DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Vigor2862 - port redirection not working

  • janusz
  • Topic Author
  • User
  • User
More
13 May 2019 11:28 #1 by janusz
Vigor2862 - port redirection not working was created by janusz
Hi All,

I'm setting up a Vigor2862 and need to use port redirection to a bunch of internal services. Despite digging through the manual, reading how-to's, etc. I can't get it to work. I'd be grateful for any help:

Target Setup:
- Single WAN connection, external DNS, static IP - let's assume it's 200.200.200.200 for the purpose of the post.
- Redirection needed:
1. 200.200.200.200 : 80 -> 10.5.5.3 : 80 (HTTP) [doesn't work]
2. 200.200.200.200 : 443 -> 10.5.5.3 : 443 (HTTPS) [doesn't work]
3. 200.200.200.200 : 10000 -> 10.5.5.2 : 22 (SSH) [doesn't work]
4. 200.200.200.200 : 11000 -> 10.5.5.30 : 40000 (Web application) [works]

Services 1-3 are on the same physical machine but two interfaces.
Services 1-3 are connected to the P1 port of the router.
Service 4 is connected via wireless.

Configuration:
1. NAT >> Port Redirection, set up all the above using any source IP, TCP only, pointing to internal services. Public port as above and either WAN1 or ALL WANs picked as applicable.
2. System Maintenance >> Management, changed the HTTP, HTTPS and SSH ports not to conflict with the above setup.
3. SSL VPN >> General Setup, changed the HTTPS port to 444. Not in use anyway but just to be on the safe side.
4. Firewall >> General Setup, call and data filters disabled. Strict filtering off. Previously set up a rule to allow inbound TCP traffic on port 80 but in desperation turned firewall off until I can get the redirect to work.
5. NAT >> Open Ports, set up an open port 80 for 10.5.5.3. This is for testing, don't think it's needed. Not that it helped...

Testing Conducted:
1. Accessing 10.5.5.3:80 or 10.5.5.2:22 internally works.
2. All the network connectivity seems to be working OK - ping responses between servers and clients.
3. External NMAP scan results always show the same - all ports filtered regardless of whether they're redirected or set up as open.
4. Firewall diagnostic tool states that packets are not managed by firewall in the given scenario. Shouldn't matter - strict firewall now off.

One oddity...
I use MAC to IP binding for crucial infrastructure elements. Both 10.5.5.2 (SSH) and 10.5.5.3 (HTTP/S) interfaces are bound and statically configured. The box runs a BSD flavour and ifconfig shows both interfaces up and firing. However, on the router the 10.5.5.3 is not listed in the binding list... meaning what exactly? The router doesn't think it's up? Initially I thought this might explain the port redirect problem, but then tried to access the 10.5.5.2 interface externally and no go.

One unrelated question....
I'd like to use all physical ports as part of the same LAN/VLAN. I've configured the VLAN setup to include all 4 physical ports and 2 SSIDs for the 2.4G and 5G wireless. Despite this setup, the hosts connected physically to ports 2-4 are unable to connect. I can't even see them in the router. Why is that? What do I need to do to remedy the situation?

Please Log in or Create an account to join the conversation.