Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[rhvonlehe]

I'd like to set up some port forwarding.  I'm trying to allow outside access to:
1) FTP server
2) Wake-On-Lan for my desktop
3) SSH to same desktop
4) Virtual server to allow port 443 to act as SSH port 21

I realize that I need the "virtual server" setup to allow # 4 since it translates one port to another.  But I can't get 1,2 or 3 to work without setting them up as virtual servers.  Port forwarding just doesn't do it and I can't figure out why.  FTP seems like the perfect candidate for a simple port forward.  I'm forwarding to static private IP addresses (except the case of Wake-on-lan which is broadcast since the machine is off and the router doesn't have it's mac address in its table).  It seems like port forwarding is just broken.  I'm using FW 1.11 HW A3.

Also, is there a way to allow both WAN ports 443 and 21 to go to my desktop running sshd?  I can't set up two virtual servers with the same destination IP/port combination.  I was able to do this with my $10 Trendnet wireless G router, though.  Grrrrr.  Any suggestions welcome. 

Thanks,
Rich

[rhvonlehe]

Sorry, the above SSH port should be 22 - that was a typo.

[chrisnclovis]

You should be able to create two virtual servers, one would be to foward public port 443 to private port 22 to the static IP address of your desktop computer and the second virtual server would be to foward port 9 and a thrid virtual server fowarding port 21 to that same static IP address as long as the public ports are different you should be able to make as many virtual servers you want for the same LAN IP address.

If I understand you correctly you want the public port to be 443 and the private port to be 22 or is it the other way around? But you couldn't also have more than one virtual server with the same public port. According to this faq you should be able to do that-

 http://support.dlink.com/faq/view.asp?prod_id=2778&question=WBR-2310_revB%20/%20DIR-615_revC%20/%20DIR-625%20/%20DIR-635%20/%20DIR-655%20/%20DI-604%20/%20DI-624%20/%20DI-634M%20/%20DI-724GU%20/%20DI-724U%20/%20DI-804HV%20/%20DI-808HV%20/%20DI-825VUP%20/%20DI-LB604%20%20/%20DIR-450%20/%20DIR-130%20/%20DIR-330%20/%20DIR-615%20/%20WBR-2310

[rhvonlehe]

Thanks, ScottyMo.

Do you know if I could create two virtual servers like this:

public port 443 mapped to private port 22 (public SSL port to SSH server)
public port 22 mapped to private port 22 (public SSH port to SSH server)

The admin interface doesn't seem to allow it, so I'm guessing not.  I only ask because I was able to do this with my old router.

Rich

[funchords]

public port 443 mapped to private port 22 (public SSL port to SSH server)
public port 22 mapped to private port 22 (public SSH port to SSH server)

No, you can't do that -- (and if there's a good reason for it, I can't think of what it would be since the DIR-655 fully impersonates the remote IP -- the precaution would be necessary if the DIR-655 substituted its own IP address within the LAN). 

As a workaround, on the machine running the SSH demon, you might be able to create a second static LAN IP address there.  Then create a rule to forward port 443 to that second address.  If your SSH demon binds to 0.0.0.0 when it starts, then all IP addresses on that stack would answer it. 

[chrisnclovis]

No you wouldn't be able to have to have two different public ports mapped to the same private port for the one static LAN IP address. If you had to different computers they could each have virtual servers set with the same private ports but with different public ports like the example in that faq.

[spottedhaggis]

maybe someone here can help.

I had a D-link DIR 615 which I received with my 50mb upgrade on Virgin (Previously I had a netgear)

I needed to port forward 2 ports, they could be any 2 ports but sequential, I was using 10000 and 10001 with the netgear.  This is for a product I am testing at work that created a secure VPN tunnel link.  I would set the port rule in the DIR-615 but it would only open the last port not the first, no idea why, the rule was in place, but a port check told me 10000 was closed and 10001 was open.

I assumed it must be the router so purchased the DIR 635 one, and have setup the same rules again, but still it only lets me see the later port.

Reading in this forum, I removed the port rules and tried virtual server, I even went so far as set up 4 virtual server setups.

10000tcp, 10001 tcp, and 10000 udp, 10001udp but it will only allows 10001 to be seen, and I am at my wits end as to why this is.

The netgear was far easier, setup rule, define the two ports and it was done.

Anyone got any ideas at all.

[Dintid]

Port 443 is not used for FTP SLL. 443 is only for HTTPS.

In order to use encrypted SLL FTP (FTPES or FTPS, bot are TLS/SSL) you should use "Port Forwarding" and forward following ports as a port range 20-22. You could skip the 20 and 21, but it's nice for debugging (if say, ssl doesn't work).
20TCP - FTP Data
21TCP - FTP ontrol
22/TCP,UDP - Secure Shell (SSH)—used for secure logins, file transfers (scp, sftp) and port forwarding.

edit: unless you really run some obscure thing you will most likely use the same public and private port when using the Virtual Server. People cant log into an FTPES with regular FTP commands even if they are automatically send to the right port, so when your telling them to use FTPES anyway, just tell them to use port 22, which ftp clients should know by themselves.

If you run your server in passive mode, you will most likely need to open some upper range as well, most likely in the Dynamic and/or private ports range: 49152–65535.

Complete (sort of) list of ports:
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers