|
Asus RT-N16 port forwarding problem
|
| aldaris |
Dodano 26-10-2012 09:06
|
User
Posty: 4
Dołączył: 26/10/2012 08:17
|
Hi. I have an Asus RT-N16 router with Tomato-K26USB-1.28.RT-MIPSR2-101-AIO firmware - (Router A)
Some Tenda router (Router B)
Another Tenda (Router C)
With the topology:
INTERNET
-ZYXEL P650HW adsl modem/router (set to bridge mode)
- Router A (WAN IP lets say 75.75.75.75, VLAN1 IP 10.0.0.138, VLAN2 IP 192.168.1.1)
- Router B (WAN IP 192.168.1.2, LAN IP 192.168.10.1)
- Router C (WAN IP 192.168.1.3, LAN IP 192.168.3.1)
As you can see, router A has two virtual LANs where router X (not in the schema, not important) is in VLAN1 and B and C are in VLAN2.
I am trying to forward two ports on router A so I can access router B and C webadmin interface from outside. So I set router A remote admin port to 8091, router B remote admin port to 8092, router C remote admin port to 8093.
On router A I set the port forwarding for port 8092 to IP address 192.168.1.2 and 8093 to 192.168.1.3
When I type the IP 75.75.75.75:8091 in the browser from outside, it works and I can get into the tomato remote admin interface. Still fine.
BUT when I try to get to router B (75.75.75.75:8092) I get one redirection to 75.75.75.75:8092/login.asp and then a redirection to 192.168.10.1/login.asp which is surely not accessible from outside.
The same with router C.
Can you please point me what I am doing wrong?
Is it the bad tomato setting or something with the router B or C?
I also tried to disconnect B and C for a while while trying to access them but I still got redirected to theirs LAN ip's, so I think it's something wrong in router A (tomato) setting.
Thank you for any help. |
| |
|
|
| lookaka |
Dodano 27-10-2012 12:43
|
User
Posty: 94
Dołączył: 04/10/2007 20:05
|
Connection to [WAN-IP]:8093 work?
By the way - what is the reason for the VLAN? Separation B and C from A network? |
| |
|
|
| aldaris |
Dodano 28-10-2012 22:48
|
User
Posty: 4
Dołączył: 26/10/2012 08:17
|
No.. the result is the same when connecting to router C from outside with WAN ip address and port 8093. I am redirected to 192.168.3.1.
It is the redirect request (HTTP 302) to the browser.. I've never seen this beahvior before. I think the forwarding should be transparent for outside scope.
The reason for a VLAN is that I need to separate VLAN1 from VLAN2. VLAN 1 runs the small office and VLAN 2 runs a home network for few apartments. |
| |
|
|
| lookaka |
Dodano 29-10-2012 09:44
|
User
Posty: 94
Dołączył: 04/10/2007 20:05
|
You don't need VLANs to separate network A,B and C.
Try the foolowing...
INTERNET
-ZYXEL P650HW adsl modem/router (set to bridge mode)
- Router A (WAN IP lets say 75.75.75.75, LAN IP lets say 192.168.1.1) - router in "normal" mode - without VLANs
- Router B (WAN IP 192.168.1.10, LAN IP 10.0.0.1)
with this script in Administration\Scripts\Firewall:
iptables -t nat -I PREROUTING -s 10.0.0.0/16 -d 192.168.0.0/16 -j DROP
- Router C (WAN IP 192.168.1.20, LAN IP lets say 10.0.0.1 too)
with this script in Administration\Scripts\Firewall:
iptables -t nat -I PREROUTING -s 10.0.0.0/16 -d 192.168.0.0/16 -j DROP
(c)bd ;) |
| |
|
|
| aldaris |
Dodano 29-10-2012 10:09
|
User
Posty: 4
Dołączył: 26/10/2012 08:17
|
Can I do QOS and/or bandwith limiting without VLANs too? (understand, I want to limit only a VLAN for the apartments. The office must have the top priority)
By the way, consider the following:
The router B and C are in the apartments, so the person in the apartment can easilly reboot B or C when needed. But he can also easilly disconnect B or C from the cable and connect there his laptop to get directly to the 192.168.0.0/16 subnet so the iptables won't help, right? |
| |
|
|
| lookaka |
Dodano 29-10-2012 10:55
|
User
Posty: 94
Dołączył: 04/10/2007 20:05
|
You're right. I never thought that a person with an apartment can have such ideas and opportunities.
In this case, it may better to use VLAN.
I tested a long time ago to create a VLAN from the command line (Tomato 1.28)
As here: http://catsmacsandhacks.blogspot.com/...omato.html
I remember that it worked fine (after some adjustment) but the more I liked the solution with iptables.
You can try as described in the above link.
If you check this solution faster than I do - please write about it.
I'll try to remember my solution and port forwarding in that case. If it works I'll write about it :)
P.S.
Of course, you can configure bandwidth limiting - on Router A or B and C. |
| |
|
|
| aldaris |
Dodano 29-10-2012 20:23
|
User
Posty: 4
Dołączył: 26/10/2012 08:17
|
I looked inside the logs today to find out if there is something about the redirection. I donwnloaded the iptables too, but there is no entry for the LAN ip address of router B nor C.
Is there a way to find out if tomato causes the redirection problem or Tenda routers? When I connect to WAN ip of B or C from the 192.168.1.1 subnet, everything works fine. The problem is when I try to access remote admin from outside. |
| |
|
|
| lookaka |
Dodano 30-10-2012 00:45
|
User
Posty: 94
Dołączył: 04/10/2007 20:05
|
When you send ping from 192.168.1.* to WAN B (192.168.1.2) you have response from 192.168.1.2 or from 192.168.10.1? |
| |
|
' target='_blank'>Link
