Port forward rule gets packets but cannot send back
Posted: Mon Jul 28, 2014 3:54 am
How do I allow an internal machine send packets back to a source outside the network while port forwarding?
---
I have been trying to allow SSH access to a home server from outside the network. I can see that the packet count of the Firewall NAT rule goes up each time I try to connect from the outside. To me, that verifies that I have the proper connection for input. Although the connection never happens, so I assume that the output from my SSH server is getting drop.
In my case I have a ISP provided router connected to my RB750. Then the home network is expands from there. My ISP router makes a 172.16.2.0/24 network which my RB750 is plugged into. Its static IP on the gateway port is 172.16.2.5. The RB750 creates a 10.210.98.0/24 network on its 2nd plug.
In order to get port 45509 to forward to port 22 of my SSH server I have added port forwarding to both the ISP and personal router. The ISP port forwarding is taking external port 45509 and sending it to port 45509 of the RB750's gateway IP (172.16.2.5). Then the RB750 has an IP Firewall NAT entry for the port 45509. It is a chain: dstnat, action: dst-nat, dst address: 172.16.2.5, protocol: tcp, dst-port: 45509, to-address: 10.210.98.24, to-port: 22
I'm guessing I need another Firewall rule, but I might also need a route entry. I really cannot tell. Any help would be appreciated. Even if its just help to go verify a setting is correct.
---
I have been trying to allow SSH access to a home server from outside the network. I can see that the packet count of the Firewall NAT rule goes up each time I try to connect from the outside. To me, that verifies that I have the proper connection for input. Although the connection never happens, so I assume that the output from my SSH server is getting drop.
In my case I have a ISP provided router connected to my RB750. Then the home network is expands from there. My ISP router makes a 172.16.2.0/24 network which my RB750 is plugged into. Its static IP on the gateway port is 172.16.2.5. The RB750 creates a 10.210.98.0/24 network on its 2nd plug.
In order to get port 45509 to forward to port 22 of my SSH server I have added port forwarding to both the ISP and personal router. The ISP port forwarding is taking external port 45509 and sending it to port 45509 of the RB750's gateway IP (172.16.2.5). Then the RB750 has an IP Firewall NAT entry for the port 45509. It is a chain: dstnat, action: dst-nat, dst address: 172.16.2.5, protocol: tcp, dst-port: 45509, to-address: 10.210.98.24, to-port: 22
I'm guessing I need another Firewall rule, but I might also need a route entry. I really cannot tell. Any help would be appreciated. Even if its just help to go verify a setting is correct.