11384 questions

13563 answers

21250 comments

31888 members

0 votes
1,070 views 5 comments
by

I'm facing a problem with the port forward that doesn.t work with router RUT950 and firmware...quite all...from 00.06.05 on...

Very simple scenario: the router (192.168.1.1) a pc (192.168.1.130) and a cam (192.168.1.100) all connected together; the cam has a web server.

Both from lan or wan I cannot forward any port (I try 8080,8081,8082, etc.) to 192.168.1.100:80 web server. An example:

In lan,

  • From 192.168.1.130 I can browse both 192.168.1.1:80 and 192.168.1.100:80
  • From 192.168.1.130 I CANNOT browse 192.168.1.1:XXX

Same from wan and public yes it is public, I check) IP address

This is quite urgent because my customer is going to deploy about 100 hundred devices in a metropolitan area.

Any help would be appreciated

2 Answers

0 votes
by

Hi,

A solution to this would be creating a port forward rule which would be configured as follows:

The source of connection should be WAN and a destination should be LAN.

Source and External IP address would be set to "any" or blank by default, and internal IP should be your camera that you're willing to reach. Set your external port and internal port with the port you want to use to reach the camera service. 

So let's say if the camera port is 80, then make sure the internal port is set to 80 and your external port will be the one through which you will be connecting to the service from the external network. 

After that, you should use your Public IP and external port you filled in your rule to connect to the camera, but you must do it from the external network, let's say your mobile phone. You should be able to see that the connection is established.

More about how it's configured is explained here: https://wiki.teltonika-networks.com/view/RUT950_Firewall#New_Port_Forward_Rule

EB.

by

Hi, thank you for your response. I reset all install the last firmware an start from scratch as you suggest and now I'm able to connect to cam using public IP. Good

Now the second step...I need to do the same but within a VPN (to Azure).

What I did is create the vpn gtw on Azure and configure point-to-site connections, then I download the OpenVpn client configuration file. On the router using the web ui I create the OpenVPN client configuration, flag to use a file, upload it and save. Good, it works; al also can "ping" from router utilities a linux box in Azure vnet.

Azure vnet is 10.60.0.0/16 with two subnet: 10.60.0.0/24 for the gtw and 10.60.10.0/24 for "servers" (here is my linux box). P2S network is 10.61.0.0/16.

On the router I add another port forward rule like the one that you suggest me BUT using openvpn as the source zone and of course with another external port (8081).

This solution, does not work. from linux box on Azure (that is 10.60.10.4) I cannot connect to cam through router vpn ip (that is 10.61.0.2).

this is the route table in router:


and this is the route table of linux box in azure:

Any suggestion?

Thank you

by
I see that your subnet of the router and devices is 192.168.1.0/24. What you will need to do is reference this address and subnet in your azure route table, cause I can't see it mentioned there. Otherwise, you will not be able to remotely access the router and devices behind it.
by
I beg your pardon but I do not understand...why I have to do this? in the first scenario (using public Ip) the forward work correctly.

By the way, if I add the route as you suggest, what should be the via or gtw?

Thank you for your effort
by
As your Azure VPN server doesn't know where is the network, only your router knows azure - you need to give it a route to know what is the network that it's trying to reach. So Gateway would be 192.168.1.1, and the network you're trying to reach is 192.168.1.0/24.
by

This is exactly what I need https://wiki.teltonika-networks.com/view/Camera_access_from_VPN...but simply doesn't work...

0 votes
by

Hi,

For port forwarding in LAN you may have to enable Masquerading for the lan zone. This can be done from the Network → Firewall → General Settings page. Simply place a checkmark next to Source zone: lan, under Masquerading. (And don't forget to save the changes.)

In WAN-to-LAN this is not required as Masquerading is already enabled by default for the wan zone.

I hope this will be of some of use.

Good luck,

DM