View Full Version : Port forwarding
Anyone know of a router that can forward https from internal static IP on port 5001 to external port 443 and vice versa?
Perhaps I am going to have to configure a linux box...
home or business?
most non ISP locked routers have full NAT tables you can config
home - it's a netgear dg834g with the
V4.01.40 - DGTeam Rev. 0849firware
timwilky
13-07-09, 11:55 AM
it is supported on your current ADSL modem/router so download the manual (ftp://downloads.netgear.com/files/DG834Gv4_RMsrc_13Sep07.pdf)
see page 3-6
Edit, whoops looks like it does not support port changes though. time to buy an up to date box me thinks
Even the latest netgear doesn't do it, but everything else does, so its in the post!
John
timwilky
14-07-09, 07:57 AM
Well my Netgear FVS558 does support it, but then again it is not an ADSL wireless device. There is something to be said for splitting functionality, although it will obviously cost more. For my bother business, I established his connection as a standalone ADSL modem, connected into a Netgear FVS338. That way he could get AES256 VPN encrytion with me and his staff homes.
He did suggest that there was a need for wireless in his office, but as the first thing he would do is take his laptop out the cupboard and drop it into a docking station, he soon realised there was no point.
The company I work for also provides all staff supplied with laptops with proper docking stations, keyboard/mouse and monitor. So nobody anywhere needs wireless and corporate policies disable it.
our office draytek vigor 2600 definitely does do port changes in its nat table. However it will only accept a destination IP that is on its own subnet. So I've still had to sit a linux box behind it to redirect the IP addresses to where I want them to go. Linux boxes rock. Linux boxes can do anything :cool:
We have a netgear one like yourself, and it doesn't do the port changes. Also the D-Link one here doesn't do port changes either.
SoulKiss
14-07-09, 08:44 AM
Even the latest netgear doesn't do it, but everything else does, so its in the post!
John
I think that Tim is getting PAT and NAT mixed up - it IS a dissapointment that the Netgears dont do it.
I had a really cheap (and ultimately rubbish in other ways) router that did it.
You could always stick a hardware firewall inline to do it.
SoulKiss
14-07-09, 08:45 AM
our office draytek vigor 2600 definitely does do port changes in its nat table. However it will only accept a destination IP that is on its own subnet. So I've still had to sit a linux box behind it to redirect the IP addresses to where I want them to go. Linux boxes rock. Linux boxes can do anything :cool:
We have a netgear one like yourself, and it doesn't do the port changes. Also the D-Link one here doesn't do port changes either.
I agree on the linux boxes can do anything argument - I even stuck an ADSL card in one and cut the router out all together - didnt make much sense to do in the ling run tho, hugely overkill for what I was doing :)
timwilky
14-07-09, 08:53 AM
I think that Tim is getting PAT and NAT mixed up - it IS a dissapointment that the Netgears dont do it.
I had a really cheap (and ultimately rubbish in other ways) router that did it.
You could always stick a hardware firewall inline to do it.
Been doing networking for far too many years for that mistake. I built my first on a star lan back in 1981 to connect a group of rockwell Aim 65s to an Acorn Atom acting as a file server. I did some work on CSMA/CD and XNS networks in the mid 80s writing device drivers and was an early implimentor of TCP/IP. In fact we got a full class B allocation (159.245.0.0/16)
I need to post a screenshot just to prove my netgear does it. Please wait
http://www.twsoft.co.uk/sv/pat.png
This firewall rule shifts incoming SMTP traffic from BT ADSL users to a postfix filter I am running on port 10025..
Is this not PAT
wyrdness
14-07-09, 08:55 AM
our office draytek vigor 2600 definitely does do port changes in its nat table. However it will only accept a destination IP that is on its own subnet. So I've still had to sit a linux box behind it to redirect the IP addresses to where I want them to go. Linux boxes rock. Linux boxes can do anything :cool:
We have a netgear one like yourself, and it doesn't do the port changes. Also the D-Link one here doesn't do port changes either.
I was going to suggest a Draytek Vigor router. They're very expensive to buy new, but you can get a 2600 for peanuts on Ebay. I just got one for £23, as I needed the hardware VPN.
I agree on the linux boxes can do anything argument - I even stuck an ADSL card in one and cut the router out all together - didnt make much sense to do in the ling run tho, hugely overkill for what I was doing :)
The old cable modems from NTL used to just bridge rather than translate. So the interface of whatever you plugged in became directly on the internet - great for linux boxes without the hassle of finding a compatible broadband card. Not so great for people running unprotected windows boxes though - altho no worse than your average USB modem.
If any of these routers support bridge mode, or "DMZ" mode where a single box behind it is entirely exposed, then that would be an ideal use for a linux box instead of a "hardware" firewall.
I was going to suggest a Draytek Vigor router. They're very expensive to buy new, but you can get a 2600 for peanuts on Ebay. I just got one for £23, as I needed the hardware VPN.
its a bit of a weird box. Does some things great, but then simple things like port forwarding to an IP on a different subnet, it won't allow. The interface to the firewall on it is distinctly odd as well.
SoulKiss
14-07-09, 09:17 AM
Tim - thats YOUR non-ADSL router.
Nothing like the one the OP is talking about, which as its the same as my one I know for a fact that it doesnt do what he wants it to do.
timwilky
14-07-09, 09:50 AM
I was simply challenging the assertion that netgear devices do not do port forwarding. It is the particular device that Thor uses that I said in post 4 does port forwarding but does not forward to a different port.
If you read all of my posts, I am quite supportive of splitting functionality on devices in order to get best of breed services. jack of alls can never be masters all.
I would buy a cheap simple ADSL modem, put it in front of firewall, and if I had to have wireless put an access point on a switch between my modem and firewall, assuming I had a small address range. that way I treat wireless as dirty.
vBulletin® , Copyright ©2000-2025, Jelsoft Enterprises Ltd.