0

I have a NAS at home with dual lan cable connected with two different subnets.

 - lan1: 192.168.31.185 on subnet 192.168.31.0/24
 - lan2: 192.168.10.42 on subnet 192.168.10.0/24

And on this NAS server, there is a web service exposing port 5001. Which I want to access from my office.

As the 192.168.10.0/24 subnet gateway router have access to the Internet. I setup DDNS and port forwarding rules on it.

 - port-forwarding rule: ddns-domain.com:5001 -> 192.168.10.42:5001

But testing showed it's not working... Debugging start

There is a PC with address 192.168.10.38 on the same 192.168.10.0/24 subnet.

  1. Try accessing 192.168.10.42:5001 from both PC & gateway router, works well

  2. Setup a demo web service on PC:5001, change the port-forwarding rule: ddns-domain.com:5001 -> PC:5001, access from my mobile 4G network, works well

I'm confusing after this as I used to thought the port forwarding is kind of a special reverse proxy. Which should be working if:

 - resource provider can be accessed from the proxy
 - proxy can be accessed from its own network address

Which both confirmed ok in the debugging process before. So what should I looking into to find out the problem then?

Improve this question
2
  • 1
    What is your routing table on the NAS? Especially, is default gw 192.168.10.1 (which I assume is the router on this network)?
    – Ljm Dullaart
    Commented Mar 5, 2019 at 18:27
  • The default gw on NAS is 192.168.31.1, which is the router on the other network it connected to.
    – Jack
    Commented Mar 6, 2019 at 1:56

1 Answer 1

Reset to default
1

When you use portforwarding you will need to have the return path for sessions be the same as the forward path.

Consider the following network:

+-----+a        c+-------+e           (       )
|     |----------|router1|----------( INTERNET )
|     |          +-------+         (            )     g+-------+  +------+
| NAS |                           (            )-------|firewal|--|server|
|     |b        d+-------+f       (             )      +-------+  +------+
|     |----------|router2|---------(           )
+-----+          +-------+            (      )

(I like ascii-arts)

in this drawing, 

a   first NAS interface      192.168.31.185
b   second NAS interface     192.168.10.42
c   router1 internal         192.168.31.1
d   router2 internal         192.168.10.1
e   router1 external         xx.xx.xx.xx
f   router2 external         yy.yy.yy.yy
g   An ip address on Inet    zz.zz.zz.zz

So, G tries to access your NAS. You set

port-forwarding rule: ddns-domain.com:5001 -> 192.168.10.42:5001

so, G will try to create a session (tcp,zz.zz.zz.zz:12345->yy.yy.yy.yy:5001). Router2 does the portforwarding and will translate that to (tcp,zz.zz.zz.zz:12345->192.168.10.42). Your NAS, polite as it is, will reply. For the NAS, zz.zz.zz.zz is not in the routing table, so it will send the reply to the default gateway, which is c. Router1 is blissfully unaware of the NAT that router2 has done, so it will do its own NAT and send the reply as (tcp,xx.xx.xx.xx:5001->zz.zz.zz.zz:12345). G will think: Meuh? I never sent anything to xx.xx.xx.xx, and will drop the packet. But it will still wait for (tcp,yy.yy.yy.yy::5001->zz.zz.zz.zz:12345).

So that's why it does not work.

Solution: set the default gateway of your NAS to 192.168.10.1.

Improve this answer
1
  • Did this answer help you
    – davidbaumann
    Commented Aug 15, 2019 at 9:28

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .