WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

rut240 parameters don’t allow communication between my lan equipment and its remote wan server

0 votes
299 views 3 comments
by anonymous

Hello, My lan network is composed of 3 equipments : a rut240, my computer and an equipment (never mind which type of equipment is). Rut240 don’t lease much more than 2 ip addresses at the same time (dhcp). Rut240 firmware is 1.12.3, not the last but it should not be the cause of the problem.

I want to allow communication between my equipment in my lan and its remote server in the wan.

I know the port number which it is used by my lan equipment to communicate with its remote wan server.

So, i tried 3 sets of parameters of rut240. For all sets, “General Settings” of “Firewall” are default settings.

* SET 1 : I created 2 forward rules in “Port Forwarding” (see 2 pictures below) :

I created 2 forward rules because i don’t know which of both ip is leased to my lan equipment. So the second picture is the same for both forward rules, except the ip address.

SET 1 - Port Forwarding -overview (picture 1) :

SET 1 - Port Forwarding -properties (picture 2) :

* SET 2 : I created a forward rule in “Traffic rules” :

  SET 2 - Traffic Rules -properties :

* SET 3 : I created a traffic rule in “Traffic rules” (see 2 pictures below) :

SET 3 - Traffic Rules -overview (picture 1) :

SET 3 - Traffic Rules -properties (picture 2) :

All of theses sets don’t allow communication between my lan equipment and its remote wan server.

I just found a similar case. I have to read it. But all people are welcome to answer to my case . Similar case

I don’t know a lot in router firewall. Could you help me, and explain me pedagogically how to configure well functioning sets of rut240 parameters ?

Thanks for your support,

All pedagogic references are also welcome,

1 Answer

0 votes
by anonymous

Hi,

Please try with these steps.

In this way you should be able to reach the internal device, but keep in mind that you should have a public IP, or the server IP should be in the same range that RUT240 wan device.
Please try and let us know if you could achieve your goal.
Regards.
by anonymous

Hello Morao,

Thanks for your support. Before doing some tests related to your advice, could you please reply to my questions hereafter ?

1. You advise me to “allow remote http access” to the webUI of the RUT240.

I don’t need to have remote access from the WAN to the webUI of RUT240. In addition, i don’t understand why the activation of the remote http access would allow the well functioning of the port forwarding.


2. You advise me to “set up a static ip address to my lan equipment”.

Are Port forwarding only functional with static ip of my lan equipment ? Are Port forwarding possible with dynamic ip of the lan equipment ? If it is, i am interested to know how to do.


3. You advise me to “create a port forwarding from wan network to my lan device”.
3.1 What are the minimum parameters to fill in port forwarding config page to allow a well functioning port forwarding ? RUT240_Firewall#Port_Forwarding

3.2 Do you know the difference between “Source port” and “External port”  (and “Source ip address” and “External ip address) ? Which of both have i to use ?

3.3 Port forwarding from WAN can cause security issues for the LAN, perhaps if all parameters allowing a secure port forwarding are not used with the router. Do you know how to allow a secure port forwarding, in order to reduce risk at minimum ?


4. I am using a SIM card in the RUT240, so i confirm you i got various Public IP address, each time RUT240 reached the wan.


Thanks for your answers,
If you are not sure of some answers, tell me please and i will create an other crowd question, or i will pleased to discuss with one of your friend.

by anonymous

Hello,

1. You advise me to “allow remote http access” to the webUI of the RUT240.

I don’t need to have remote access from the WAN to the webUI of RUT240. In addition, i don’t understand why the activation of the remote http access would allow the well functioning of the port forwarding.

Sorry, you're right. Http remote access is not needed to use port forwarding.


2. You advise me to “set up a static ip address to my lan equipment”.

Are Port forwarding only functional with static ip of my lan equipment ? Are Port forwarding possible with dynamic ip of the lan equipment ? If it is, i am interested to know how to do.

No, Port forwarding can work with static IP or dynamic IP, but it's a good practice to assign a static IP to the end device, due if the DHCP server change the LAN IP address, you'll reach your end device as expected.


3. You advise me to “create a port forwarding from wan network to my lan device”.
3.1 What are the minimum parameters to fill in port forwarding config page to allow a well functioning port forwarding ? RUT240_Firewall#Port_Forwarding

Only this step is needed to configure your port forwarding. (Adding a new port forward rule)

https://wiki.teltonika-networks.com/view/RUT240_Firewall#New_Port_Forward_Rule


3.2 Do you know the difference between “Source port” and “External port”  (and “Source ip address” and “External ip address) ? Which of both have i to use ?

To use port forwarding, you don't need to use all these parameters, this option is useful when you need to access to your device from a specific IP, if it's not your case, you can leave it in blank. The same with External parameters.

- Source Port and IP are related to the third party device (Server) you want to get the inbound traffic.

- External IP and port are related to the current WAN IP of your RUT device (Remember you can have more than one interface with differents IP's)

https://wiki.teltonika-networks.com/view/RUTX11_Firewall#Traffic_Rule_Configuration


3.3 Port forwarding from WAN can cause security issues for the LAN, perhaps if all parameters allowing a secure port forwarding are not used with the router. Do you know how to allow a secure port forwarding, in order to reduce risk at minimum ?
The best way to do it is using traffic rules and filter with the specific parameters of your topology.

For instance, connect from a specific IP and port to a specific IP and port. For this you should have static IP's, but everything will depends of the project. A simply port forwarding should be enough in the most of cases.

4. I am using a SIM card in the RUT240, so i confirm you i got various Public IP address, each time RUT240 reached the wan.
I didn't quite understand this one, can you please elaborate it a little more?

by anonymous
Hello Morao,

In your answer and in your last comment, you told me that i should have a public IP.

I guessed that i got one. But it wasn't. French consumers (general public) Internet Service Providers don't assign public IP to their mobile (SIM card) clients.

Only specific french operators provides to their mobile clients a public IP, but it's more expensive than consumers ISP. I'am looking for theses specific french operators. Maybe, they will offer my to contract with ipv6 for cheaper ?

Anyway, what are the others solutions ? Configure the RUT240 with a VPN, like one i know, protonVPN, which has public IP ?

Thanks for your support.