Port Forwarding - Question before subscription

[pitchie 0]

Scenario

 

We operate from a rural location where broadband speeds are around 0.5 - 1Mbit. We have the opportunity to use an EE 4G router where we can get very competitive pricing for a 40Mbit connection. The problem with this solution is that EE do not allow incoming traffic and that gives us problem accessing our server for connections to HTTP, HTTPS, RDP and CCTV cameras etc.

 

Idea

 

The idea is to place a router that has a VPN client installed in it behind the EE router to connect to an AirVPN server. All the network computers would in turn, connect via the router to the internet via the VPN. In effect this gives us a public IP address we can connect to (preferably static but not essential) enabling us to connect to our server as the VPN router effectively punches through the EE restrictions.

 

Question

 

If I go with this idea, would I be able to forward ports such as 80,443, 3389 to my local server? Having read https://airvpn.org/faq/port_forwarding/ for the ports below 2048 I believe I'll have to do something like 3080 > 80 and 3443 > 443 etc?

 

Is my theory correct? I want to have all my ideas and conclusions in place before opting to go down this route as there is a significant outlay and commitment in terms of cost:

 

• 24 month EE contract - £41 per month
• Router - £85
• AirVPN subscription 54€

Any suggestions would be appreciated.

 

Thanks in advance.

 

Paul.

[go558a83nk 362]

Yes, I think you can make this work quite well though it takes a little configuration and trial and error.

 

I do think you will need to spend more money than you project to buy a router with powerful enough CPU to suit your needs.  Did you have one in mind?

 

Also, when you are forwarding ports you'll need to follow the below instructions no matter what router firmware you actually end up using.  It's all just a linux box in the end.

 

https://airvpn.org/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables/

[eyes878 43]

Yes, this is very possible with the AirVPN service.

 

IPs are also static unless the server gets revoked (which is very rare), and in the small case that that does happen, you will have to simply use another server.

 

This:

 

"Having read https://airvpn.org/f...ort_forwarding/ for the ports below 2048 I believe I'll have to do something like 3080 > 80 and 3443 > 443 etc?"

 

is correct. You can choose a free port, for example 54262 and translate it into port 80.

[pitchie 0]

Thank you. They're the answers I was looking for!

 

So another question...

 

Do I actually need a hardware router? Our server has resources spare. I could easily allocate a couple of gig of RAM to a VM and run maybe OpenWRT on it or something? Would that be feasible? I'll be learning on the job though so don't want to make things harder than they have to be! I'm very much a Windows guy and only have minimal Linux experience. I'm not saying I'll struggle but would purchase the hardware router if using a VM on our SBS server would overly complicate the matter.

 

Thanks for your help so far!

[rickjames 106]

Its possible to run the server as a router+server on linux, bsd or windows. No vm's would even be needed.

 

Just setup the box with additional nics. 1 wan, lan 1, lan 2, lan 3 ect.

Enable forwarding plus make a few firewall or nat rules os depending.

Connect server to the vpn via wan.

Connect the lan's and technically it should all function.

 

This is a really basic example, there's a bit more to it than that. And you would also need to consider a dhcp server for handouts on the lan's unless you ran all devices behind it static. Then dns ect.

 

However for simplicity and additional security running the routing + vpn on a separate machine "that's not windows" would really be the way to go. There's several router os setups that would make this entire process much much easier and more secure. Especially if its something you've not done before.