Posted: Mon Aug 29, 2022 14:36 Post subject: [SOLVED] Port Forwarding (Service->Router->Router->
Hi all,
I need to forward the 80 and 443 Port to my Nextcloud in an VLan behind a DD-WRT Router.
I had an static route in the fritzbox to the VLan and also an portforwarding from fritzbox to subnet. All setup in Fritzbox.
The DD-WRT (R7000) is in Gateway mode and WAN is not connected. So NAT should be disabled.
If I try to connect to the nextcloud (from www.mynextcloud.com) I'm in the DD-WRT GUI.
Also set a portforwarding in DD-WRT, but also don't work.
If I set a firewall rule with iptable I can't access the DD-WRT GUI anymore
Solution:
I had an static route in main router (FritzBox) to the subnet, but so I can only make a port forward to the subnet itself.
Now I make another static route in main router to the client, where nextcloud run. Now I can made a port forward to the client itself. (First delete the portforwarding to subnet itself)
Ergo -> Now it work!
Last edited by BassT on Tue Aug 30, 2022 18:17; edited 1 time in total
Joined: 18 Mar 2014 Posts: 12813 Location: Netherlands
Posted: Tue Aug 30, 2022 6:30 Post subject:
It is not totally clear what your setup is but I assume that you have an R7000 setup as a WAP (disabled WAN) and that you have an unbridged interface (other subnet) on this WAP to which your Nextcloud server is connected.
I think you want to reach that Nextcloud server from the internet.
If so I would first of all *not* use the NAT rule usually advised for a WAP setup
(iptables -t nat -I POSTROUTING -o br0 -j SNAT --to $(nvram get lan_ipaddr)
The alternative is to setup a static route on your main router and you have to do that anyway.
So setup a static route on the main router to the subnet of the unbridged interface.
After that just use a normal port forward to the Nextcloud server, the static route will then first send the traffic to the WAP and the WAP has a route to your Nextcloud server.
Some important things:
If the main router is a DDWRT router than clients on the WAP (on the unbridged interface) do not have internet access as the main DDWRT router does not NAT traffic from other subnets out of its WAN)
So you have to add an SNAT rule on the Main router (but only if that is DDWRT stock is more lax)
iptables -t nat -I POSTROUTING -s <subnet of unbridged interface/netmask> -o $(get_wanface) -j SNAT --to $(nvram get wan_ipaddr)
Second if you are using firewall rules to isolate the subnet of the Nextcloud server you might have to look into that also, first try with no isolation enabled
It is not totally clear what your setup is but I assume that you have an R7000 setup as a WAP (disabled WAN) and that you have an unbridged interface (other subnet) on this WAP to which your Nextcloud server is connected.
I think you want to reach that Nextcloud server from the internet.
correct
egc wrote:
If so I would first of all *not* use the NAT rule usually advised for a WAP setup
(iptables -t nat -I POSTROUTING -o br0 -j SNAT --to $(nvram get lan_ipaddr)
The alternative is to setup a static route on your main router and you have to do that anyway.
So setup a static route on the main router to the subnet of the unbridged interface.
check
egc wrote:
After just use a normal port forward to the Nextcloud server, the static route will then first send the traffic to the WAP and the WAP has a route to your Nextcloud server.
I think there is my problem. I had an route in Fritzbox to the "Service VLAN" and an PortForwarding to the subnet (all setup in Fritzbox - Main Router"
Do I need a second "route" in the DD-WRT?
egc wrote:
Some important things:
If the main router is a DDWRT router than clients on the WAP (on the unbridged interface) do not have internet access as the main DDWRT router does not NAT traffic from other subnets out of its WAN)
So you have to add an SNAT rule on the Main router (but only if that is DDWRT stock is more lax)
iptables -t nat -I POSTROUTING -s <subnet of unbridged interface/netmask> -o $(get_wanface) -j SNAT --to $(nvram get wan_ipaddr)
The main Router is a non DD-WRT Fritzbox
egc wrote:
Second if you are using firewall rules to isolate the subnet of the Nextcloud server you might have to look into that also, first try with no isolation enabled
There are no isolating rules for the "Service VLAN"
Joined: 18 Mar 2014 Posts: 12813 Location: Netherlands
Posted: Tue Aug 30, 2022 7:16 Post subject:
You can try with port forwarding to the Nextcloud server
Eaxample:
Main router: 192.168.1.1
WAP (in subnet of Main router): 192.168.1.2
WAP's unbridged subnet: 192.168.11.0/24
Nextcloud server: 192.168.11.11 (on unbridged subnet)
Static route on Fritzbox 192.168.11.0/24 to 192.168.1.2 (WAP)
PortForward on Fritzbox to 192.168.11.11 (Nextcloud server)
The Fritzbox will have the static route so it forwards 192.168.11.11 to 192.168.1.2 (WAP), the WAP also has a route to the unbridged interface (192.168.11.1) and so the traffic should reach the Nextcloud server (I hope)
PortForward on Fritzbox to 192.168.11.11 (Nextcloud server)
And here is the problem.
The Nextcloud is not show in Fritzbox, because the Fritzbox don't see any subnet clients. I can't make a portforward directly to the subnet client. Only to the subnet itself. The forward to the subnet is set on Fritzbox.
Currently I am rebuild my workspace, so testing will work this evening *hope*
Posted: Tue Aug 30, 2022 18:16 Post subject: Solved
I hab a solution:
I had an static route in main router (FritzBox) to the subnet, but so I can only make a port forward to the subnet itself.
Now I make another static route in main router to the client, where nextcloud run. Now I can made a port forward to the client itself. (First delete the portforwarding to subnet itself)