各位大佬！openwrt 端口打开了！但是公网ping不通！但是公网端口可以用！怎么解决？

a6019***

本帖最后由 a601973752 于 2022-9-21 01:27 编辑

各位大佬！openwrt 端口打开了！但是公网ping不通！但是公网端口可以用！怎么解决？

已经解决:原因是防火墙转发端口有问题!装一个Socat端口转发就可以完美解决问题

zeng3***

首先排除防火墙原因！路由器防火墙开了，禁止从外网ping通

ax***

嗯对，端口打开了，看看防火墙怎么设置的？

ljz***

首先排除没有接受入站请求

ga***

ping不通影响不大，
你不是能访问外网端口吗？
那就行了啊…

管它ping得通还是不通呢

ga***

ping的底层是是ICMP协议，不是TCP或者UDP协议…

无所谓的，
一般不影响普通的TCP应用。

a6019***

gaze 发表于 2022-9-20 10:51
ping不通影响不大，
你不是能访问外网端口吗？
那就行了啊…

我还挂了域名....远程访问 ping不通.....就比较尴尬！

a6019***

gaze 发表于 2022-9-20 10:53
ping的底层是是ICMP协议，不是TCP或者UDP协议…

无所谓的，

对的完全不影响使用端口可以正常连接就是ping不通！

a6019***

axzy 发表于 2022-9-20 09:47
嗯对，端口打开了，看看防火墙怎么设置的？

就防火墙的转发的端口都ping不通...别的端口可以ping通！

a6019***

ljzwst 发表于 2022-9-20 10:13
首先排除没有接受入站请求

端口能连上，就是ping不通
！

a6019***

zeng362424 发表于 2022-9-20 09:18
首先排除防火墙原因！路由器防火墙开了，禁止从外网ping通

嗯要关注那个地方！能麻烦细说一下么？谢谢！

zeng3***

a601973752 发表于 2022-9-20 11:06
嗯要关注那个地方！能麻烦细说一下么？谢谢！

看看openwrt的防火墙配置啊

a6019***

zeng362424 发表于 2022-9-20 11:30
看看openwrt的防火墙配置啊

config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option flow_offloading '0'
option flow_offloading_hw '0'
option fullcone '1'

config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'

config zone
option name 'wan'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option input 'REJECT'
list network 'wan6'
list network 'vwan1'
list network 'vwan2'
list network 'vwan3'
list network 'vwan4'
list network 'vwan5'
list network 'vwan6'
list network 'vwan7'
list network 'vwan8'
list network 'vwan9'
list network 'vwan10'
list network 'vwan11'
list network 'vwan12'
list network 'vwan13'
list network 'vwan14'

config forwarding
option src 'lan'
option dest 'wan'

config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'

config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option family 'ipv4'
option target 'ACCEPT'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'

config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'

config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'

config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'

config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled 'false'

config include
option path '/etc/firewall.user'

config include 'zerotier'
option type 'script'
option path '/etc/zerotier.start'
option reload '1'

config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'

config include 'adbyby'
option type 'script'
option path '/var/etc/adbyby.include'
option reload '1'

config rule 'adblock'
option name 'adblock'
option target 'DROP'
option src 'wan'
option proto 'tcp'
option dest_port '8118'

config include 'bypass'
option type 'script'
option path '/var/etc/bypass.include'
option reload '1'

config include 'ipsecd'
option type 'script'
option path '/etc/ipsec.include'
option reload '1'

config rule 'ike'
option name 'ike'
option target 'ACCEPT'
option src 'wan'
option proto 'udp'
option dest_port '500'

config rule 'ipsec'
option name 'ipsec'
option target 'ACCEPT'
option src 'wan'
option proto 'udp'
option dest_port '4500'

config rule 'ah'
option name 'ah'
option target 'ACCEPT'
option src 'wan'
option proto 'ah'

config rule 'esp'
option name 'esp'
option target 'ACCEPT'
option src 'wan'
option proto 'esp'

config zone 'virtual**'
option name 'virtual**'
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option network 'virtual**'

config include 'openclash'
option type 'script'
option path '/var/etc/openclash.include'
option reload '1'

config rule 'openvirtual**'
option name 'openvirtual**'
option target 'ACCEPT'
option src 'wan'
option proto 'tcp udp'
option dest_port '1194'

config zone 'virtual**'
option name 'virtual**'
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option masq '1'
option network 'virtual**0'

config forwarding 'virtual**towan'
option src 'virtual**'
option dest 'wan'

config forwarding 'virtual**tolan'
option src 'virtual**'
option dest 'lan'

config forwarding 'lantovirtual**'
option src 'lan'
option dest 'virtual**'

config include '“师夷长技以制夷”'
option type 'script'
option path '/var/etc/“师夷长技以制夷”.include'
option reload '1'

config include '“师夷长技以制夷”_server'
option type 'script'
option path '/var/etc/“师夷长技以制夷”_server.include'
option reload '1'

config include '“师夷长技以制夷”r'
option type 'script'
option path '/var/etc/“师夷长技以制夷”r.include'
option reload '1'

config include 'unblockmusic'
option type 'script'
option path '/var/etc/unblockmusic.include'
option reload '1'

config rule 'kms'
option name 'kms'
option target 'ACCEPT'
option src 'wan'
option proto 'tcp'
option dest_port '1688'

config include 'wrtbwmon'
option type 'script'
option path '/etc/wrtbwmon.include'
option reload '1'

config zone 'docker'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option name 'docker'
option network 'docker'

config redirect
option target 'DNAT'
option src 'wan'
option dest 'lan'
option proto 'tcp udp'
option src_dport '5515'
option dest_ip '192.168.2.141'
option dest_port '5515'
option name '5515'
option reflection '0'

a6019***

zeng362424 发表于 2022-9-20 11:30
看看openwrt的防火墙配置啊

麻烦大佬给看一眼！谢谢

Jiangu***

问题解决了吗？

账号		自动登录	找回密码
密码			立即注册

[openwrt(x86)] 各位大佬！openwrt 端口打开了！但是公网ping不通！但是公网端口可以用！怎么解决？

欢迎大家光临恩山无线论坛 /1

[openwrt(x86)] 各位大佬！openwrt 端口打开了！但是公网ping不通！ 但是公网端口可以用！怎么解决？

欢迎大家光临恩山无线论坛 /1

[openwrt(x86)] 各位大佬！openwrt 端口打开了！但是公网ping不通！但是公网端口可以用！怎么解决？