[ENG] Help with port forwarding

[tommyownzz]

Greetings!

Last three days I've been trying to setup few things with Lancom 1781EF+. Because I had zero success, I am asking you for help.

Our customer have subnet of public addresses say 80.80.80.176 /29. The 80.80.80.177 is gateway to ISP, and 80.80.80.178 is WAN interface of Lancom. Other public addresses are unused.
Lancom is also doing dynamic PAT for internal users.

The problem:
New exchange server will have private address 192.168.0.21 and I want to be reachable by some other public address say 80.80.80.181 through port 25.
I went to IP router - maq - port forwarding:

start port: 25
end port: 25
Remote site: INTERNET
Intranet address: 192.168.0.21
Map port: 25
Protocol: TCP & UDP
WAN address: 80.80.80.181

But it does not work. Those port forwarding rules only seem to work when I select the WAN address of the interface (80.80.80.178).


Is this even possible? Do I need to add another public address to router? How?
Config included

Best Regards,
Tom

[Dr.Einstein]

Hey Tom,

your configuration looks valid, I didn't find any mistake. If your 80.80.80.181 is really unused in the transfer net it has to work.

How do you test the connection/forwarding? Lancom routers sometimes (depends on used lcos version and/or used wan layer (ipoe in your case)) have a problem reaching a port forwarding from internal ip ranges -> nat/pat -> inside again. I hope that's the mistake. If not you could use the debug module, login via ssh/tel and enable ip-router trace:

Code: Alles auswählen

trace # ip-router @ 443,

Try to connect to your 80.80.80.181 with port 443 you should see incoming packets -> router 192.168.0.21 (LAN). If you see the incoming packet but there is no answering packet from source 192.168.0.21 check your server (firewall / service etc).

Greetings
Dr.Einstein

[tommyownzz]

Thank you for reply.

I did some testing with debugging. Port forwarding only works when I set WAN address to 80.80.80.178. If I select 80.80.80.181, debug outputs nothing.


Is it possible that it doesn't work because only one address (80.80.80.178) is specified at IP Parameters entry? Can the router use other addresses in subnet too?




Firmware: 8.82.0100 / 28.8.2013
Is firmware ok, is there any known bugs?


If you think everthing is OK, the last hope is reloading the router.



I'm looking forward to your reply,

Tom

[Dr.Einstein]

Hey Tom,

You don't need to change the settings of the "ip parameter" dialog. This ip address is the main wan address of the router for incoming and outgoing connections. In the portforwarding dialog wan address 0.0.0.0 stands for the defined address in the "ip parameter" dialog. If you use another address instead of 0.0.0.0 the Lancom router listen on that ip too (answering arp request from your gateway 80.80.80.177 etc). This wan ip doesn't work work for main services like incoming vpn connections, remote ssh (..), only for the portforwarding.

Maybe your lcos version have a software bug. I tested with lcos 9.20. Everything works as expected. Normally you need to disconnect the wan peer (or restart) after changing any value of the "ip parameter" dialog. In my test the additional portforwarding entry worked directly without manual disconnect. Maybe this behaviour changed between lcos 8.82 and 9.20.

Or your provider did a mistake and the 80.80.80.181 isn't yours? Subnetmask /30 instead of /29?

Greetings
Dr.Einstein

[tommyownzz]

Okay, I decided to upgrade the lcos to 9.10.0727, but I can't find any english documentation regarding lcos upgrade steps. Any links or steps?

I appreciate your help,

Tom

[Dr.Einstein]

It's really easy:

LanConfig -> rightclick your router -> firmware management -> upload new firmware.

Don't forget to download/save your configuration file/script.

[tommyownzz]

And the router will then reload?

[Dr.Einstein]

Reboot, yes.

[MariusP]

Hi,
Lanconfig also supports Drag and Drop of Fw Files.
This is what I use for testing.
Greetings