I'm not sure why you quoted your words as mine, but OK...
Please clearly explain what port you wish to open on this device (I'm guessing RDP 3398/udp).
Please explain this - how port 80 on a public IP to a bank gets involved, if your devices are all on LAN.
Yes, and you were told:
So please explain why you want to place rules in the OpenWrt - as if it will control any firewall between the 2 devices on the same broadcast domain?
Also, the 2 IPs you show are not in the same subnet, so it brings more confusion regarding your "devices are on LAN side" description. Lastly, you still haven't explained why you're trying to backdoor the IP of a bank to get to a desktop.
I open the locked down device, I open Microsoft rdp, I type in 141.92.156.2:80, it opens a rdp session to another machine, also on my network, with ip 192.168.0.117
What port forwarding rule can I setup on my router to enable this.
None, not possible if these IPs are not on the same LAN.
The router is not involved if they are on the same LAN.
If they are on a different network src and dst network cannot both be LAN
These IPs have different subnet numbering, so they cannot both be on LAN
Now if you really being honest about thinking you control the firewall at at a bank for real...you'd make a port forward from WAN to LAN (not LAN to LAN). Otherwise your port forward rule was OK (except you can remove the public IP, and RDP is only TCP).
But none of this works until you can open the client's firewall, which you admit that you do not control.
Wow, are you trolling me? I'm finding it hard to describe this in simpler terms. But here goes again.
Imagine you are in your house, you have 2 machines A & B, which have ip addresses 1 & 2 respectively. You connect them together with a router, that is also in your house. Are you telling me it is impossible to set up the router so that when machine A opens a connection to ip address 3, it in fact gets routed to machine B?
Is this not the essence of port-forwarding? I know it is not impossible because, like I said, I have had it working before.
I only thought this worked from the IP in question (192.168.0.117); but otherwise, I also agree with your conclusion - given the scarce information the OP provided.
I honestly think the OP is using public address space (perhaps on one interface) and doesn't realize it...or want's to use a "hidden subnet" on the same LAN by forcing the firewall to redirect the packet....but then perhaps the OP's terminology in computer networking is not clear enough to convey that...
No, nobody is rolling you here. All answers you have received seem to me insightful and appropriate. You either do not know what you are doing, or are not capable of explaining yourself.
It's OK I've got it, was a couple of things, firstly the src had to be 'wan', I guess I was confused because both machines were on my network, I thought it would be 'lan' to 'lan'.
Secondly, I needed to set up a static route from 141.92.156.2 to 192.168.0.117. Can't share the config as I did this via the Luci interface.
Maybe the second step is only needed because there's something wrong with the port forward config, but anyway, it's working!
config redirect
option target 'DNAT'
option proto 'tcp udp'
option src_dip '141.92.156.2'
option src_dport '80'
option dest_ip '192.168.0.117'
option dest_port '3389'
option name 'annapurna156'
option dest 'lan'
option src 'wan'
I explain above the issue; but you think I'm trolling you or something. Smh.
I thought you may have had the decency and honor to apologize, instead you act like I didn't provide this information.
Nonetheles, as others can now see, you are using a public IP belonging to a bank somewhere in your network. This is likely why your rigging some weird route and port forward, instead of configuring it correctly - is even necessary to accomplish your goal.
If you configured this network range as normal, it likely wouldn't be necessary for you to route IPs from a bank to your RDP computer.
Of two machines connected via a router? And you claim not to be trolling me? Here ya go!
A---router---B
Would you like to apologise for this? Is this an appropriate response to someone who is seeking your help? Obviously, if I knew exactly what I was doing then I wouldn't be posting here would I?
Lloyd's of London are an insurance underwriter, not a bank
Oh, so you did read my question!
Oh no, I guess you didn't
I was never trying to RDP to the locked down device, RTFQ
No you didn't. Because you left off the src_dip, without this all traffic is matched, also you didn't mention anything about the static route that was needed.
I have explained myself 3 times, plus my solution was 80% correct in the first place.
Wait, which is it? 1. I gave a satisfactory explanation of the problem and you gave me the solution. Or 2. I didn't explain the problem so you couldn't give me a solution.
ctrl+f; "static route"
no matches
No, I'm not. Suggest you read up on OpenWrt firewall configuration.
BTW, your diagram is missing the IP to a bank/insurance company or whatever.
Yes you are, this IP only shows up in 3 of your posts...and not even once in the link you posted. I guess you really don't understand, wow.
No.
Yes, you failed to answer my questions and said I was trolling.
It's clear you don't wish to apologize. And you still don't get why you had to add that public IP from a FINANCIAL institution to your routes; or why you had to add it to your rule.
It's ok...don't worry about it. Glad you got it working, no matter how convoluted the solution is.
EDIT - maybe this will help my point (if it makes it worse, please don't worry about answering):
If it's not a public IP, how can I reach it then? (tracerotue also has a path)
(The WAN IP of the router would also do the same thing...but he's using some arbitrary public IP and making a route, just to port forward this IP to a NATed LAN address.)
