Routing WAN to LAN services

arthurr · March 8, 2024, 12:50pm

Hi,

We are using a private 5G network where a RUTX50 router is connected.
5G connects well. After enabling the traffic rule I have access to the web interface of the modem.
Devices on LAN use modem internal subnet 10.47.28.0/24 with 10.47.25.1 for the modem.
After accepting everything forward (and input but for other reasons), i can ping the devices behind it, like 10.47.28.239 which is a raspberry pi there just for tests, from the 5G private network core.

However, services like ssh and http are not reachable on the raspberry, and I do not understand why.

Any idea comes to mind ?

Thanks

Marijus · March 8, 2024, 12:57pm

Hello,

By default, the SSH and HTTP ports are closed on Raspberry Pi. Ensure that you enable SSH using the raspi-config command. Additionally, for access to port 80, it needs to be open and configured for a specific function.

Best regards,

Marijus

arthurr · March 8, 2024, 1:07pm

Hi,

Of course the SSH & HTTP works perfectly well when my PC is also on LAN. i have installed apache2 for HTTP and ssh is enabled for all sources.

timelapsesystems · March 9, 2024, 4:00pm

Hi arthurr,
I guess that both 80 and 22 go to the rutx50 instead of the
LAN side. Could you try to forward e.g. external 8080 and
2222 to 80 and 22 on the raspi?

Regards,
Timalapse Admin

arthurr · March 10, 2024, 8:40am

Hi,
I try not to use port forwarding, which works, but routing, since my “WAN” address is also private since it’s a private 5G network.
Port forwarding works ok. direct routing : ping, traceroute and tcpping works, but not a simple curl or ssh.

timelapsesystems · March 10, 2024, 9:55am

Hi athurr,

do I understand correctly that 10.47.25.1 is the WAN side, and
the LAN side is 10.47.28.0/24 with 10.47.28.239 being the RasPi?
(if not post send a drawing!)

I think DNAT is the thing you are looking for. You are on (let’s say)
10.47.25.99 and access e.g. 10.47.25.1:80 on the router and it
translates it to 10.47.28.239:80. Then the Pi sees your real IP address.

But if 80 and 22 are used to acces the router from the WAN side they are
already used by the router.

Regards,
TimelapseAdmin

arthurr · March 10, 2024, 10:08am

I made a mistake,
The WAN address (mob1s1a1) is 192.168.20.20
The LAN address of the modem is 10.47.28.1/24
The LAN address of the raspi is 10.47.28.239

I can ping, tcpping, udp traceroute 10.47.28.239 from core network (192.168.20.1), but I can’t curl or ssh 10.47.28.239. However, if I port forward ports 80 or 22, I can curl 192.168.20.20 or ssh 192.168.20.20 and I’ll go straight to the raspi. But I do not want that and need direct routing because in the end, there will be multiple devices behind the RUTX50 and I need to reach those directly.

arthurr · March 10, 2024, 11:31am

Here’s a diagram :

I need pure direct routing, no NAT, no masquerade, no DNAT or SNAT or whatever NAT, just routing, to work.
At the moment, icmp, tcpping and udp traceroute works, but no curl or ssh from 192.168.20.1.

system · March 23, 2024, 12:50pm

This topic was automatically closed after 15 days. New replies are no longer allowed.