DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Inbound Port redirection (2860)

  • faxfan2002
  • Topic Author
  • User
  • User
More
18 May 2021 16:24 #1 by faxfan2002
Inbound Port redirection (2860) was created by faxfan2002
I have the following setup (IP's) changed -

Network 138.90.3.0/29 containing
Draytek WAN2 - 138.90.3.2/29 gw 138.90.3.1 (the gw is not connected / doesn't exist)
PC - 138.90.3.4/29 default gateway 138.90.3.2

Network 10.146.3.0/24 containing
Draytek LAN2 - 10.146.3.2/24
PC1 - 10.146.3.10/24 gw 10.146.3.2
PC2 - 10.146.3.11/24 gw 10.146.3.2

I can RDP between PC1 and PC2, from PC2 to PC1 I have http to IIS webservices on port 80.

I setup port redirection -
138.90.3.2 port 3389 to 10.146.3.10 3389 - this timesout when I rdp to 138.90.3.2
138.90.3.2 port 3389 to 10.146.3.11 3389 - this timesout when I rdp to 138.90.3.2 (rule above is disabled)
138.90.3.2 port 5000 to 10.146.3.10 80 - this timesout when I http to 138.90.3.2 (http admin is on 801)

I've individual WAN interfaces, any source, specifying the source, opened the ports in "Open Port" setup.

Nothing seems to work, I get the following in the log file "[WEB] NAT > Port Redirection". The only thing I can think of is that the gateway on WAN2 isn't active but since the originating PC is on the network should it matter??

Please Log in or Create an account to join the conversation.

More
28 May 2021 10:13 #2 by akwe-xavante
Replied by akwe-xavante on topic Re: Inbound Port redirection (2860)
Are you over thinking / complicating things?

You can RDP between PC's on the LAN side ok?

So you are trying to access a desktop using RDP from outside the LAN, over the internet?

Not used RDP software myself. Where is the RDP server and client. My gut feeling is that if you start an RDP connection outwardly from your LAN then you'll have success the router will open ports by request and allow communication. But if you start an RPD connection inwardly then by default you'll fail because port 3389 is closed and access will be denied.

Just open port 3389....... NAT > Open Ports. Open the port and point it to an internal IP address. Don't use port redirection. An internal port number is not required

Have a look at: https://www.draytek.com/support/knowledge-base/5751

Have a rethink......... Explore creating a secure VPN between the two LAN's (LAN to LAN) this will allow RDP sessions between any number of different devices at will in the same way and as if they are all within the same LAN.

I would also explore giving all the connected devices a fixed IP address too LAN > Bind IP to MAC

Please Log in or Create an account to join the conversation.