FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
1,595 views 5 comments
by anonymous

I think I have found a ‘bug’ in the WebUI setup for Firewall in RUTX50.

I wanted to set up RDC Remote Desktop Connection to access my server via the Modem External Ip Address of the SIM which is Dynamic.

In Firewall > Port Forwards I created a new instance where I set my values etc.

But I can only get the Port Forward New Instance to work when

I enter the exact External IP address in the field which today is 92.40.196.0

However, I at first selected the ‘Any’ option, expecting it to allow any ipaddress.

If I try ‘Any’ option, It doesn’t work!

I assumed (because ‘Any’ looks at all the WAN: network and should include the External IP address from ‘mob1s1a1’ my 1st position sim). In the dropdown list. But the External IP address doesn’t show.

Or

Perhaps there is another setting that I need to set somewhere so that ‘Any picks up the external IP address?

by anonymous
Hi,

Uploaded troubleshoot file as requested.

M
by anonymous
Hello,

  

As I understand, you have another router uplink performing NATing. Make sure the rule works correctly on that router as well. Since on the RUTX you have specified the port 19xxx to be the source port, the port forward rule on your uplink router needs to have a port forward rule with source and destination ports to be the same as source on RUTX.

However, everything seems to be fine with the rule itself. Could you clarify your topology and how you are reaching the RUTX50?

  

Best regards,
DaumantasG

3 Answers

0 votes
by anonymous

Hello,

  

The External IP address field should be populated with the IP address, that you will be reaching the router from.

However, when left empty, it should allow all traffic, so the firewall rule should look like so:

Make sure the Source and Destination zones are set correctly (in this case, it will be LAN → WAN). You could also try restarting the router after configuring the rule.

If your rule looks identically, I will ask you to navigate to System → Administration → Troubleshoot and generate a troubleshoot file. This file can be attached to the original question and will only be visible to Teltonika moderators.

  

Best regards,
DaumantasG

0 votes
by anonymous

(Soon to be gone) I had an existing Router connected via eth to the RUTX50 WAN port. This router is a broadband Very high-speed digital subscriber line (VDSL) router has its own gateway into the street Fibre via vdsl. 

I used it for redundancy as I tested the features of Load Sharing and Failover on the RUTX50. This is now isolated completely from RUTX50, as of yesterday. Note the Rule I am trying to apply to the RUTX50 has worked perfectly on that vdsl router for years.

Now as I begin the transfer of the same rules to the RUTX50, but the issue is as described in the title above.

I reach the RUTX50 from SIM 1 connected to a mast 5km away in clear view. Signal Strength -60db(Excellent). (Download typically 300mb/s)

The gateway traffic arrives at the WAN via MOB1S1A1 with a  typical IP range 92.40.197.xxx 

Here is the overview of Port Forwards RDC rule  (see below).

RDC

IPv4 tcp, udp
From any host in wan
Via IP 92.40.196.xxx at port 3389

IP 192.168.2.156, port 3389 in lan

 If I look in the Rule External IP Address dropdown list, I see only LAN IP Addresses and -Custom- and Any.  

Q. Should I also be able to see 92.40.197.xxx in that list?

Of course I tried 'Any' but nothing gets through to the LAN. 

Assuming I have done things correctly, why does it fail?

PS I use DDNS to pinpoint the current IP as updated in Services > Dynamic DNS > myddns settings.

Regards

Dronecatcher

by anonymous
Hello,

  

Your mobile interface has an IP in the 10.xxx.xxx.xxx range, which means it is behind carrier-grade NAT. This means that unless the carrier is forwarding some ports to the RUTX50 (very unlikely), your device will not be reachable from the internet. The IP address you are referring to is the Public IP address behind the CGNAT.

I would recommend contacting your carrier about the possibility of receiving a static/dynamic public IP address. Once you have this address, you will be able to reach the RUTX50 from the internet.

If you will continue to use VDSL + LTE/5G, I would recommend changing the metrics of the network interface so that the Mobile interface is above the wired WAN. An alternative could be to enable load balancing between these interfaces. Otherwise, you will also not be able to reach the RUTX50 from the mobile interface.

As for the External address, this is the address that you would be reaching the RUTX50 from. Let's say your phone has a public IP 111.111.111.111 assigned, and your router has a public IP 222.222.222.222. The External IP address field is there for security, so you could add the IP addresses that the rule will apply to. So if you add an external IP address 111.111.111.111 only your phone will be able to access the device behind NAT.

You should also keep in mind, that by default, the port forwarding rule will not work if you are trying to access it from the LAN of the RUTX50. It should be tested from an external network.

  

Best regards,
DaumantasG
0 votes
by anonymous

You can check this complete guide for RDP port forwarding.Remote Desktop Port Forwarding

by anonymous
Thanks for the link.

Tip don't connect using external port 3389, disguise the RDC by using another port example IPaddress:41526 in MSTSC and add the rule in port forwarding back to 3389 and protect from unwanted traffic.
by anonymous
Correct, some carriers block this port for security reasons, thus the solution by @Dronecatcher could also be tried.