2

I'm attempting to setup a router to be used as the WAN modem (TalkTalk Wi-Fi Hub 192.168.1.1), which has a single internal router (the RT-AC51U) as a client. My server and other devices are connected to this internal router (WAN: 192.168.1.10, LAN: 10.0.0.1).

I've added port forwarding rules on the WAN router to forward 22 (ssh) to 8022, 80 (http) to 8000, and 443 (https) to 8443 to the internal router at 192.168.1.10.

The internal router also has forwarding rules to forward traffic from 8022 to 22, 8000 to 8000 (a wordpress docker container is running on 8000), and 8443 to 443 to the server at 10.0.0.100.

I can access HTTP and SSH on the internal network, so the services are running. I can access SSH externally, but when accessing HTTP, it's changing the port in the URL to 8000 and timing out.

I can see in the logs of RT-AC51U that traffic is still being blocked, though it doesn't seem to correspond to when I'm making those requests.

un 20 00:26:51 kernel: DROP IN=vlan2 OUT= MAC=[REMOVED] SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF OPT (94040000) PROTO=2

RT-AC51-U Routing table:

Destination     Gateway         Genmask         Flags    Metric Ref    Use 
Type Iface
192.168.1.1     *               255.255.255.255 UH       0      0        0 WAN0 vlan2
239.255.255.250 *               255.255.255.255 UH       0      0        0 LAN  br0
10.0.0.0        *               255.255.255.0   U        0      0        0 LAN  br0
192.168.1.0     *               255.255.255.0   U        0      0        0 WAN0 vlan2
default         192.168.1.1     0.0.0.0         UG       0      0        0 WAN0 vlan2

RT-AC51-U Port forwarding

Destination     Proto. Port range  Redirect to     Local port
ALL             TCP    8000        10.0.0.100      8000       
ALL             UDP    8000        10.0.0.100      8000       
ALL             TCP    8443        10.0.0.100      443        
ALL             UDP    8443        10.0.0.100      443        
ALL             TCP    8022        10.0.0.100      22         
ALL             UDP    8022        10.0.0.100      22

TalkTalk Hub Port forwarding

Service         Protocol    External host   Internal host   External Port Internal Port Options
HTTP Server     TCP - UDP   *               192.168.1.10    80              8000
HTTPS Server    TCP - UDP   *               192.168.1.10    443             8443
SSH Server      TCP         *               192.168.1.10    22           8022

I'm not sure what I'm getting wrong.

Improve this question
1
  • Do you need these subnets separate? Even though that device is called a "wifi hub" it is indeed a router. You are double natting, which can make port-forwarding a nightmare when setting it up with multi-vendor equipment. You are probably much better off bridging the two routers and being done with the shenanigans.
    – Tim_Stewart
    Commented Jun 20, 2018 at 13:55

1 Answer 1

Reset to default
0

The configuration appears to be correct, as SSH is working remotely. There was a separate issue which was complicating this relating to how the HTTP server was configured.

To simplify matters, I took the internal router out of the configuration.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .