Hey, thanks a ton!!! Yours was a very straightforward description of the steps needed to manually create a port forward. I needed to lock it down to one source IP. All the other examples I found were not very clear. You have a great way of teaching. It all made perfect sense. Thank you. I have subscribed to your channel and will rummage around your videos! Have a wonderful day!
In my case, public IP and some Vlans, Autofirewall didn't work, watch and follow your tutorial do the job. Now I can configure my open ports as I want. Thank you very much.
Thanks a lot for this! Spent 1 day on this until I came accross this video. HOWEVER - > I managed to get my rule working when I applied both UDP and TCP in the NAT ruleset.
Very helpful. Hopefully, in the future they will change this so it shows. Otherwise, if there is an issue with a forward no one will ever be able to find it.
However, after just trying this I apparently don't know something because it didn't work and, despite my setting for logging both the firewall and NAT rules, neither is logged when attempting (and failing) to connect. Using the port forwarding w/auto firewall does allow me to connect.
Hi Willie - this was a fantastic guide - thank you so much! Very important point to note though, chances are there will be an ISP provided router on the WAN interface. This needs to be configured to port-forward any traffic on the expected ports to the 'client' that it sees, which is the WAN IP assigned to the EdgeMax router. Was scratching my head for a good while wondering why I wasn't getting ANY traffic at all, until it dawned on me O_o. Easiest way to check if port-forwarding works (as you have detailed) is to route port 80 some internal service (or setup a basic LAMP stack or nginx webserver) - just to ensure you've got all the forwarding stuff right. The DNAT packet counts should advance _before_ the firewall rule's stats too (that's the order in which they run). Once that's done, plugging in holes for other services is simple after that point. Got an OpenVPN server running in a VM hosted on my Xeon FreeNAS box. Now I can watch my NVR streams from the Ubiquity G3 cameras when I'm out of the house! Epic.
Great Video series. I like the idea of manually setting up the DNAT instead of the port forwarding wizard so I can limit source IPs. Do you have any video or tips how to include the hairpin nat functionality when manually setting up the rules?
Hi Willie, thanks for this guide. I tried to manually set the FW rules with SNAT and DNAT for my PBX and Phones but it's not working. When I do the port forward option it works. I've tried a lot of different configuration options but no luck so far. Any suggestions? I have allowed port 5060 UDP/TCP for SIP and UDP 10000-20000 for RTP. I configured everything on my Cisco 891 router with no issues but on the ER it's not working and I'm on the latest firmware as well. Thanks!
Awesome video thank you! Coming from a Cisco background the cli looks quite different but I like how effortless it is to use both. I can't wait to play with an erl
Hi Willie, I use your videos a lot and appreciate the way you explain and show what can be intimidating topics. I'm trying to port forward out of my network. How would you port forward from the LAN a log message on UDP 514 to the WAN side on port UDP 5514?
Hello. I want to portforward to a game server. I understand that it could help the speed and quality of the connection (it is a multiplayer shooter in which the reactions are subdued or there are desynchronizations that are at least more intense than the other players, although my ping is 40-48ms). I have the list of TCP and UDP ports but I don't know if the portforwarding I set works. I'm a beginner, so it's harder to understand. I created the rules but I believe in the automatic version. What is not clear to me ... 1. In the "Original port" and in the "Forward-to port" do the ports listed by the game administrators write identically? 2. Do I write the IP of my PC to "Forward-to address"? 3. In the windows 10 firewall (my pc's operating system) is it still necessary to set a portforwarding identical to the one in ERX? I mention that the input network is of PPPOE type so I set to "WAN" pppoe0, and to "LAN interface" I set switch0. My PC is connected to edgerouter x from eth1 (eth0 receives the internet network from a fiber optic modem type ONT set in bridge mode). Thank you in advance.
I have been banging my head against the wall trying to get something similar in place for an SFTP server. However, I want to limit the port forwarding to only work with a specific list of IP addresses. I can get port forwarding working with auto-firewall up, using the port forwarding tab. But if I try to manually port forward with DNAT, I can't get it to work at all. And I don't want the SFTP open to the world. I had this working with a Dlink router, but its old and can't route anything faster than a 130Mbit WAN connection.
How do you DNAT a port group ? do i leave out the port number in the translations text box and specify the destination port group and destination interface ?
Hey Willie. Great videos! I wish you could help me with an issue that i am having. I have a Comcast modem in bridge mode, edge router, cloud key and one switcher. No matter what I do my speed limit never surpass 100Mb. I have 1Gb plan. I tried enabling offload, different wires(cat5,6, cat7) with different crossovers, every option for setup wizards, manual setup and etc. Do you have any insight in that matter that you can share?
I have a dual wan load balance ... I have a bunch of port forwarding on eth0 ... if I manually add the forwards as per this video for inbound interface eth1 do you know if it work? I want to enable the port forwarding on my second connection incase one connection goes down. Thanks
Hi Willie. great videos :) probably not the right place to ask this question, but, whats the difference between EdgeRouter and EdgeRouter X and the Unifi Security Gateway ? isn't the USG a router as well? why the difference? As I seen the EdgeRouter have firewall as well right? I have a customer that has cable modem and I want to add a UBNT router and dont know what to choose. regards and good work :)
Say I have two services on the internal network accepting incoming connections on port 80, but on the WAN, obviously I need to use two different ports to differentiate the two machines. How do I manually forward, for example, external port 8080 to internal port 80? I tried a few hours last night, and, unless I use the wizard, I can't get it to work. What would the proper WAN_in and DNAT rules look like?
Ha! I figured it out. DNAT occurs before the firewall, so the firewall has to match the translated address/port. Thanks to the link in the reply of the comment below.
Do you have suggestions for Port Forwarding or uPNP to allow for NAT Type 1 on a PS4? Hardware: Modem-Arris SB6141 Router-Edgerouter Poe5 Switch-TPlink 5 port wifi device-Netgear N300 Modem>eth0>eth1>switch From the switch I have a cable going to wifi device (in APmode) & a cable going to my PS4 I'm trying to setup my network to allow for the best gaming possible. I don't have any upnp or port forwarding setup.
I am using Edgemax Lite Router and tried configuring based on your video to allow a voip gateway to be managed via the static public IP so i can manage the gateway remotely but i failed to do so, can you advise me ? I tried port forwarding but later removed all the configuration ( as i failed to do so ) and configured base on Firewall Rule and also the NAT as seen from the video, but failed. Thanks dude
Thanks for these videos. I have a question. Every time I try to hit my web server I keep getting the router log in page. I am not sure how to turn that off.
This does work, but not locally, so using a DDNS to connect to the EdgeRouter internally fails (no Hairpin), where is the video for this after this one that shows how to get hairpin working with these DNATs?
Sorry if this has been asked before, but why is the firewall rule for port 80 required with the NAT? I was able to follow your awesome instructions and was able to access my webserver w/o issue (after a week or so of not getting it work otherwise). I then left the NAT rule in place and deleted the port 80 rule in WAN_IN and it still worked. Hmmmm... possibly not needed? The same for other ports I tried (ssh/22) - didn't need the fw rule. thanks for doing what you do - it is really helpful and appreciated.
Willie Howe I set up what you described in the video verbatim. Then deleted the FE rule and left the NAT part in place. It still allowed access to my web server from outside the FW. Checked with a browser, then wget from a linux command line (not cached).
I like all the reviews you do and I am interested in the Ubiquiti products and noticed that they get a lot of good reviews. My question is would you recommend this to a novice? I was looking at putting this in my own home and would I be able to set it up on my own? One of the reviews said that "this router is not for the faint hearted".
Ok, in your tutorial, you allowed port 80 on WAN_IN and used Destination NAT, but no mention of WAN_LOCAL, so I was just curious if you needed to add it there as well. Thanks!!
Hey Willie, thanks for your videos, they help alot and you saved my day of horror! I just bought a Edgerouter X SFP(I do not use the SFP port) and i am working on a homenetwork that is splitted. I want my router to accept 2 switches connected, as they are in different parts of my partment, I also want everything to be on the same LAN so every connection can talk with eachother. The hard part is to make the router control this and i cannot seem to find a video from you around a router talking with 2 switches on 1 LAN. We must keep in mind that i want every connected computer/ps4 with a static IP adress so they need to show up in the lease list, which they dont.. Can you please explain how to manage this? Thank you!
Port forwarding doesn't work for me. I tried the 2 ways but nothing. I just can acces with my DDNS to the router. I don't understand what I'm doing wrong. In the normal way I select WAN=Eth0 and in LAN=Br0. Nothing happens, and with this config... the same, nothing.
Question that I can't find an answer too. Say i have two or more internal ip's and i created a nat for one of them and port forwarding for another. How do i point form the outside to the second address? the DDNS address i created only points to my Port forwarding address not the other ip. Please help
Slowly making my way through your videos - very clear explanations, thank you! One question on this video - if you put in the destination address in the firewall rule you called "Allows 80" (eg 192.168.1.2) would you then need the DNAT setting? Won't the firewall rule send all port 80 traffic through to that ip address anyway?
Firewall rules only allow or deny traffic. The firewall rule alone would allow port 80 traffic to the firewall (or edge router in this case) since it is what has the public IP address. The DNAT rule is required to forward that traffic to the internal host instead.
Regarding the DNAT "Dest Address" and "Dest Port"... I'd like to interpret that as "the destination address and port within the LAN that I try to redirect the traffic to"... But from fiddling back and forth in the router and from watching plenty of videos and reading plenty of web pages , it would seem that this isn't the case...? But rather "the destination that the call from the outside was intended for"? I.e. someone tries to access my web server and therefore tries to reach port 80, and therefore port 80 is the "dest port", even if I would run my web server on port 9999 for some reason... (This should also mean that "Translations Port" should be 9999 in the above scenario?) Right or wrong? And what do I do in the firewall section to reflect this? Aaaand what if I have a dual WAN setup with failover? Do I have to set up dual port forwards, one for each incoming ethernet interface? No wonder it's difficult for "normal people" to get a grip on this stuff, if the terminology is backwards from how people think..... :P
The way that you ultimately set up the Firewall, there is no working difference in the way that traffic will flow. It was also more work. And as you displayed, it was open to errors that might have caused problems had you not thought to take a look at the finished product, or if you missed it then. So my question is... Why do you diss the wizard that did what you accomplished quicker and error free? Perhaps you could have shown an advantage to doing it the hard way.
I would assume you could allow only your website you have on another host grab information through that port and block every other IP from grabbing that information and using it directly. Lets say I want to know what temperature it is on my house well I could limit that information only going out to my website thus keeping the device secure from other people trying to access that device through the same port so remotely I would need to access my website which I can also protect so that I am nearly 100% secure from my system leaking that information to the public. Pretty useful in such a use case is it not. You could also share files in this manner that only you might have access to through a website interface or send files from your phone to this location. This seems to be networking in a nutshell restriction and allowance of numbers both hex and decimal you take away the ability using the wizard because it does not allow you to impose certain blocks or allowances tailored to an application of your own design or design of hardware or software. Many instances this is not needed the wizard will do but lets say you are getting attacked from specific IP ranges you can block those ranges to limit the load on your network. But this blocking mechanism can also be flooded as well bogging down your network.
The main reason why you don't want to use auto firewall and port forwarding is because all of those auto-generated firewall rules get placed at the top of the access list, ahead of any additional firewall rules that you might create. So, if you want to block that asshole from Bulgaria who's trying to hack into your email server, you won't be able to stop him at your firewall unless you disable auto firewall and port forwarding first.
I'm about to rip my hair out. Been trying to get port forwarding done on my ER-X for days. I've tried manually, auto firewall, etc, and I simply cannot get my ports open. I don't have CGNAT and I'm not double natted. This makes no sense ffs.
@@WillieHowe Hey Willie, appreciate the comment. I ended up figuring out that the culprit was actually my server, not the ER-x :) Once I got the server firewall configured the port forwarding worked! Also, Since I was trying to forward UDP, most of the public "port checker" websites would still show closed unless I specifically forwarded both TCP and UDP. With just UDP forwarded, however, I can get through despite what the port checkers say. Cheers.
It would have been more helpful if you had used different ports on the outside and inside. It's not entirely clear which the outside port is and which the inside port is
After 5 hours watching videos this was the only video that help me to config my NAS.
Hey, thanks a ton!!! Yours was a very straightforward description of the steps needed to manually create a port forward. I needed to lock it down to one source IP. All the other examples I found were not very clear. You have a great way of teaching. It all made perfect sense. Thank you. I have subscribed to your channel and will rummage around your videos! Have a wonderful day!
In my case, public IP and some Vlans, Autofirewall didn't work, watch and follow your tutorial do the job. Now I can configure my open ports as I want. Thank you very much.
Thanks a lot for this! Spent 1 day on this until I came accross this video.
HOWEVER - > I managed to get my rule working when I applied both UDP and TCP in the NAT ruleset.
THANK YOU! For some reason, port forwarding wasn't working on my router, but following this video worked like a charm!
With your guide, after many and many attempts, I'm succeded to setup the correct port forwardind for a mail server. Many, many thanks!
Very helpful. Hopefully, in the future they will change this so it shows. Otherwise, if there is an issue with a forward no one will ever be able to find it.
However, after just trying this I apparently don't know something because it didn't work and, despite my setting for logging both the firewall and NAT rules, neither is logged when attempting (and failing) to connect. Using the port forwarding w/auto firewall does allow me to connect.
I might, but I'll go through your firewall videos, first. Thanks.
Hi Willie - this was a fantastic guide - thank you so much! Very important point to note though, chances are there will be an ISP provided router on the WAN interface. This needs to be configured to port-forward any traffic on the expected ports to the 'client' that it sees, which is the WAN IP assigned to the EdgeMax router.
Was scratching my head for a good while wondering why I wasn't getting ANY traffic at all, until it dawned on me O_o. Easiest way to check if port-forwarding works (as you have detailed) is to route port 80 some internal service (or setup a basic LAMP stack or nginx webserver) - just to ensure you've got all the forwarding stuff right. The DNAT packet counts should advance _before_ the firewall rule's stats too (that's the order in which they run).
Once that's done, plugging in holes for other services is simple after that point. Got an OpenVPN server running in a VM hosted on my Xeon FreeNAS box. Now I can watch my NVR streams from the Ubiquity G3 cameras when I'm out of the house! Epic.
yeah this was an issue I got fixed within 2 hours of getting my line installed. I needed all of my statics passed to my router as if it was a WAN.
Great Video series. I like the idea of manually setting up the DNAT instead of the port forwarding wizard so I can limit source IPs. Do you have any video or tips how to include the hairpin nat functionality when manually setting up the rules?
Not a video but it works
help.ubnt.com/hc/en-us/articles/204952134-EdgeRouter-NAT-Hairpin-Nat-Inside-to-Inside-Loopback-Reflection-
Hi Willie, thanks for this guide. I tried to manually set the FW rules with SNAT and DNAT for my PBX and Phones but it's not working. When I do the port forward option it works. I've tried a lot of different configuration options but no luck so far. Any suggestions? I have allowed port 5060 UDP/TCP for SIP and UDP 10000-20000 for RTP. I configured everything on my Cisco 891 router with no issues but on the ER it's not working and I'm on the latest firmware as well. Thanks!
Awesome video thank you! Coming from a Cisco background the cli looks quite different but I like how effortless it is to use both. I can't wait to play with an erl
Hi Willie, I use your videos a lot and appreciate the way you explain and show what can be intimidating topics. I'm trying to port forward out of my network. How would you port forward from the LAN a log message on UDP 514 to the WAN side on port UDP 5514?
Willie, Can you do a manually rule to access Synology DS photo App that works internal and external?
Awesome video. Make things easier with few steps.
Nice video, thanks for the walkthrough.
Hello.
I want to portforward to a game server. I understand that it could help the speed and quality of the connection (it is a multiplayer shooter in which the reactions are subdued or there are desynchronizations that are at least more intense than the other players, although my ping is 40-48ms).
I have the list of TCP and UDP ports but I don't know if the portforwarding I set works. I'm a beginner, so it's harder to understand.
I created the rules but I believe in the automatic version. What is not clear to me ...
1. In the "Original port" and in the "Forward-to port" do the ports listed by the game administrators write identically?
2. Do I write the IP of my PC to "Forward-to address"?
3. In the windows 10 firewall
(my pc's operating system) is it still necessary to set a portforwarding identical to the one in ERX?
I mention that the input network is of PPPOE type so I set to "WAN" pppoe0, and to "LAN interface" I set switch0. My PC is connected to edgerouter x from eth1 (eth0 receives the internet network from a fiber optic modem type ONT set in bridge mode).
Thank you in advance.
Very helpful video, thanks. At 1:20 when you are allowing port 80 through firewall, why not list destination IP as well? would there be disadvantages?
If you have static you could definitely do that and it would be preferable if you had multiple ip's
Can you help clarify the difference between allowing a certain source IP in a firewall rule vs in the DNAT setup?
And if I'm using Loadbalance and have eth0 and eth1 as WAN ports?
I have been banging my head against the wall trying to get something similar in place for an SFTP server. However, I want to limit the port forwarding to only work with a specific list of IP addresses.
I can get port forwarding working with auto-firewall up, using the port forwarding tab. But if I try to manually port forward with DNAT, I can't get it to work at all. And I don't want the SFTP open to the world. I had this working with a Dlink router, but its old and can't route anything faster than a 130Mbit WAN connection.
What if the i want the webserver in port 81 in the outside and 80 inside the lan? how to point the 81 to 80
How do you DNAT a port group ? do i leave out the port number in the translations text box and specify the destination port group and destination interface ?
Hey Willie. Great videos! I wish you could help me with an issue that i am having. I have a Comcast modem in bridge mode, edge router, cloud key and one switcher. No matter what I do my speed limit never surpass 100Mb. I have 1Gb plan. I tried enabling offload, different wires(cat5,6, cat7) with different crossovers, every option for setup wizards, manual setup and etc. Do you have any insight in that matter that you can share?
I have a dual wan load balance ... I have a bunch of port forwarding on eth0 ... if I manually add the forwards as per this video for inbound interface eth1 do you know if it work? I want to enable the port forwarding on my second connection incase one connection goes down. Thanks
Hi Willie. great videos :) probably not the right place to ask this question, but, whats the difference between EdgeRouter and EdgeRouter X and the Unifi Security Gateway ?
isn't the USG a router as well? why the difference? As I seen the EdgeRouter have firewall as well right?
I have a customer that has cable modem and I want to add a UBNT router and dont know what to choose.
regards and good work :)
Hello Howe !
You think can show, how to create that option of having 2 networks connected to the EdgeRouter X ???
Great video's. Keep up the good work
How to forward port 80 to a local network, if we go from the LAN via the external IP?
Willie can you do an instruction for hairpin manually too?
Is is possible to use an address or port group for the translation section in the NAT config?
Great video, but how would you translate a port. Eg incoming port 80 is translated to port 8080 on the local lan?
Say I have two services on the internal network accepting incoming connections on port 80, but on the WAN, obviously I need to use two different ports to differentiate the two machines. How do I manually forward, for example, external port 8080 to internal port 80? I tried a few hours last night, and, unless I use the wizard, I can't get it to work. What would the proper WAN_in and DNAT rules look like?
Ha! I figured it out. DNAT occurs before the firewall, so the firewall has to match the translated address/port. Thanks to the link in the reply of the comment below.
Do you have suggestions for Port Forwarding or uPNP to allow for NAT Type 1 on a PS4?
Hardware:
Modem-Arris SB6141
Router-Edgerouter Poe5
Switch-TPlink 5 port
wifi device-Netgear N300
Modem>eth0>eth1>switch
From the switch I have a cable going to wifi device (in APmode) & a cable going to my PS4
I'm trying to setup my network to allow for the best gaming possible. I don't have any upnp or port forwarding setup.
I am using Edgemax Lite Router and tried configuring based on your video to allow a voip gateway to be managed via the static public IP so i can manage the gateway remotely but i failed to do so, can you advise me ? I tried port forwarding but later removed all the configuration ( as i failed to do so ) and configured base on Firewall Rule and also the NAT as seen from the video, but failed. Thanks dude
thanks man! worked perfect for me.
Thanks for these videos. I have a question. Every time I try to hit my web server I keep getting the router log in page. I am not sure how to turn that off.
This does work, but not locally, so using a DDNS to connect to the EdgeRouter internally fails (no Hairpin), where is the video for this after this one that shows how to get hairpin working with these DNATs?
Hello, I need to open the same port for 10 different devices on my EdgeRouter 4. Could you please let me know how do to this?
you can't that is when you would need a reverse proxy.
Sorry if this has been asked before, but why is the firewall rule for port 80 required with the NAT? I was able to follow your awesome instructions and was able to access my webserver w/o issue (after a week or so of not getting it work otherwise). I then left the NAT rule in place and deleted the port 80 rule in WAN_IN and it still worked. Hmmmm... possibly not needed? The same for other ports I tried (ssh/22) - didn't need the fw rule.
thanks for doing what you do - it is really helpful and appreciated.
Willie Howe I set up what you described in the video verbatim. Then deleted the FE rule and left the NAT part in place. It still allowed access to my web server from outside the FW. Checked with a browser, then wget from a linux command line (not cached).
sorry for the delay - just destination NAT. No port forwarding rules and no firewall policy rules in place.
I ran into the same issue. Somehow I unset the interfaces for WAN_IN from from eth0/in to blank. After restoring this the firewall rule was required.
good tutorial. you got any clue how to do this with multiple WAN ips?
I like all the reviews you do and I am interested in the Ubiquiti products and noticed that they get a lot of good reviews. My question is would you recommend this to a novice? I was looking at putting this in my own home and would I be able to set it up on my own? One of the reviews said that "this router is not for the faint hearted".
How would you recommend going about learning this stuff?
How would you send traffic out of different wan ports using DNAT?
Just read this carfully. How do you disable IPV6?, thanks if you read and answer
Do you have to put the port you want forwarded the WAN_LOCAL ruleset as well?
Ok, in your tutorial, you allowed port 80 on WAN_IN and used Destination NAT, but no mention of WAN_LOCAL, so I was just curious if you needed to add it there as well. Thanks!!
***** Thank you!! Your videos are great!!
Hey Willie, thanks for your videos, they help alot and you saved my day of horror!
I just bought a Edgerouter X SFP(I do not use the SFP port) and i am working on a homenetwork that is splitted.
I want my router to accept 2 switches connected, as they are in different parts of my partment, I also want everything to be on the same LAN so every connection can talk with eachother.
The hard part is to make the router control this and i cannot seem to find a video from you around a router talking with 2 switches on 1 LAN.
We must keep in mind that i want every connected computer/ps4 with a static IP adress so they need to show up in the lease list, which they dont..
Can you please explain how to manage this? Thank you!
I subscribed! Nice vid!
Port forwarding doesn't work for me. I tried the 2 ways but nothing. I just can acces with my DDNS to the router.
I don't understand what I'm doing wrong. In the normal way I select WAN=Eth0 and in LAN=Br0. Nothing happens, and with this config... the same, nothing.
Question that I can't find an answer too. Say i have two or more internal ip's and i created a nat for one of them and port forwarding for another. How do i point form the outside to the second address? the DDNS address i created only points to my Port forwarding address not the other ip. Please help
@@WillieHowe I tried this but both internal ips use port 80. And the separate dens sites still point to only one address internally
@@WillieHowe thanks I'll give it a go!
Slowly making my way through your videos - very clear explanations, thank you!
One question on this video - if you put in the destination address in the firewall rule you called "Allows 80" (eg 192.168.1.2) would you then need the DNAT setting? Won't the firewall rule send all port 80 traffic through to that ip address anyway?
Firewall rules only allow or deny traffic. The firewall rule alone would allow port 80 traffic to the firewall (or edge router in this case) since it is what has the public IP address. The DNAT rule is required to forward that traffic to the internal host instead.
Regarding the DNAT "Dest Address" and "Dest Port"...
I'd like to interpret that as "the destination address and port within the LAN that I try to redirect the traffic to"...
But from fiddling back and forth in the router and from watching plenty of videos and reading plenty of web pages , it would seem that this isn't the case...?
But rather "the destination that the call from the outside was intended for"?
I.e. someone tries to access my web server and therefore tries to reach port 80, and therefore port 80 is the "dest port", even if I would run my web server on port 9999 for some reason...
(This should also mean that "Translations Port" should be 9999 in the above scenario?)
Right or wrong?
And what do I do in the firewall section to reflect this?
Aaaand what if I have a dual WAN setup with failover? Do I have to set up dual port forwards, one for each incoming ethernet interface?
No wonder it's difficult for "normal people" to get a grip on this stuff, if the terminology is backwards from how people think..... :P
The way that you ultimately set up the Firewall, there is no working difference in the way that traffic will flow. It was also more work. And as you displayed, it was open to errors that might have caused problems had you not thought to take a look at the finished product, or if you missed it then. So my question is... Why do you diss the wizard that did what you accomplished quicker and error free? Perhaps you could have shown an advantage to doing it the hard way.
I would assume you could allow only your website you have on another host grab information through that port and block every other IP from grabbing that information and using it directly. Lets say I want to know what temperature it is on my house well I could limit that information only going out to my website thus keeping the device secure from other people trying to access that device through the same port so remotely I would need to access my website which I can also protect so that I am nearly 100% secure from my system leaking that information to the public. Pretty useful in such a use case is it not. You could also share files in this manner that only you might have access to through a website interface or send files from your phone to this location. This seems to be networking in a nutshell restriction and allowance of numbers both hex and decimal you take away the ability using the wizard because it does not allow you to impose certain blocks or allowances tailored to an application of your own design or design of hardware or software. Many instances this is not needed the wizard will do but lets say you are getting attacked from specific IP ranges you can block those ranges to limit the load on your network. But this blocking mechanism can also be flooded as well bogging down your network.
Great vid. Unfortunately it does not work for me. My cisco router had no problem with forwarding, with EdgeRouter 4 it sill does not work.
The main reason why you don't want to use auto firewall and port forwarding is because all of those auto-generated firewall rules get placed at the top of the access list, ahead of any additional firewall rules that you might create. So, if you want to block that asshole from Bulgaria who's trying to hack into your email server, you won't be able to stop him at your firewall unless you disable auto firewall and port forwarding first.
I'm about to rip my hair out. Been trying to get port forwarding done on my ER-X for days. I've tried manually, auto firewall, etc, and I simply cannot get my ports open. I don't have CGNAT and I'm not double natted. This makes no sense ffs.
Head on over to our website and fill out the contact form.
@@WillieHowe Hey Willie, appreciate the comment. I ended up figuring out that the culprit was actually my server, not the ER-x :) Once I got the server firewall configured the port forwarding worked! Also, Since I was trying to forward UDP, most of the public "port checker" websites would still show closed unless I specifically forwarded both TCP and UDP. With just UDP forwarded, however, I can get through despite what the port checkers say. Cheers.
"It's going to be Accept and TCP" ... clicks reject
Ummm... how did you know what the ip number was?
The IP number is that of your internal "web server" so it's based on what ip address you set on that.
It would have been more helpful if you had used different ports on the outside and inside. It's not entirely clear which the outside port is and which the inside port is
Thanks
show us how to hairpin it. :)
Or you could do it properly and run split DNS
I am looking for how to do that for ftp