OK.
I found the "Firewall Router" tick box. It was on the "Home AP" Quick set, not the default "WISP AP".
As indicated by some posts, I have added a NAT rule on port 443 to get through to my Fileserver and that works whether I have the "Firewall Router" ticked or nor. However, if I create a NAT rule from port 81 back to the router itself (192.168.1.1 port 80) it only works with the "Firewall Router" unticked.
That seems to indicate the rules used for the ticked "Firewall Router" are too tight. However, your last post seems to indicate that I should not use the rules created when I untick "Firewall Router".
So, as my router is attached to the internet (and is my firewall), it seems dangerous to untick "Firewall Router".
How do I adjust the ticked "Firewall Router" rules to allow access to my router from the internet?
My Filter rules are:
0 ;;; default configuration
chain=forward action=accept connection-state=established,related log=no
log-prefix=""
1 ;;; default configuration
chain=forward action=drop connection-state=invalid log=yes
log-prefix=""
2 ;;; default configuration
chain=forward action=drop connection-state=new
connection-nat-state=!dstnat in-interface=ether1-gateway log=no
log-prefix=""
3 chain=input action=accept protocol=icmp log=no log-prefix=""
4 chain=input action=accept connection-state=established log=no
log-prefix=""
5 chain=input action=accept connection-state=related log=no log-prefix=""
6 chain=input action=drop in-interface=ether1-gateway log=no
log-prefix=""
My NAT rules are (excluding some vpn rules):
2 chain=srcnat action=masquerade out-interface=ether1-gateway log=no log-prefix=""
3 chain=dstnat action=dst-nat to-addresses=192.168.1.2 to-ports=443 protocol=tcp
in-interface=ether1-gateway dst-port=443 log=no log-prefix=""
4 chain=dstnat action=dst-nat to-addresses=192.168.1.1 to-ports=81 protocol=tcp
in-interface=ether1-gateway dst-port=80 log=no log-prefix=""
Thanks
Charles