IX. NAT Related Features
ExpiredPort Forwarding
How do I make a local server accessible from the Internet ?
When connecting to the Internet with NAT (Network Address Translation), the Vigor router takes a single public IP address, allocated by your ISP and automatically passes data between it and the local PCs on your private local network. However, with only one address visible to the outside world, external users cannot address specific local PCs inside your network. Therefore, an 'unsolicited' TCP/IP packet to your Internet IP address would arrive at your router but then the router wouldn’t know who (or what), locally, the packet is intended for.
In order to run a local server, for example a web server which is visible to the outside world, you have to set up a port forward rule whereby an incoming packet on a particular TCP/UDP port is kept open and forwarded to a specific local PC. Each service (https, ssh, sip, smtp etc.) uses a different port number. This procedure is commonly used if you are running an internal SMTP mail server to which your ISP sends email to.
Once you have set up this type of 'port forwarding' rule. External users, i.e. people elsewhere on the internet can then access your internal server via your public ip address. In the case of a web server, for example, they can enter https:// into their browser, if that was your public IP address. If you are using a Dynamic DNS service then this would work with the port forwarding too.
Additionally, if you are supplied multiple public IP addresses by your ISP, these can be selected as addresses for port forwarding to route traffic. You can learn more about the WAN IP Alias feature here.
Port Forwarding
To configure a port forward on a DrayTek Vigor router running DrayOS, such as the Vigor 2865, Vigor 2830 or Vigor 3910, there are two different methods that can be used.
One is good for opening lots of ports for one server, while the other allows you to translate the externally opened port number, to a different internal port number for the server on your LAN.
Port Redirection |
This method is used to open a single TCP or UDP port to the Internet and direct it to a LAN (Private) IP address on the Private Port specified. This can be used to open a port externally (Public Port) and direct it to the same port internally, or a different port number. This can be useful to open the same Private port on multiple local devices to different External port numbers. For instance Remote Desktop Protocol (TCP 3389) could be opened for many PCs with each having a unique Public Port number, i.e. 192.168.1.10:3389 maps to 33890 externally and 192.168.1.11:3389 maps to 33891 externally. |
Open Ports |
This method opens a range of ports to the specified LAN (Private) IP address, with up to 10 TCP or UDP port ranges per Open Ports entry. This can be used to open all required ports to a server in a single NAT - Open Ports rule. |
Port Redirection
To configure a Port Redirection NAT rule on the router, go to [NAT] > [Port Redirection] and click on the first available Index number:
In the Port Redirection entry, configure these settings:
Mode | Set this to Single to open a single port when forwarding one port. Seting this to Range opens that range of ports i.e. 100-110 to a similar range of internal IPs such as 192.168.1.100 to 192.168.1.110 to the Private Port specified |
Service Name | This is used for display purposes to identify the NAT rule |
Protocol | This can be set to TCP, UDP or TCP/UDP to open both types of port |
WAN Interface | The Internet connection that the port will be opened to |
Public Port | This is the external port. In this example, the port forwarded is the same externally as internally |
Source IP | The Source IP can be left as "Any" to open the port to the Internet, or set to specified IP Objects / Groups to limit access to only that Single IP / Range of IPs / Subnet of IPs |
Private IP | This is the LAN IP of the server that will respond |
Private Port | This is the port number for the service that the router will send to the LAN IP |
Setting a Source IP will display the IP Objects available on the router; when configured, the port forward rule will allow only that IP address to go through the router's firewall to the forwarded port / service:
Click OK to save the rule and the router will forward requests received on that port to the internal server if the IP address matches the Source IP:
- First Published: 29/07/2021
- Last Updated: 30/07/2021
Comments
17/11/2023
Is there a way to forward a port to a complete subnet for voip use.
22/10/2023
Hey Jack.
Funny to say but yesterday I was setting my home network using 2862 as a repeater.
I had similar issue but I think the problem is with opened ports somewhere else, separate modem from your ISP perhaps.
My config:
ISP Modem WAN: 19.18.12.1 (private domain myhomeaddress.com)
ISP Modem IP: 192.168.0.1
VIGOR IP: 192.168.0.3
VIGOR's LAN IPs: 192.168.4.xxx
My PC in LAN to be reached from internet 192.168.4.200
Set redirection as per article AND open ports on your ISP modem.
Examples for ssh connection:
To reach that PC from a PC in Vigor's LAN area (port to port): ssh user@192.168.4.200.
To reach that PC from home network from a PC not belonging to Vigor's LAN: ssh user@192.168.0.3
To reach that PC from internet: ssh user@myhomeaddress.com
In all cases I can establish connection using ssh user@myhomeaddress.com or user@19.18.12.1 from anywhere.
Hope I helped.
21/10/2023
This doesnt work on my Draytek. I keep trying to open port 8333 and nothing happens when I use this service to check it: https://www.yougetsignal.com/tools/open-ports/
I tried Port Redirection, Open Ports and none opens the port.