Posted: Tue Nov 14, 2017 23:44 Post subject: Port forwarding doesn't work but UPnP and DMZ work
dd-wrt: r33607
hard reset: 1x (before update)
my network: ISP -> NAT1 -> NAT2 (hosts) -> NAT3 (hosts)
NAT1 is consisted of one router and is not used by any host. NAT2 & NAT3 consist of multiple routers (basically WIFI extenders) and are used by multiple hosts.
Help Guys, please. I think I'm doing everything correctly, yet I still cannot make Port Range Forwarding work. DMZ works fine and ports configured in remote access on NAT2 and NAT3 are open. UPnP on NAT2 and NAT3 works with uTorrent, too - ports are being opened by the program. There's just no way Port Range Forwarding would work as well. What I'm trying to achieve is to forward ports to the rest of the routers so they can be remotely accessed (both NAT2 and NAT3 contain more than one router).
I have tried with firewalls disabled on every NAT, with no luck.
Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Wed Nov 15, 2017 14:57 Post subject:
Under port forwarding fill in everything but leave source empty.
Of course if you have multiple routers daisy chaned you forward on every router.
On router 1 forward to router 2, on router 2 forward to router 3 on router 3 forward to the client
I just don't know anymore... It seems to be stonger than me. I just cannot forward it the way I wish. The goal I want to achieve is to gain remote access to all routers by forwarding their remote ports on their DHCP server.
Let's talk about e.g. NAT2 in my network:
- consists of 4 routers in 192.168.1.0/24 subnet
- 1.1 is the DHCP server/default gateway, DMZ to the NAT3 subnet's gateway (192.168.1.200) is enabled
- 1.2, DHCP is disabled, connected to 1.1 eth switch, configured as WDS AP
- 1.3, DHCP is disabled, connected to 1.1 eth switch
- 1.4, DHCP is disabled, configured as WDS Station to 1.2
Simplified Connection graph of NAT2 (Legend: LAN - eth connection, WLAN - wireless connection):
NAT1-- 1.1 --LAN-- (1.2, 1.3)
1.2 --WLAN-- 1.4
1.2 --LAN-- NAT3
Let's say remote access ports on each router are:
- 1.1: 1001
- 1.2: 1002
- 1.3: 1003
- 1.4: 1004
- 1.200: 1200 (DMZ configured on 1.1)
I forward all above ports on 1.1/NAT/portforward to appropriate router and remote access with...
- port 1001 is: OK
- port 1002 is: no response
- port 1003 is: no response
- port 1004 is: no response
- port 1200 is: OK
I have tried everything:
- disabling firewalls
- cloning port forwarding to port range forwarding
- additional port forwarding on each router to itself which makes no sense
- disabling UPnP which may be erasing port forwarding settings (really?)
- disabling DMZ to 192.168.1.200 which may override any port forwarding settings in the current subnet (really?)
It is all pointless, I can gain remote access to the gateway devices but not to the devices I forward ports to.
Help, PLEASE!
Last edited by Coolidge on Mon Jan 08, 2018 22:55; edited 13 times in total
Frankly, I'm having a hard time understanding your description.
Thank You for Your answer, eibgrad. It certainly may have seemed confusing when I had written "is DHCP client to 1.1", which was not exactly true. I corrected it a little. I want it to stay a detailed description of the network because I assume those details might be important. The simplest description of my LAN is given in the 1st post:
"my network: ISP -> NAT1 -> NAT2 (hosts) -> NAT3 (hosts)
NAT1 is consisted of one router and is not used by any host. NAT2 & NAT3 consist of multiple routers (basically WIFI extenders) and are used by multiple hosts."
eibgrad wrote:
Adding information about WDS, AP, etc., doesn't sound all that relevant given this seems to be a routing problem.
Exactly, that might be it! How do I add proper routes in the routing table?
eibgrad wrote:
Add a diagram if that helps.
See my previous post, I added a simple text diagram. It's a simple network not worth drawing it.
Last edited by Coolidge on Thu Jan 18, 2018 23:59; edited 3 times in total
NAT1 is 192.168.0.0/24
NAT2 is 192.168.1.0/24
NAT3 is 192.168.2.0/24
1) ISP is abstract, it's no device, let's call it WAN (Internet provider)
2) Yes, the subnet gateways (0.1, 1.1, 2.1) are, if I understand the phrase correctly, daisy-chained (connected from LAN port to WAN port): the network contains 3 subnets which I call NATs. And also yes, I forward ports on each subnet gateway device. The rest of the devices are connected to its subnet gateways. I would call my whole network an enhanced star.
3) NAT2 contains 4 routers and the subnet gateway is 1.1. This is the example we deal with at the moment.
4) Device 192.168.1.1 is DMZ enabled from NAT1 and is remotely accessible from WAN.
5) Device 192.168.1.200 (its local IP is of course different) is the gateway of NAT3, is DMZ enabled from NAT2 and is remotely accessible from WAN.
6) My goal is to gain remote access to 1.2, 1.3 and 1.4 (at first because there are the NAT1 & NAT3 devices to be accessed as well).
7) All forwarding for NAT2 is being done on 1.1 which is the default gateway for the subnet.
8. NAT1 contains only one router which is NOT dd-wrt. It provides connection to WAN and enables DMZ to NAT2's gateway router.
It cannot be put simpler than that, I hope. I think I need to configure iptables or advanced routing somehow but those are black magic to me at the moment. Also, I am connected to ISP with NAT1 which knows of the existence of NAT2's & NAT3's gateways thanks to DMZ but not necessary about all other routers in those subnets despite port forwarding done on each gateway! Maybe I have to creates static routes to those routers on the NAT1's gateway! But how?
Last edited by Coolidge on Thu Jan 11, 2018 10:47; edited 5 times in total
I found a solution. I changed "Setup/WAN Connection Type/Connection Type" from "Disabled" to "Static IP". Simple as that. All instructions out there in the Internet advice you to disable WAN connection on so-called WiFi extenders in your LAN subnet. It's good advice as long as you don't need remote access to the devices. In my situation enabled WAN connection is required to gain not only remote access but to get simple port forwarding working.
1. Repeat 2-5 on all "extender routers (1.2, 1.3, 1.4)".
2. Change "Setup/WAN Connection Type/Connection Type" from "Disabled" to "Static IP".
3. Assing free IP in the same subnet, best set it to the router's local IP address.
4. Choose the same subnet mask.
5. Set gateway and DNS to the subnet gateway (1.1).