IX. NAT Related Features

Port Forwarding

Products:
Vigor 2620Ln
Vigor 2760
Vigor 2762
Vigor 2765
Show all

Keywords:
Firewall
IP Filter
NAT
NAT Rule
Show all

How do I make a local server accessible from the Internet ?

When connecting to the Internet with NAT (Network Address Translation), the Vigor router takes a single public IP address, allocated by your ISP and automatically passes data between it and the local PCs on your private local network. However, with only one address visible to the outside world, external users cannot address specific local PCs inside your network. Therefore, an 'unsolicited' TCP/IP packet to your Internet IP address would arrive at your router but then the router wouldn’t know who (or what), locally, the packet is intended for.

In order to run a local server, for example a web server which is visible to the outside world, you have to set up a port forward rule whereby an incoming packet on a particular TCP/UDP port is kept open and forwarded to a specific local PC. Each service (https, ssh, sip, smtp etc.) uses a different port number. This procedure is commonly used if you are running an internal SMTP mail server to which your ISP sends email to.

Once you have set up this type of 'port forwarding' rule. External users, i.e. people elsewhere on the internet can then access your internal server via your public ip address. In the case of a web server, for example, they can enter https:// into their browser, if that was your public IP address. If you are using a Dynamic DNS service then this would work with the port forwarding too.

Additionally, if you are supplied multiple public IP addresses by your ISP, these can be selected as addresses for port forwarding to route traffic. You can learn more about the WAN IP Alias feature here.

Port Forwarding

To configure a port forward on a DrayTek Vigor router running DrayOS, such as the Vigor 2865, Vigor 2830 or Vigor 3910, there are two different methods that can be used.

One is good for opening lots of ports for one server, while the other allows you to translate the externally opened port number, to a different internal port number for the server on your LAN.

Types of Port Forwarding

Port Redirection

This method is used to open a single TCP or UDP port to the Internet and direct it to a LAN (Private) IP address on the Private Port specified.

This can be used to open a port externally (Public Port) and direct it to the same port internally, or a different port number. This can be useful to open the same Private port on multiple local devices to different External port numbers.

For instance Remote Desktop Protocol (TCP 3389) could be opened for many PCs with each having a unique Public Port number, i.e. 192.168.1.10:3389 maps to 33890 externally and 192.168.1.11:3389 maps to 33891 externally.

Open Ports

This method opens a range of ports to the specified LAN (Private) IP address, with up to 10 TCP or UDP port ranges per Open Ports entry.

This can be used to open all required ports to a server in a single NAT - Open Ports rule.

Port Redirection

To configure a Port Redirection NAT rule on the router, go to [NAT] > [Port Redirection] and click on the first available Index number:

In the Port Redirection entry, configure these settings:

Mode Set this to Single to open a single port when forwarding one port.
Seting this to Range opens that range of ports i.e. 100-110 to a similar range of internal IPs such as 192.168.1.100 to 192.168.1.110 to the Private Port specified
Service Name This is used for display purposes to identify the NAT rule
Protocol This can be set to TCP, UDP or TCP/UDP to open both types of port
WAN Interface The Internet connection that the port will be opened to
Public Port This is the external port. In this example, the port forwarded is the same externally as internally
Source IP The Source IP can be left as "Any" to open the port to the Internet, or set to specified IP Objects / Groups to limit access to only that Single IP / Range of IPs / Subnet of IPs
Private IP This is the LAN IP of the server that will respond
Private Port This is the port number for the service that the router will send to the LAN IP

Setting a Source IP will display the IP Objects available on the router; when configured, the port forward rule will allow only that IP address to go through the router's firewall to the forwarded port / service:

Click OK to save the rule and the router will forward requests received on that port to the internal server if the IP address matches the Source IP:


How do you rate this article?

1 1 1 1 1 1 1 1 1 1