Community discussions

 
rexilafa
just joined
Topic Author
Posts: 8
Joined: Tue Mar 12, 2019 5:39 pm

Forward port 9081

Wed Aug 21, 2019 6:00 pm

Hi!
Needing help forwarding port 9081 (for ubiquiti aircontrol2).
I added this NAT rules:
add action=masquerade chain=srcnat src-address=192.168.88.88
add action=dst-nat chain=dstnat dst-port=9081 in-interface=bridge1 protocol=tcp to-addresses=192.168.88.88

Is the second one wrong?

This is my setup:
bridge1: all ports between eth1 and eth5.
eth6: ip address 192.168.88.1.
I have my Aircontrol2 server connected to eth6 with IP 192.168.88.88.

All the radios can be accesed through web setup from 192.168.88.88. But I cannot monitor them because they can't see the AC server on port 9081.
What am I'm missing?
 
Sob
Forum Guru
Forum Guru
Posts: 4669
Joined: Mon Apr 20, 2009 9:11 pm

Re: Forward port 9081

Wed Aug 21, 2019 8:31 pm

I don't know what you're missing, but we're missing more info.

- Radios are connected to eth1-eth5, I guess?
- What's their IP config, addresses, routes?
- To what address are they connecting? I'd guess 192.168.88.88, but then you wouldn't need dstnat.
- What's the IP config on router's bridge1?
- What are your other firewall rules?
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
rexilafa
just joined
Topic Author
Posts: 8
Joined: Tue Mar 12, 2019 5:39 pm

Re: Forward port 9081

Thu Aug 22, 2019 5:29 pm

I don't know what you're missing, but we're missing more info.

- Radios are connected to eth1-eth5, I guess?
Yes, they are reachable through eth 1 and eth 2.
- What's their IP config, addresses, routes?
They are in 192.168.5.0/24, 192.168.10.0/24, 192.168.20.0/24, 192.168.30.0/24, 192.168.50.0/24 ip ranges in bridge mode.
And others in 172.16.1.0/24, 172.20.1.0/24, 172.30.1.0/24 in router mode.
For the ones on bridge mode I have added an IP for each subrange and can connect to all of them via web or via ssh.
Also can connect to all the ones in router mode.
- To what address are they connecting? I'd guess 192.168.88.88, but then you wouldn't need dstnat.
The main pppoe server is in 192.168.5.1. Most of the radios connect to APs on a switch that links to a PtP link to the server.
From that switch there is a PtP link to my router (connected to eth1). On Eth2 there is another AP for some radios near my zone.
I attached a small diagram.
- What's the IP config on router's bridge1?
I have added an IP for each subnet. I use the IP 192.168.5.3 to access it from outisde and 192.168.88.1 from eth6.
- What are your other firewall rules?
I have no other rules. The router was used simply as a switch, I'm just starting to set it up for the AC server.
You do not have the required permissions to view the files attached to this post.
 
Sob
Forum Guru
Forum Guru
Posts: 4669
Joined: Mon Apr 20, 2009 9:11 pm

Re: Forward port 9081  [SOLVED]

Thu Aug 22, 2019 7:15 pm

Do the radios have route to 192.168.88.88? They need either route to this address (or larger subnet like 192.168.88.0/24) or default route, both with gateway being whatever address from their subnet you added to router. For example, radio with address in 192.168.5.0/24 subnet needs route with gateway 192.168.5.3. Then they can connect directly to 192.168.88.88 and you don't need any NAT. That's one way.

Another is with NAT, with the rules you posted, but in that case they would be connecting to 192.168.5.3, etc.

I'd prefer the first one, it's better to avoid NAT if possible.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
rexilafa
just joined
Topic Author
Posts: 8
Joined: Tue Mar 12, 2019 5:39 pm

Re: Forward port 9081

Fri Aug 23, 2019 3:53 pm

Added static route to radio and started monitoring.
Thanks Sob!
 
rexilafa
just joined
Topic Author
Posts: 8
Joined: Tue Mar 12, 2019 5:39 pm

Re: Forward port 9081

Fri Aug 23, 2019 6:13 pm

Sorry to bother you with one more thing...
I'm able to monitor the radios in bridge mode. But the ones in router mode are not reaching the server...
From the radios in router mode I can ping the router and any other subnet without trouble.
The radios get their IP assigned by the pppoe server with 172.16.0.0/24 through 172.30.0.0/24.
I can ping router from radios on 192.168.5.3 or 192.168.88.1. I added a static route to 192.168.88.88 with differents gateways and no luck...
Should I add an ip for each range of 172 on the router?
 
Sob
Forum Guru
Forum Guru
Posts: 4669
Joined: Mon Apr 20, 2009 9:11 pm

Re: Forward port 9081

Sat Aug 24, 2019 12:44 am

It's still the same principle, you need correct routing between both ends. If some radios get addresses from PPPoE, maybe you need to route it through PPPoE server. Adding addresses to router could help too, but I'm not sure about all configuration details, so I can't guarantee that it won't break something.

You should really read up on routing, it's very basic networking, lesson #1, right after the chapter "how to turn it on". I don't know what kind of network you have, but it can only help if you know what you're doing. :)
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
rexilafa
just joined
Topic Author
Posts: 8
Joined: Tue Mar 12, 2019 5:39 pm

Re: Forward port 9081

Tue Aug 27, 2019 3:38 pm

Thanks Sob.

Who is online

Users browsing this forum: MSN [Bot] and 3 guests