Rutx12 open port problem

anon61389842 · August 28, 2023, 1:46pm

Continue from last thread that was stoped:

I’ve tried every possible setting that I can think of so I might hav changed something, but yes:
The LAN dhcp server gives addresses 192.168.189.100 - 192.168.189.249
The I static mapping och MAC
The router have lan-adress 192.168.189.1
One can easily ping between units on the lan.

In order to reach the server behind the router i have installed zerotier wchich works good. The adress 10.147.18.XXX comes from here. so this is not the issue.

To summarize:
I need to be able to connect from inside the LAN to external server, bidirectionally, using port 443 and 8080. This is denied despite I have opened “port forward”. In other routers port forward is one thing and opening ports another so it doesn’t feel right using “port forward” for connections initiated from the inside of the LAN

Daumantas · August 29, 2023, 6:25am

Hello,

For LAN → WAN connection, there is no need to open any ports. This is how most of the routers work. However, if you are initiating connection from WAN → LAN, then the port forwards are needed. Even public IPs are not needed for LAN → WAN communication, as long as the connection is established from the RUTX12 LAN.
So if I understand correctly, the issue is that the LAN client cannot reach the server?

anon61389842 · August 29, 2023, 10:41am

Yes this is one problem. The Francotyp connects from LAN to an external server in two steps, where the second step (as their support says) uses port 443 and port 8080. It worked very well with RUT241 despite I hade a non-public IP-adress but it doesn’t work at all using RutX12 despite similar settings as far as I can see and that I have changed to a public IP-adress.

The other problem, that I could not reach the server in the LAN from outside I have solved using zerotier. But it should have been possible just by using port forward as I previously did on RUT241. On RUTx12 it is not possible to connect to the server on LAN from the outside despite opening port forward. Nothing happens and connection is denied! Here it is no urgent issue since I can use zerotier, but it should be possible without zerotier!

Daumantas · August 29, 2023, 12:11pm

Hello,

If you have a device that operates outside the RUTX12 LAN (and is not connected via ZeroTier), could you try running these commands via the command line (CMD for Windows, Terminal for Linux and Mac OS) and post the results:

telnet 46.195.xxx.xxx 8080
telnet 178.31.xxx.xxx 8080
telnet 46.195.xxx.xxx 443
telnet 178.31.xxx.xxx 443

Of course, use the full IP addresses when running the command and blur them out when posting the output.
Once again, the LAN device should have no problem reaching the internet even without the static IPs, so likely there are some issues with the configuration, or additional ports may need to be opened. If you do not have a lot of configuration on the device, I’d recommend resetting it to factory defaults and checking if LAN → WAN communication still does not work for the LAN device.
Another thing that could have an impact here is the MTU size. Please navigate to Network → Interfaces → General, edit the mob1s1a1 interface, and in the Advanced settings change the Override MTU option to 1350. This should be repeated for the mob2s1a1 interface.

Best regards,

anon61389842 · August 29, 2023, 8:00pm

Thank you!
The MTU size made it for the LAN → WAN communication. Now francotyp is happy and working properly!

I also upgraded the firmware for the modems but the problems persisted until I reduced the MTU sizes til 1350.

I will check the results when telnet-ing to the router from outside.

Regards,

/Johan

Daumantas · August 30, 2023, 4:46am

Hello,

If the LAN → WAN communication works properly, then it should work the other way around as well. Glad I could help!

anon61389842 · August 30, 2023, 8:58am

Now I have been able to test again.

Outbound trafic (from LAN to WAN i.e.) works as I mentioned after reducing the packet sizes.

inbound traffic are still refused.

I also have a port forward rule on port 8000 → port 80 on the server I can reach using zerotier, but the connection is refused there too when I try a web browser.

So the problem with opening ports still persists, I’m afraid!

Daumantas · August 30, 2023, 9:18am

Could you clarify if you have created a rule to open port 8080, or 8000?
Perhaps for testing purposes you could configure the DMZ (Network → Firewall → DMZ) to redirect all incoming traffic to 192.168.189.225?

Best regards,

anon61389842 · August 30, 2023, 9:49am

The server is on adress 192.168.189.80 so the port forward from 8000 → 80 should reach it but it will not.

The two port forward rules on .225 I leave as that part works now, although I don’t think those make any difference.

I made DMZ to the server on adress 192.168.189.80 with no difference. I still think there is some kind of problem with the firewall on rutX12…

anon61389842 · September 4, 2023, 11:30am

I try again:

Rutx12 port forward not working!

The same firmware on Rut241 and RutX12.
On Rut241 the setting is for failover and port forward from port 8000 (wan) to port 80 (192.xxx.xxx.xxx) and it works

Similar settings on rutX12. Access is denied and nothing forwarded.

According to what is said I have changed away from failover to load balancing but all trafic is still denied and nothing forwarded!

Daumantas · September 4, 2023, 12:20pm

Hello,

To diagnose the issue further, a remote session would be needed. However, as this is a public forum, we will not be able to organize it here. Hence, it is recommended that you reach out to your designated sales manager or the reseller from whom you acquired the device in question. They will be able to assist you in addressing this matter more effectively. If these channels are not an option, please fill out the Contact Us form here: Teltonika Networks - LTE Routers, Gateways & Modems for IoT

Best regards,

system · September 12, 2023, 1:46pm

This topic was automatically closed after 15 days. New replies are no longer allowed.