Question Port forwarding on a network with 2 routers.

[taigo]

Hi,
I've been hosting my sftp server on an old laptop and on my home network it works completely fine. But I'm trying to open my ports which does no longer work, it used to always work but at some point in time could no longer open ports on my router.

My network looks like the following:
Lets call this router1, this router is connected to the modem and the Gateway to the internet

router2 is the router which my server is connected to. Router1 is also connected to this.

With server I'm obviously referring to the system running the sftp server.

In the router2 settings I forwarded port 22 on my servers private IP address. This allows me to also access the server on router1 so I take that it works, additionally when scanning ports on the device it tells me this port is open.

I put in router1 to open the port 22 on the ip address of router2, but from here the fun ends. Scanning ports does not detect 22 being open and I also cannot access the port from the internet using my public IP address.

I have tried putting it in the DMZ which didn't make it work. I also tried connecting the server directly to router1 but still no luck.

 

[kanewolf]

Hi,
I've been hosting my sftp server on an old laptop and on my home network it works completely fine. But I'm trying to open my ports which does no longer work, it used to always work but at some point in time could no longer open ports on my router.

My network looks like the following:
Lets call this router1, this router is connected to the modem and the Gateway to the internet

router2 is the router which my server is connected to. Router1 is also connected to this.

With server I'm obviously referring to the system running the sftp server.

In the router2 settings I forwarded port 22 on my servers private IP address. This allows me to also access the server on router1 so I take that it works, additionally when scanning ports on the device it tells me this port is open.

I put in router1 to open the port 22 on the ip address of router2, but from here the fun ends. Scanning ports does not detect 22 being open and I also cannot access the port from the internet using my public IP address.

I have tried putting it in the DMZ which didn't make it work. I also tried connecting the server directly to router1 but still no luck.

Here is my simplified description

PUBLIC IP -> WAN router 1 ==> LAN router 1 has 192.168.x.1 IP address
Router 1 -> WAN router 2 (DHCP WAN IP of 192.168.x.250 for example).
Router 2 LAN has IP 192.168.y.1
Router 2 -> server (IP 192.168.y.99 for example)
To get port 22 forwarded in router 1 you would forward to 192.168.x.250 (router 2 WAN). Router 2 would have a rule that forwards to 192.168.y.99

Why do you have two routers? Are you trying to protect something from the rest of router 1 LAN ?

 

[taigo]

Here is my simplified description

PUBLIC IP -> WAN router 1 ==> LAN router 1 has 192.168.x.1 IP address
Router 1 -> WAN router 2 (DHCP WAN IP of 192.168.x.250 for example).
Router 2 LAN has IP 192.168.y.1
Router 2 -> server (IP 192.168.y.99 for example)
To get port 22 forwarded in router 1 you would forward to 192.168.x.250 (router 2 WAN). Router 2 would have a rule that forwards to 192.168.y.99

Why do you have two routers? Are you trying to protect something from the rest of router 1 LAN ?

Hi thanks for the reply,
So am I understanding correctly that I have to put in the WAN IP of router2 instead of the local one? I thought there was only 1 public IP which is beyond the exit of the gateway router. Where do I find this WAN IP?

The only reason I use a second router is for wireless VR and connecting devices in my room in general so there is no security reason for it or anything. If I would NEED to change its mode I would not mind doing so.

 

[kanewolf]

Hi thanks for the reply,
So am I understanding correctly that I have to put in the WAN IP of router2 instead of the local one? I thought there was only 1 public IP which is beyond the exit of the gateway router. Where do I find this WAN IP?

The only reason I use a second router is for wireless VR and connecting devices in my room in general so there is no security reason for it or anything. If I would NEED to change its mode I would not mind doing so.

Based on your reason for router 2, I would recommend you configure it as an access point rather than a router. You disable the DHCP server on router 2 and connect the cable from router 1 to a LAN port. In that configuration there is only 1 subnet and all DHCP is handled via router 1.
If you have set a static IP on your server you may have to change the IP so that it is in the router 1 subnet.

 

[dingo07]

Yeah, definitely do what @kanewolf suggests first... then set up VLANs if you don't want some devices to be able to see other ones on the network

 

[bill001g]

Start from the very beginning.

Log into what you are calling router 1. Be very sure the device you are calling a "modem" is only a modem. If i has wifi it is highly likely it is a router.

Assuming it is really a router this means router 1 should be getting a the public IP.

It depends on the exact model but almost all routers have some kind of status page or WAN page that will show the IP assigned to the wan port. Compare that IP to a site like whatsmyip.

If the IP are different then you do not have a public IP. That is pretty much the end of your project. You can not use port forwarding without control of the public IP. You will have to contact your ISP and see what options you have if any.

 

[taigo]

Start from the very beginning.

Log into what you are calling router 1. Be very sure the device you are calling a "modem" is only a modem. If i has wifi it is highly likely it is a router.

Assuming it is really a router this means router 1 should be getting a the public IP.

It depends on the exact model but almost all routers have some kind of status page or WAN page that will show the IP assigned to the wan port. Compare that IP to a site like whatsmyip.

If the IP are different then you do not have a public IP. That is pretty much the end of your project. You can not use port forwarding without control of the public IP. You will have to contact your ISP and see what options you have if any.

I put my router on PA mode now.
The thing I call modem does not provide any wireless signals it does have the fibre cae in it, it is connected to router1. I see something called IP address in the "ipv4 status" tab in the "internet settings" tab and it is different then what I see on the internet. I currently can't test the server I was about to head to bed but It used to work so could it be that it has been changed at some point? At some point my ISP seems to have changed provider or something since at some point when going to an ip site it shows a different company then it used to even tho I did not switch ISP.