FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
545 views 5 comments
by anonymous
After trying multiple configurations and reading all the related FAQs, I'm not able to get port forwarding to work for my Arduino.

Setup:
- RUTX11 with the latest firmware.
- NAT in use
- Port forwarding external port x to y.y.y.y:80 where y.y.y.y is the IP address of Arduino in the LAN
- Connecting with a web browser directly within the LAN to that IP works (Arduino in that IP is hosting a web server and port 80 is the default for web traffic)
- Port forwarding does not work (using port x from inside LAN or from WAN, will time out). The Arduino does not see any requests coming through.
- My end goal is to connect from the WAN and I am using a DNS service for that (this was working with the previous router)
- pinging inside LAN for the local Arduino IP address works

What I don't understand:
- Is it enough to just set port forwarding (no need to set traffic rules or NAT rules)?
- What am I doing wrong?

Included is the firewall.log. I couldn't get the CLI working (probably security issues on my corporate laptop)

Thanks!

Update: I switched to older Firmware (RUTX_R_00.07.01.4), because I was experiencing intermittent WAN issues: the WAN just disappeared and came back only after reboot of RUTX11. There is another post about that here: https://community.teltonika-networks.com/48968/rut240-upgraded-to-rutos-rut2_r_00-07-02-wan-not-working?show=48968#q48968. This current port forwarding issues was not affected by the firmware change.

1 Answer

0 votes
by anonymous

Hello,

Was this how you had set up the rule on the port forward? If not, try this configuration:

by anonymous
Almost - I just had another port number as external port (security by obscurity - terrible, I know). Another difference was that I had 'any' as the source port.I don't understand what that 'source' is supposed to do.

I tried the settings you posted, but that doesn't work either.

I also noticed that when trying to connect inside LAN to the IP:port that is supposed to be port forwarded, it's not a timeout, it's instant. The router must be telling the browser that the destination cannot be reached. I made another port forwarding rule to account for traffic from inside the LAN (since that rule is only for WAN and I didn't see how to include LAN. Maybe making a new 'zone' or something.). To be clear, I have tried this without having this second rule, so that it's not mixing things up (I don't see why it would, but still).
by anonymous
Example posted above is incorrect. Source port is dynamically generated by client which tries to establish connection to server so this configuration field should be left as empty(any).

Your previous config when you have configured External port should have been correct, External port is the port which client will use as destination port when connecting to RUTX11 WAN IP. You can specify external port as 8080 and internal port as 80, this way you'll still be able to reach RUTX11 via its WAN IP port 80, and when connecting to port 8080(or any other port that you'll specify) will redirect to LAN IP port 80.

The issue with your setup is most likely that you don't have a public IP address, in firewall.log it can be seen that DNAT rule is created with IP 10.87.182.68 which is a private IP address and not routable over the internet.
by anonymous
I have a public IP, but it seems I need to take an extra step to setup it up also in RUTX11 (that was something my previous router did not care about). If I use FindMyIP, it gives at the moment 82.x.y.z. This has been acquired from a local dynamic DNS provider using the Arduino.

Should I setup DynDNS in RUTX11 instead? Or is there a way to let RUTX11 know my public IP or preferably the static domain name that I have? It seems DynDNS is an additional service package in the manual, but I cannot find it with the package manager..

I still wonder why the port forwarding didn't work inside LAN, when I had that second rule where I was trying to port forward traffic from inside LAN into the Arduino LAN IP:80.
by anonymous
Most likely your operator uses some specific APN which provides public IP to your SIM, I'd suggest for you to contact your operator or read their FAQ's regarding public IP and APN's. Once you'll know APN, you can configure it in WebUI -> Network -> Interfaces -> Mob1s(1/2)a1 -> Edit -> Disable auto APN and configure custom APN.

Checking IP via FindMyIP is usually useless as it returns IP of first gateway which has public IP address, so your devices can still be under several layers of NAT.

Once you'll acquire public IP, DDNS service won't be necessary unless you'll want to reach your devices via hostname instead of IP address or if your operator assigns you public dynamic IP only.
by anonymous
Right, thanks! It was so long ago that I had forgotten about setting that APN.

And yes, I will be getting public dynamic IP only, so I need to keep using DDNS. I also found DynDNS from the RUTX11 services - the package was pre-installed and I was just blind. But probably I can keep using the code I have in Arduino.