你的  WEB 管理页面设置  修改就好了啊

0.0.0.0:80   这里的80改成60000
[::]:80    这里的80也改成60000
上面的是ipv4,下面的是ipv6

保存了，你再访问看看

moqi***

你的软路由是主路由还是旁路由

优秀***

avin4 发表于 2022-11-24 15:01
贴你的etc/config/firewall 配置
贴配置，不是图片

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option flow_offloading '0'
        option flow_offloading_hw '0'
        option fullcone '1'
        option forward 'ACCEPT'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option output 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        option input 'ACCEPT'
        option forward 'ACCEPT'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'
        option enabled '0'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'
        option enabled '0'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'
        option enabled '0'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'
        option enabled '0'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config rule
        option name 'Support-UDP-Traceroute'
        option src 'wan'
        option dest_port '33434:33689'
        option proto 'udp'
        option family 'ipv4'
        option target 'REJECT'
        option enabled '0'

config include
        option path '/etc/firewall.user'

config include 'zerotier'
        option type 'script'
        option path '/etc/zerotier.start'
        option reload '1'

config include 'miniupnpd'
        option type 'script'
        option path '/usr/share/miniupnpd/firewall.include'
        option family 'any'
        option reload '1'

config include 'luci_app_ipsec_server'
        option type 'script'
        option path '/var/etc/ipsecvirtual**.include'
        option reload '1'

config include 'socat'
        option type 'script'
        option path '/var/etc/socat.include'
        option reload '1'

config include '“师夷长技以制夷”_mudb_server'
        option type 'script'
        option path '/var/etc/“师夷长技以制夷”_mudb_server.include'
        option reload '1'

config include 'gowebdav'
        option type 'script'
        option path '/var/etc/gowebdav.include'
        option reload '1'

config include 'mia'
        option type 'script'
        option path '/etc/mia.include'
        option reload '1'

config include 'openclash'
        option type 'script'
        option path '/var/etc/openclash.include'
        option reload '1'

config rule 'openvirtual**'
        option name 'openvirtual**'
        option target 'ACCEPT'
        option src 'wan'
        option proto 'tcp udp'
        option dest_port '1194'

config zone 'virtual**'
        option name 'virtual**'
        option input 'ACCEPT'
        option forward 'ACCEPT'
        option output 'ACCEPT'
        option masq '1'
        option network 'virtual**0'

config forwarding 'virtual**towan'
        option src 'virtual**'
        option dest 'wan'

config forwarding 'virtual**tolan'
        option src 'virtual**'
        option dest 'lan'

config forwarding 'lantovirtual**'
        option src 'lan'
        option dest 'virtual**'

config include '“师夷长技以制夷”'
        option type 'script'
        option path '/var/etc/“师夷长技以制夷”.include'
        option reload '1'

config include '“师夷长技以制夷”_server'
        option type 'script'
        option path '/var/etc/“师夷长技以制夷”_server.include'
        option reload '1'

config include 'p p t pd'
        option type 'script'
        option path '/etc/p p t pd.include'
        option reload '1'

config rule 'p p t p'
        option name 'p p t p'
        option target 'ACCEPT'
        option src 'wan'
        option proto 'tcp'
        option dest_port '1723'

config rule 'gre'
        option name 'gre'
        option target 'ACCEPT'
        option src 'wan'
        option proto '47'

config include 'softethervirtual**'
        option type 'script'
        option path '/usr/share/softethervirtual**/firewall.include'
        option reload '1'

config include '“师夷长技以制夷”r'
        option type 'script'
        option path '/var/etc/“师夷长技以制夷”r.include'
        option reload '1'

config include 'unblockneteasemusic'
        option type 'script'
        option path '/var/etc/unblockneteasemusic.include'
        option reload '1'

config rule 'kms'
        option name 'kms'
        option target 'ACCEPT'
        option src 'wan'
        option proto 'tcp'
        option dest_port '1688'

config include 'v“师夷长技以制夷”'
        option type 'script'
        option path '/var/etc/v“师夷长技以制夷”.include'
        option reload '1'

config include 'wrtbwmon'
        option type 'script'
        option path '/etc/wrtbwmon.include'
        option reload '1'

config zone 'docker'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option name 'docker'
        list network 'docker'

config zone 'ipsecserver'
        option name 'ipsecserver'
        option input 'ACCEPT'
        option forward 'ACCEPT'
        option output 'ACCEPT'
        option network 'ipsec_server'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option dest_ip '172.17.0.0'
        option name 'docker'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option dest_ip '192.168.11.1'
        option dest_port '80'
        option name 'world'
        option src_dport '2333'

优秀***

moqingzhu 发表于 2022-11-24 15:13
你的软路由是主路由还是旁路由

openwrt物理机主路由，光猫桥接，主路由拨号

优秀***

什么2000，2333，5000，5001，6000，12345，60000等等试了很多个端口都不行，我都怀疑电信把动态公网ip的端口全封了，但是全封了我咋上网的呢？感觉还是我设置有问题

av***

1. config redirect
   
2.         option target 'DNAT'
   
3.         option src 'wan'
   
4.         option dest 'lan'
   
5.         option proto 'tcp udp'
   
6.         option dest_ip '192.168.11.1'
   
7.         option dest_port '80'
   
8.         option name 'world'
   
9.         option src_dport '2333'

复制代码

如果在外网用 IP:2333 无法访问路由器192.168.11.1
看看/etc/config/uhttpd的配置是不是监听端口没包含0.0.0.0

优秀***

avin4 发表于 2022-11-24 17:07
如果在外网用 IP:2333 无法访问路由器192.168.11.1
看看/etc/config/uhttpd的配置是不是监听端口没包 ...

config upnpd 'config'
        option download '1024'
        option upload '512'
        option internal_iface 'lan'
        option port '5000'
        option upnp_lease_file '/var/upnp.leases'
        option enabled '1'
        option uuid '054e4965-1828-4c77-827b-68d6be967b00'

config perm_rule
        option action 'allow'
        option ext_ports '1024-65535'
        option int_addr '0.0.0.0/0'
        option int_ports '1024-65535'
        option comment 'Allow high ports'

config perm_rule
        option action 'deny'
        option ext_ports '0-65535'
        option int_addr '0.0.0.0/0'
        option int_ports '0-65535'
        option comment 'Default deny'

有啊

av***

看清楚我发的