ANSWERED Forwarded Ports Don't Match but Work

[bryson1968 0]

I've been struggling with forwarded ports through an ASIS GT-AX11000 Pro running an interesting feature set with beta FW 9.0.0.6.102_4856. This allows me to create a network for a VPN.  can bring an AirVPN router config in and make a wireless network to access it.

Anyway, the port number I am using defined by AirVPN is 02866 where the "0" is a placeholder. Running Plex as a test it reports: 


192.168.1.2:32400  Public 095.206.105.227:05837 where "0" is a placeholder.

How did 02866 become 05837? I can also test on a non virtualized box but I'm not used to troubleshooting things that are working.

It works though. Nothing done with the firewalls. Just aim the VPN from the router and setup the forward port through this site. I hit the test for open ports and it times out though the correct IP address DDNS resolves outside of the network.

I'm missing something. This shouldn't work. Something is happening that I don't understand.

The goal is to bring up a Linux box that I am not familiar with the networking. I'll test it raw soon but if the detected port number is different than what I reserved here, I'm not sure how to test or if it matters.

I also was surprised how well live TV played from Zurich.

[Staff 10116]

3 hours ago, Peter k said:

192.168.1.2:32400  Public 095.206.105.227:05837 where "0" is a placeholder.

How did 02866 become 05837? I can also test on a non virtualized box but I'm not used to troubleshooting things that are working.

Hello!

That's defined on the Plex settings. In your specific case this is not relevant because you have the remote port *2866 forwarded to your VPN interface port 32400, so port *2866 never comes into play in your system and everything works. You don't need any modification.

Kind regards
 

[bryson1968 0]

Thanks. Reading other threads gives me the impression that Plex is not good as a test bed for port forwarding. I am new to Linux and that's what my goal is. I want to stick with Windows until I get the concepts down. I have tried my best to find answers in the existing threads that best match my configuration. The question is what to do with so many parts.

The production system will be an ASUS GT-AX11000 Pro running 9.0.0.6.102_4856 firmware with a Wireguard inbound AirVPN proxy. The router assigns devices to the VPN.

I wonder why a VPN would be 100% needed in this case on the client/router side. The client (server) should be agnostic either way. It's just a port coming in and being sent to the server, mapped from the router. Does the server need the VPN? It's just accepting packets in general and sending them back out the same way.

Or, to protect the server and allow it to communicate on the same network, use the VPN that is provided by the router. In that case, does the router still forward the ports or is it done by the server's firewall? It gets further complicated if the server is a guest of a VM host. Now, there are three firewalls. Router, host, guest. For now, I'm running it on a standard install.

I think bringing up a web server is best instead of trying to test with Plex. As I said before, if I don't change the port number in Plex and stick with changing the local port in the rule, it still reports a port like 12435 which has nothing to do with anything. I have no idea where it is getting from but that isn't the forwarded port. The main Plex thread on the forum speaks of connections that last briefly. That is not unusual even without port forwarding. A rule is needed in Window's firewall to stop this. I have no idea why it appears to work briefly and then stops working.

What I think is needed is, VPN connected to router. Router assigns VPN to client. *Router then opens a port to go to the client. *Client firewall then forwards that port. I am not sure about those in "*".

The current test isn't using the router connected to the VPN. It's using Eddie. I'm not clear if this requires a client firewall rule but that's an easy check. I want to get this to work then go back to the router config. I have tried to avoid Yet Another Port Forward thread but I've been trying for a week.

I'll bring up something on port 80. Maybe IIS itself. If you have further guidance, then great.

BTW, this firmware allows 16 VPNs! You can create a network for each and broadcast the wirelessly. I'm pondering a honey pot that drops the nosey into Denmark or somethin 😀