port forwarding question

Discussion in 'Networking, Telephony & Internet' started by warrenr, Mar 24, 2019.

  1. warrenr

    warrenr Member

    Joined:
    Dec 28, 2001
    Messages:
    1,115
    Location:
    3149
    I recently switched over to AussieBB - no issues and finally decided to get my nas internet facing

    I've confirmed no ports are blocked by ABB, enabled port forwarding on on the NF18ACV

    NAT -- Virtual Servers Setup
    Virtual Server allows you to direct incoming traffic from WAN side (identified by Protocol and External port) to the Internal server with private IP address on the LAN side. The Internal port is required only if the external port needs to be converted to a different port number used by the server on the LAN side. A maximum 32entries can be configured.

    Server Name External Port Start External Port End Protocol Internal Port Start Internal Port End Server IP Address WAN Interface LAN Loopback Enable/Disable Remove
    wannas 40 40 TCP 40 40 192.168.20.4 eth4.1 Disabled

    Note 20.4 is the IP of the edgerouter

    wasnt sure if required but I setup port triggering as well
    Protocol FTP
    Port start/end 40
    wan interface 4.1

    NAT -- Port Triggering Setup

    Some applications require that specific ports in the Router's firewall be opened for access by the remote parties. Port Trigger dynamically opens up the 'Open Ports' in the firewall when an application on the LAN initiates a TCP/UDP connection to a remote party using the 'Triggering Ports'. The Router allows the remote party from the WAN side to establish new connections back to the application on the LAN side using the 'Open Ports'. A maximum 32 entries can be configured.

    on the edgerouter
    original port : 40
    forward to address : 192.168.100.99
    forward to port : 40

    on the Nas I have the port number set to 40

    In theory this should work right?
    In practice its not working (using the public address and port 40)
    It does work internally however from my pc (which is on the 192.168.100.0 network)
     
  2. evilasdeath

    evilasdeath Member

    Joined:
    Jul 24, 2004
    Messages:
    4,855
    whats your external WAN ip on your router, first 2 octets? given your new customer you may be on cgnat, not sure how they arr managing their rollout.

    you also dont need port triggering for a single port.

    you can use it when you want 1 port to open multiple additional ports when that other port is used.
     
  3. OP
    OP
    warrenr

    warrenr Member

    Joined:
    Dec 28, 2001
    Messages:
    1,115
    Location:
    3149
  4. evilasdeath

    evilasdeath Member

    Joined:
    Jul 24, 2004
    Messages:
    4,855
    If you have CGNAT, then you are never going to be able to hit your NAS working internet facing, so what actually is your external IP?
     
  5. OP
    OP
    warrenr

    warrenr Member

    Joined:
    Dec 28, 2001
    Messages:
    1,115
    Location:
    3149
    Sorry, after all that never actually confirmed that I was moved off cgnat. I'll provide the external ip tonight when I get home. I did notice that my external ip had completely changed in the afternoon when I rechecked.
     
  6. OP
    OP
    warrenr

    warrenr Member

    Joined:
    Dec 28, 2001
    Messages:
    1,115
    Location:
    3149
    external ip is 180.150.0.0
     
  7. evilasdeath

    evilasdeath Member

    Joined:
    Jul 24, 2004
    Messages:
    4,855
    well you have a public IP then so it should work.
    Make sure you enable LAN loopback (looks like its actually an option on this device)

    And then test from your local lan towards your external IP ie
    180.150.x.x:40
    as you said
    192.168.20.4:40 works

    doing so will test that you have it configured correctly. Once this works then you troubleshoot into the internet, which i very much doubt it's actually blocked.

    I just noticed that you are doing double-NAT so you are going to need to test it on each individual hop.
     
  8. OP
    OP
    warrenr

    warrenr Member

    Joined:
    Dec 28, 2001
    Messages:
    1,115
    Location:
    3149
    thanks mate!
    using filezilla from the pc which is located on192.168.100.xx

    Status: Connecting to 192.168.20.4:40...
    Status: Connection attempt failed with "ECONNREFUSED - Connection refused by server".

    Status: Connecting to 192.168.100.99:40...
    Status: Connection established, waiting for welcome message...

    20.4 is the edge router. so it must be the edge router blocking it :( (As I assume I'm not going beyond this router and using firewalls on the 192.168.20.1 router)


    port forwarding rule on the edge router

    Original port Protocol Forward-to address Forward-to port Description
    40 Both 192.168.100.99 40 nas

    I just noticed that there is a NAT section as well. Tried changing settings there even though I'm using PAT

    Click to view full size!


    I'm trying multiple variations to get it right but still not working


    Click to view full size!



    Click to view full size!
     
    Last edited: Mar 28, 2019
  9. evilasdeath

    evilasdeath Member

    Joined:
    Jul 24, 2004
    Messages:
    4,855
    Last edited: Mar 28, 2019
  10. OP
    OP
    warrenr

    warrenr Member

    Joined:
    Dec 28, 2001
    Messages:
    1,115
    Location:
    3149
    Wow thats a damn good point, i had it setup with their router (hooked up to the nbn device). I then went the easy short term fix and hooked up my edge router with my old ip addresses (security system and cameras etc) to avoid reworking my current setup. I havent actually tried hooking up the edge router directly to the nbn point.......if that works i owe you a beer!
     
  11. koopz

    koopz Member

    Joined:
    Dec 27, 2001
    Messages:
    2,034
    Location:
    Qld
    if you are entering this territory, do so properly.
     
  12. OP
    OP
    warrenr

    warrenr Member

    Joined:
    Dec 28, 2001
    Messages:
    1,115
    Location:
    3149
    well I figured it would be easier to just get rid of the NF18ACV router and just go direct to my edgemax edgerouter lite......doesnt look like thats an option as I cant configure voip :(
     
  13. gdjacobs

    gdjacobs Member

    Joined:
    Apr 3, 2007
    Messages:
    1,442
    Location:
    MB, Canada
    Both EdgeOS and VyOS can handle inbound and outbound VOIP sessions whether via NAT or true routing. What are you having trouble with?
     
  14. OP
    OP
    warrenr

    warrenr Member

    Joined:
    Dec 28, 2001
    Messages:
    1,115
    Location:
    3149
    The NF18ACV had the SIP account configs : authentication name, password, CID name and number
    Where do I put those in the edgemax?
     
  15. caspian

    caspian Member

    Joined:
    Mar 11, 2002
    Messages:
    10,254
    Location:
    Melbourne
    if you are referring to the edgemax edgerouter lite mentioned above, it doesn't have SIP capability.
     
  16. OP
    OP
    warrenr

    warrenr Member

    Joined:
    Dec 28, 2001
    Messages:
    1,115
    Location:
    3149
    Yeah that's what I was afraid of, hence the double natting:( I'll have to check if there are settings in the Cisco ata as well which would make me wonder why do u need it in 2 devices? Surely a port forward for voip to the ata would be sufficient?
     
  17. caspian

    caspian Member

    Joined:
    Mar 11, 2002
    Messages:
    10,254
    Location:
    Melbourne
    you won't need the port forward. the ATA will initiate an outgoing SIP registration and create a NAT table entry. that needs to happen before an incoming call can be terminated anyway. you only need port forwarding for incoming connections without a preceding outgoing invite.
     
  18. gdjacobs

    gdjacobs Member

    Joined:
    Apr 3, 2007
    Messages:
    1,442
    Location:
    MB, Canada
    Specifically, it doesn't have a built in ATA.
     
  19. OP
    OP
    warrenr

    warrenr Member

    Joined:
    Dec 28, 2001
    Messages:
    1,115
    Location:
    3149
    if the ata initiates the requests and has logon details etc, why does the current router have it as well? I'm obviously missing something basic here :(
     
  20. caspian

    caspian Member

    Joined:
    Mar 11, 2002
    Messages:
    10,254
    Location:
    Melbourne
    SIP = ATA. don't split hairs.

    what exact piece of hardware are you talking about? not every router has exactly the same capabilities. a SIP ATA is not part of a router per se, it's a bolt-on feature that just happens to be inside the same little box.
     

Share This Page

Advertisement: