I have what should be an extremely simple port forwarding job to do on a RUT140. I have done similar on other devices many times without issue, so am scratching my head here.
The router is sitting between two private networks - no internet connection involved, it is just in place to act as a firewall and forward a few ports between the external subnet into the internal one.
I have set up the port forwarding entries and tried various versions of traffic rules, at the moment I have them set to allow all incoming & forwarding TCP traffic and the port forward still doesn’t work. I have (Temporarily) enabled the web UI from the WAN port and it is accessible on the WAN port - the computer is connected directly so its not a routing issue or other networking hardware interfering.
Wireshark from the WAN port shows the packets being sent then no reply, just retries from my computer.
After much trial and error & wire-sharking I have found a solution - posting here in case this is useful to anyone. Also if Teltonika fancies adding a sentence to their port forwarding Wiki it could save people like a fair bit of time.
It looks like the port forwards do not rewrite the source/external IP address, which means the reply from the device on the LAN side is lost.
In my case the devices on the LAN side are not expecting to be connected to the internet so have no gateway setup. This means the server on the LAN port has no route to send the reply.
This may work correctly if the devices on the LAN side have gateways/routes set up - however I haven’t tested this.
E.g.
PC on WAN 172.16.78.199
Router WAN 172.16.78.20
Server on LAN 192.168.27.3
Packets sent from PC->Router
172.16.78.199 requests connection to 172.16.78.20 on port 4840
Router forwards packets on to Server, without changing the source IP, server receives
172.16.78.199 requests connection to 192.168.27.3 on port 4840
Server tries to reply to connection request, response is lost
192.168.27.3 responds to 172.16.78.199
To fix this you need to enable Masquerading for the LAN->WAN Zone.
I didn’t require the traffic rules in the end for my setup. I was just trying everything to start with, the port forwarding should be enough on their own. Try deleting them and see if that makes a difference.
Have you tried turning on the web UI for external access and making sure you can access the router directly on https://externalIP - Don’t leave this on long term its not secure.
If you can’t access this then you have a larger issue than the port forwarding.
It could also be an issue with port 443 - depending on your settings it could be conflicting with the web interface for the router. You could try using port 444 (external) → Internal server port 443, then try accessing it on https://externalIP:444 and see if that helps?
