Timeline for Port forwarding through a router and a VPN work separately, but not together
Current License: CC BY-SA 4.0
21 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jul 20, 2021 at 12:46 | comment | added | Tom Yan | Let us continue this discussion in chat. | |
| Jul 20, 2021 at 11:24 | comment | added | adamski234 |
I'm not NATing to 192.168.2.2. My router doesn't even allow me to input an IP outside of its subnet. I NAT to 192.168.1.4 (Pi running the VPN) on which I also forward port 6568 to 192.168.2.2:6567
|
|
| Jul 20, 2021 at 11:18 | comment | added | Tom Yan | "Directly" refers to the IP/L3 network in the scope of concern, not the cellular network or wifi network the phone is connected to. | |
| Jul 20, 2021 at 11:15 | comment | added | Tom Yan |
If you are DNAT'ing Public/WAN IP:some port from the router "directly" to 192.168.2.2:6567, the router will need to know 192.168.1.4 is the gateway for 192.168.2.0/24 (or just 192.168.2.2).
|
|
| Jul 20, 2021 at 11:13 | comment | added | adamski234 | My goal is to be able to use my phone as a server when I'm not at home. As in, I set up an HTTP/FTP/whatever server on my phone, connect it to the VPN and make it accessible through my.domain.com. I can't directly forward to my phone, since it's not in the network I can manage. So, since I already had a VPN, I figured that I could make it work by forwarding a port through the VPN server to the phone. Which works, however it breaks when there are two forwards. | |
| Jul 20, 2021 at 11:09 | comment | added | Tom Yan |
Ahh, you mean you are trying to do two layers of destination NAT? Like Public/WAN IP:6568 -> 192.168.1.4:6568 -> 192.168.2.2:6567? First of all, have you even configured the outer layer DNAT on the router? Besides, this approach is not exactly a decent way AFAIK. I don't have much experience with such setup to tell whether it is doomed to fail / failure-prone though.
|
|
| Jul 20, 2021 at 10:56 | comment | added | Tom Yan | Port forwarding (destination NAT) needs proper routing and IP forwarding to work. Besides, what does you phone have to do with your setup? Just like what you draw, your phone is irrelevant / unrelated to the whole thing except being in the same LAN/subnet as the Pi. What exactly are you trying to achieve? | |
| Jul 20, 2021 at 10:50 | history | edited | adamski234 | CC BY-SA 4.0 |
Added details
|
| Jul 20, 2021 at 10:48 | comment | added | adamski234 |
Does the router need to have a route to 192.168.2.0/24? I thought that this wasn't needed when doing forwarding. trying to reach the Phone means connecting to the router on the forwarded port (my.domain:6568)
|
|
| Jul 19, 2021 at 9:11 | comment | added | Tom Yan | If they don't have route for the VPN subnet, the packets probably went to your ISP (your router's default gateway) where it got dropped or so. | |
| Jul 19, 2021 at 9:09 | comment | added | Tom Yan |
Well, do your home PC or router even have route for 192.168.2.0/24 with the VPN server / pi's LAN IP as gateway? (Or, what exactly do you mean by trying to reach the Phone anyway?)
|
|
| Jul 18, 2021 at 17:49 | comment | added | adamski234 | Let us continue this discussion in chat. | |
| Jul 18, 2021 at 17:49 | history | edited | adamski234 | CC BY-SA 4.0 |
Added a network diagram, and updated the description to use names from that diagram
|
| Jul 18, 2021 at 15:48 | comment | added | anon | Just use VPN then and not port forwarding. | |
| Jul 18, 2021 at 15:46 | comment | added | adamski234 | If I understand what you're saying right, you misunderstood my question. There is no subnet on the other side of the VPN, there's just a single device. | |
| Jul 18, 2021 at 15:32 | comment | added | anon | Do you mean giving the device connecting to the VPN an address in the subnet that my home network works with ... Yes, I think that is correct. I would normally provide the local subnet group at each end of the VPN a complete local subnet at each end. | |
| Jul 18, 2021 at 14:59 | comment | added | adamski234 | I'm still not getting it. Do you mean giving the device connecting to the VPN an address in the subnet that my home network works with? | |
| Jul 18, 2021 at 13:50 | comment | added | anon | Look in the VPN setups for Remote and Local subnets. That is what I was referring to. | |
| Jul 18, 2021 at 13:49 | comment | added | adamski234 | I'm not sure what you mean by "encompass the machines you wish to see / access". Could you elaborate? | |
| Jul 18, 2021 at 13:40 | comment | added | anon | I do not know your setup but I certainly use VPN and have done for a long time. You do not need port forwarding with VPN. Just set up your remote and local subnets to encompass the machines you wish to see / access. | |
| Jul 18, 2021 at 13:30 | history | asked | adamski234 | CC BY-SA 4.0 |