Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The database server at the headquarters should be accessible via the public IP address or the public DNS name of the headquarters and the TCP port 46509.
  • For this purpose, a port forwarding was set up in the LANCOM router at the headquarters to the local IP address of the database server (192.168.66.109) and the TCP port 46509. 
  • However, after being set up, the database server cannot be reached at the public IP address (81.81.81.81:46509) or at the public DNS name (e.g. headquarters.test.com:46509).


2) The Internet connection is established by another router upstream of the LANCOM router:

...

  • Upstream from the main router at the headquarters (router 1), another router (router 2) is used to provide the Internet connection.
  • The database server at the headquarters should be accessible via the public IP address or the public DNS name of the headquarters and the TCP port 46509.
  • For this purpose, a port forwarding was set up in router 1 at the headquarters to the local IP address of the database server (192.168.66.109) and the TCP port 46509. 
  • However, after being set up, the database server cannot be reached at the public IP address (81.81.81.81:46509) or at the public DNS name (e.g. headquarters.test.com:46509).


Procedure:

1) Common items (scenario 1 and 2):

...

If a further, upstream router is used, the required ports on this device must be forwarded to the main router.

...

Info

If you are using a router from another manufacturer, approach them for information about the appropriate procedure.

2.1) Open the configuration for router 2 in LANconfig and switch to the menu item IP router → Masq. →  Port forwarding table.

...

  • First port: Enter the port that should be forwarded.
  • Last port: Enter the port that should be forwarded. If several ports are to be forwarded, you can specify a higher port number here. All of the ports in this range will be forwarded.
  • Intranet address: Specify the WAN address of router 1 (in this example the 10.0.254).
  • Protocol: Select the protocol (TCP, UDP or TCP + UDP) from the drop-down menu.

...

Connect to the router with LANmonitor, mark the Internet connection, right-click to open the context menu and click Disconnect.

...

Info

Alternatively, you can do this from the command-line interface with the command do Other/Manual-Dialing/Disconnect <name of the Internet connection> (e.g. do Other/Manual-Dialing/Disconnect INTERNET).



5) Creating traces for further analysis (scenarios 1 and 2):

...

Info

For scenario 2 with two LANCOM routers, traces must be created on both devices. 

Using the LANtracer (in LANconfig) or from the command line, perform an IP router trace that filters for the local IP address (in this example 192.168.66.109) and the port (in this example 46509):

Trace configuration for LANtracer:

View file
namePort-Forwarding.lcg
height250150

The trace configuration contains the IP router and the firewall trace. The filter parameter "port: 46509" filters the results for the port 46509. Use a text editor to make these changes in advance.

...

5.1) Use the CLI to connect and enter the command tr # ip-router @ <IP-address> +"port: <port>" (e.g. tr # ip-router @ 192.168.66.109 +"port: 46509").

...

Info

In scenario 2, the IP router trace on router 2 has to be filtered for the IP address of router 1 in the intermediate network.

...

Note

Search parameters separated by a space must be grouped inside quotation marks (e.g.

...

"port: 46509"), otherwise an "OR" operator takes effect and the trace line is output if just one of the parameters is included. 

5.2) Using the Internet, access the public IP address (81.81.81.81:46509) or the public DNS name (e.g. headquarters.test.com:46509).

If the port forwarding is not working, the trace remains empty (see figure).

...

In this example, communication is being blocked by the DENY-ALL firewall rule.

...

Info

In this case, the incoming communication must be allowed by means of an exception rule in the firewall (see step 3).

5.5) If port forwarding is functioning properly, the IP router trace shows the TCP handshake taking place, among other things:

...