Hi all!.
I have a problem with my Lede router when i try to make a port forwarding from my ISP router to my LAN router.
The scheme is the next:
Router 1. 192.168.1.1 (from my ISP)
Router 2 172.16.25.1 LAN /192.168.1.2 WAN (with LEDE)
I have to send packets from internet at RDP port received in ISP router at LAN in Lede router to an ip of my lan.
I have tried in Firewall/Port forwarding but ii doesnt work.
Copy/paste from touter:
IPv4-tcp, udp
From IP 192.168.1.2 in wan with source port 3389
Via any router IP at port 3389
The IP of router 1 is 192.168.1.1, so if you're trying to allow port forwarding from only one IP it needs to be router 1's IP not the IP assigned to router 2's WAN port.
Your ISP modem is also routing. This means you need to set it to forward ports so that incoming connections from the Internet make it to your LEDE router. The "DMZ" setting usually found in stock firmware is appropriate since there is only one device on the 192.168.1.x network, your LEDE router, and all incoming traffic can go there.
Ideally you would make the ISP modem a bridge instead of a router, so that the LEDE router gets the public IP on its wan port and the modem is transparent to incoming connections. This is not possible with some ISPs though.
Also very importantly, you should not be using public IP's (172.x) on the LAN. As you're routing twice inside the house (once at the ISP router and once in LEDE) you should use two private IP ranges such as 192.168.1.x (link from ISP router to LEDE router) and 192.168.2.x (LEDE router's LAN.)
@mk24 you're likely right that the ISP device doesn't have port forwarding setup, since it wasn't specifically stated. But I'm curious about your 172.x.x.x comment, I've always been under the impression that 192, 172 and 10 were all private subnets:
You want to reach a windows server/pc via rdp from the internet, right?
Have you setup an port forwarding in your isp router?
How does it look like? Something like this: public port: 3389 destination port: 3398 destination ip: 192.168.1.2
The port forwarding in your lede router should look like this:
IPv4-tcp
From any host in wan
Via any router IP at port 3398
Also, if it's a Windows machine it needs to be Windows Professional or higher and Remote Desktop needs to be enabled under "Advanced Systems Settings - Remote". If you have a version of Windows below Professional, you'd need to use the excellent RDP Wrapper project to enable RDP. RDP Wrapper also allows multiple concurrent connections -- which is very cool!
Answering questions...
My RDP config was working before upgrade my LAN router to LEDE, so my isp router was correctly configured and i haven't tocuhed nothing at it.
The problem is with the LEDE router, i´ve made a port forwarding like the copy/paste in my first post and im not able to reach the server machine, wich is running Windows Server 2012 R2., but i repeat the server was working before the upgrade to LEDE.
Until now i dont see the solution to the port forwarding, i think the lede interface is not very intuitive.
Ive made thousand of port forwarding in other routers and never had a problema but with this one is imposible to do in the right way.
im very grateful for your suggestions but for the moment, they arent helping me.
bnhf i dont understand you, but i thought WAN port has to be set in LAN router. like i explained before.
mk24 you have been answered by bnhf i think the same 172 is private range, please take a look: Private network
rj45 the port forwarding in my lede is this:
IPv4-tcp, udp
From IP 192.168.1.2 in wan with source port 3389
Via any router IP at port 3389
IP 172.16.25.200, port 3389 in lan
and you suggest this:
IPv4-tcp
From any host in wan
Via any router IP at port 3398
IP 172.16.25.200, port 3398 in lan
i've tried this in my first option also without success
I'm going to go back to my original comment. I think you are putting 192.168.1.2 as the source IP -- this is incorrect. This limits forwarding to only being accepted from this source address. The source IP would be the IP address of your ISP router which is 192.168.1.1. A better option would be to change the source IP to any.
When you have your port forwarding correct it will show:
IPv4-tcp, udp
From any host in wan
Via any router IP at port 3389
There are several ways for it to work correctly in your situation. Specifying the LEDE router's IP as the source IP is one of many ways to do it wrong.
Hope that helps, sorry you are having trouble understanding me.
Sorry, I didn't understand your configuration. What is wan ip of 1st router (ISP)? What is lan network of 1st router? What is lan network of 2nd router? What is wan ip of 2nd router?
@rgma, hopefully you've got this working now -- if you could confirm that here it'd be appreciated!
If anyone else stumbles across this post with a similar issue, check my responses and examples. LEDE has some port forwarding options not found in other router OS's, which give it more power, but also make it easier to misinterpret what goes where.
