rcjk Posted May 25, 2021 Share Posted May 25, 2021 Hello, I am currently trying to set up a reverse proxy for nextcloud and am struggling with my current setup being that I am no networking expert. I am attempting to forward the HTTP and HTTPS port 80 and 443 respectively. My internet provider is a broadband wireless company which lead me to putting the antenna and router SMART/RG SR400ac in my shop (House is surrounded by trees). I wanted a wired network inside the house so here is what the installation looks like: Shop Router connected RJ-45 to ubiquti loco M2 which shoots the signal to the house where another ubiquti loco M2 is. This is then connected via RJ-45 to my Linksys WRT54GS router which my computer and UNRAID server are connected to the LAN ports. I don't know if I exactly set myself up for success on the configuration of the network. It took me about a good week of trial and error, youtube and persistence to get everything working. Some information on devices: loco 2M at shop Network mode: Bridge Wireless mode: Station WDS Firewall: disabled loco 2M at house Network mode: Bridge Wireless mode: Access Point WDS Firewall: disabled My router in the shop, loco 2Ms and the Linksys VLAN are all in same IP range say 192.168.5.XXX while the computer and server are connected via br0 with a different set of ip address say 192.168.3.XXX. When I forward the ports on the shop router I can select the destination to be the linksys router via the WAN/VLAN IP. Before forwarding the ports on the shop router, SWAG was throwing an error related to the firewalls. Once the ports were forwarded on the shop router, SWAG is starting with no errors which I thought I was home free. I am wondering if the bridge I have for the wired network in house is causing issues, the way I am forwarding ports or something I am not even aware of? From the tutorials I watched, I changed the ports on SWAG to 180 and 1443. Using the terminology per router it looks like the following for port 80: Shop Router: Direction: WAN to WAN Destination IP: IP of WAN/VLAN (Linksys) Protocol: TCP Local Port: 180 Public Port: 80 Linksys Router: Proto: TCP Ext Ports: 180 Int Address: IP address of Unraid server I have tried so many combinations trying to wrap my head around the flow of data. Such like leaving both public/local to 80 and trying 80 external and 180 internal on other router. I also tried some WAN to LAN combos with no luck. I didn't write down everything I did so it is very possible I just missed something in the hours spent already. Any help is appreciated! -respectfully rcjk Quote Link to comment
Squid Posted May 25, 2021 Share Posted May 25, 2021 My solution to having 2 routers (modem + router and another router that actually handled everything) was to simply put the 2nd router into the modem's DMZ, and then only doing the forwarding via the 2nd router. Quote Link to comment
rcjk Posted May 25, 2021 Author Share Posted May 25, 2021 Thanks for the tip, I will have to play around tonight after work. Just so I understand, the host IP address in the first router DMZ settings; is it the 2nd routers LAN IP or the WAN IP that connects to the first modem through the ubquiti bridges? I am thinking the latter. I am guessing there is still a firewall with my second router, I am virtually placing it outside of the first router if I understand DMZ correctly. Quote Link to comment
Ford Prefect Posted May 25, 2021 Share Posted May 25, 2021 (edited) My best guess is, that you are suffering from a double NAT complex problem and I do not think, that you actually need to have that double NAT situation in your setup. I actually have no knowledge of the features of your linksys router. By assuming that your inital WAN-Router/Shop router does already all the firewalling/NATing, you do not need a router at home, but only need a switch. The two locos are just a wireless, lengthy wire connecting your shop-routers LAN side with your Switch at home. What is the reason for having a different IP-net at home/unraid site from that of your shop? If you need a separate (V)LAN, why not starting right after the shop router and integrating the loco based wire and linksys router into that VLAN, instead of having these extending the shop lan/ip-net? Edited May 25, 2021 by Ford Prefect Quote Link to comment
rcjk Posted May 26, 2021 Author Share Posted May 26, 2021 Thanks Ford Perfect! That makes a lot of sense. I know at the time just to get internet up, I used what I had laying around. Literally last weekend I found two 3COM switches at thrift store for $2 a piece! I only need one to power my security cameras so I will use the other one to replace the router. Thanks for the idea, not sure why I thought I had to have a second router haha. I'll give it a go and see if that works Quote Link to comment
Ford Prefect Posted May 26, 2021 Share Posted May 26, 2021 if your Linksys at home also provides WiFi, try to configure it as an AccessPoint. This should disable the internal Firewall as well as DHCP-Server (the shop router will take care of that) and turn it into an AP with a 5-Port Switch (as the WAN port normally will be converted to an additional LAN port as well). Quote Link to comment
rcjk Posted May 27, 2021 Author Share Posted May 27, 2021 Nice, right now I don't need wifi from the linksys but will keep that in mind if I ever do. I went ahead and took your advice on replacing the second router with a switch and it appears the ports are now open fine. Thanks for all the help! 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.