Posted: Sat Dec 20, 2014 21:50 Post subject: Port forwarding/firewalling an internal network address?
Hi,
I have a fairly basic mobile broadband access router (ZTE MF283+). I'd like to use my dd-wrt wndr3700 router to manage most of my network. I know I could chain the wndr3700 to the ZTE using a DMZ and the WAN input.
However, the ZTE has a decent WLAN access point and a 4-port switch I'd like to use as well. So currently I've put it on the same subnet (192.168.0.x) as the wndr3700, but disabled DHCP on it. So far I've managed to get DHCP and DDNS running on the wndr3700.
But now I'm looking for a way to manage port forwarding on the wndr3700. I've tried putting it in the DMZ of the ZTE, however that doesn't work as port forwarding only seems to work in gateway mode for the WAN-side.
So I wonder whether there is some way to keep the wndr3700 and the ZTE on the same subnet, but let the wndr3700 manage port forwards, without having some gaping security holes?
Note the ZTE can do port forwarding as well, but it's cumbersome and limited (e.g., it cannot redirect ports etc.).
Yes, the ZTE is on the same network using a static IP.
Since dd-wrt is so powerful, I though maybe something could be hacked.
that the two devices can communicate lan to lan doesn't help me. I thought it could work like this:
internet WAN request goes to ZTE (e.g., some RDP request or so). ZTE has wndr in DMZ, so forwards the request directly to the WNDR. In WNDR, when request comes in, forward to correct device... There's a setting for the incoming subnet, I tried to set that to the same subnet of the WNDR, but that didn't work - probably because it only works for the WAN-side, but I'm not sure.
The ZTE doesn't have a working bridge mode and I'd lose the WLAN AP...