Jump to content

Weird Port Forwarding Question

SRLRacing
By SRLRacing
in Networking
 Share
Posted

Hey everyone,

 

I am no developer or anything like that but I have been put in charge of the development of an IOT product. It requires a strange network setup that will have me installing a router behind my customer's router for my IOT device. This requires port forwarding for some remote access capabilities. If I ship my product with the ports forwarded in my router will it still forward the ports through my customer's router? Or do the same ports need to be forwarded in their router as well?

 

Thank in advanced for any advice you can give me!

Link to comment
https://linustechtips.com/topic/1233289-weird-port-forwarding-question/
Share on other sites
Link to post
Share on other sites
Posted
10 minutes ago, RageTester said:

Routers stink... wish modems had faster speeds, then I would never stop using mine...

You better make sure your customers ISP plan even supports port forwarding first.

So much is wrong with this it makes my head hurt.

A modem just modulates and demodulates a signal to go from one medium (coax) to another (ethernet). There are limits in the chipsets of the modems but if your ISP can provision you more speed and the modem can handle it then you keep your same modem. Routers literally give you and everything else access to the internet, they route your traffic to the ISP, do NAT, and can do DHCP and all sorts of other things for more advanced consumer units (combo units usually). Routers in no way shape or form "stink" and if you didn't use one and plugged directly into a modem you would get 1 public IP address and nothing else, your PC would literally sit exposed on the internet, the consumer router at least provides a basic firewall and some protection from that.

 

An ISP plan doesn't care about port forwarding, the firmware in a consumer router might be locked down or just plain shit but I have never seen an ISP say "you cannot port forward" unless they are doing CGNAT in which case you port forwarding is pointless because you're behind two layers of NAT and you need to ask the ISP (and pay them money) to forward a port to your internal address.

 

Edit:

I probably come across as an ass with that first statement. Sorry about that, didn't mean to, just been a long day :(

Current Network Layout:

Current Build Log/PC:

Storage Server Setup:

 

Prior Build Log/PC:

Link to post
Share on other sites
Posted
13 minutes ago, SRLRacing said:

Hey everyone,

 

I am no developer or anything like that but I have been put in charge of the development of an IOT product. It requires a strange network setup that will have me installing a router behind my customer's router for my IOT device. This requires port forwarding for some remote access capabilities. If I ship my product with the ports forwarded in my router will it still forward the ports through my customer's router? Or do the same ports need to be forwarded in their router as well?

 

Thank in advanced for any advice you can give me!

No, your router will port forward its portion of the network and that is it. The customer will need to open up ports on their router as well to point to your router if you need to get direct access from the internet to the IOT device. Now, depending on the setup, a tunnel from the IOT device through your router, through their router (without any forwarding), and to a server could allow access without the customer port forwarding anything but that's not exactly straight forward and poses security issues of its own.

Current Network Layout:

Current Build Log/PC:

Storage Server Setup:

 

Prior Build Log/PC:

Link to post
Share on other sites
Posted
3 minutes ago, Lurick said:

need to ask the ISP (and pay them money) to forward a port to your internal address.

Exactly my case... I used modem from 2009 till 2013 without problems... now with a router I am always getting weird slowdowns or complete loss of connection, not to mention I can't even play fav. game cuz of firewall...

Link to post
Share on other sites
Posted

The ports need to be forwarded at every point in the chain.

NEW PC build: Blank Heaven   minimalist white and black PC     Old S340 build log "White Heaven"        The "LIGHTCANON" flashlight build log        Project AntiRoll (prototype)        Custom speaker project

Spoiler

Ryzen 3950X | AMD Vega Frontier Edition | ASUS X570 Pro WS | Corsair Vengeance LPX 64GB | NZXT H500 | Seasonic Prime Fanless TX-700 | Custom loop | Coolermaster SK630 White | Logitech MX Master 2S | Samsung 980 Pro 1TB + 970 Pro 512GB | Samsung 58" 4k TV | Scarlett 2i4 | 2x AT2020

 

Link to post
Share on other sites
Posted
  • Author
5 minutes ago, Lurick said:

No, your router will port forward its portion of the network and that is it. The customer will need to open up ports on their router as well to point to your router if you need to get direct access from the internet to the IOT device. Now, depending on the setup, a tunnel from the IOT device through your router, through their router (without any forwarding), and to a server could allow access without the customer port forwarding anything but that's not exactly straight forward and poses security issues of its own.

Thanks for the answer here. That was about the answer I was expecting. The big thing killing me is getting access to my customer's router and training my installers so I am trying to find a way where they don't have the need to mess with networking outside of the physical installation. 

Link to post
Share on other sites
Posted
7 minutes ago, SRLRacing said:

Thanks for the answer here. That was about the answer I was expecting. The big thing killing me is getting access to my customer's router and training my installers so I am trying to find a way where they don't have the need to mess with networking outside of the physical installation. 

Only loophole that comes to mind outside a VPN is UPnP but that's why IOT devices aren't great. They get hacked and assimilated into DDoS clusters so I wouldn't recommend it for security reasons.

 

Consumer routers are usually simple enough to figure out port forwarding on. A bigger issue you're going to have is not all ISPs allow port forwarding or charge the customer a fee. Then there's people who don't know how to network and put themselves behind a Double NAT so you have yourself a real dilemma if your IOT device needs to be port forwarded.

 

I don't see why you need to install a router with this device. It would put the IoT device behind a Double NAT and you can't Port Forward that easily.

Guides & Tutorials:

PROXMOX - Rebuilding ZFS RAID rpool After Disk Failure

Mass Deploying Customized Windows 10/11 Installs

Building a GNU/Linux Based Windows Deployment Server

GNU/Linux Installer Server: Installation & Configuration

How to: Use (i)PXE to Install Windows from a Network

Why Memorize IP's When You Can Self-Host DNS Instead?

Ventoy - The USB Multi-Boot Utility!

Introduction to PXE/iPXE Network Boot Featuring FreeBSD & Ubuntu Server

 

Don't see what you need? Check the Full List or *PM me, if I haven't made it I'll add it to the list.

*NOTE: I'll only add it to the list if the request is something I know I can do.

Link to post
Share on other sites
Posted
1 hour ago, SRLRacing said:

Hey everyone,

 

I am no developer or anything like that but I have been put in charge of the development of an IOT product. It requires a strange network setup that will have me installing a router behind my customer's router for my IOT device. This requires port forwarding for some remote access capabilities. If I ship my product with the ports forwarded in my router will it still forward the ports through my customer's router? Or do the same ports need to be forwarded in their router as well?

 

Thank in advanced for any advice you can give me!

Port forwarding thru multiple routers is generally harder to do. Without knowing the config your customers have, and if they actually gets a public IP address vs a Private IP address from their ISP this would be hard to do. 

I just want to sit back and watch the world burn. 

Link to post
Share on other sites
Posted
  • Author
6 minutes ago, Windows7ge said:

Only loophole that comes to mind outside a VPN is UPnP but that's why IOT devices aren't great. They get hacked and assimilated into DDoS clusters so I wouldn't recommend it for security reasons.

 

Consumer routers are usually simple enough to figure out port forwarding on. A bigger issue you're going to have is not all ISPs allow port forwarding or charge the customer a fee. Then there's people who don't know how to network and put themselves behind a Double NAT so you have yourself a real dilemma if your IOT device needs to be port forwarded.

 

I don't see why you need to install a router with this device. It would put the IoT device behind a Double NAT and you can't Port Forward that easily.

The problem is that I'm trying to setup a cellular failover which outside mega dollar solutions is hard to come by after Netgear discontinued the LB2120. I am now looking for a router that has similar capability because I remember Asus used to have a whole line of routers with built in failover. 

Link to post
Share on other sites
Posted
2 minutes ago, SRLRacing said:

The problem is that I'm trying to setup a cellular failover which outside mega dollar solutions is hard to come by after Netgear discontinued the LB2120. I am now looking for a router that has similar capability because I remember Asus used to have a whole line of routers with built in failover. 

Unfortunately I cannot think of any inexpensive consumer friendly solution outside of replacing their router with the one you want to use even then some ISPs don't let you do this.

 

The easiest consumer friendly option I can think of that doesn't open up the user or device to unnecessary threats would be to run your device through a VPN. This could be expensive depending on the planned scale of the product but it would be in everyone's best interest as it would work for people with locked down routers and Double NAT situations. It'd also let you use your planned router and it'd be plug'n'play for the installers.

Guides & Tutorials:

PROXMOX - Rebuilding ZFS RAID rpool After Disk Failure

Mass Deploying Customized Windows 10/11 Installs

Building a GNU/Linux Based Windows Deployment Server

GNU/Linux Installer Server: Installation & Configuration

How to: Use (i)PXE to Install Windows from a Network

Why Memorize IP's When You Can Self-Host DNS Instead?

Ventoy - The USB Multi-Boot Utility!

Introduction to PXE/iPXE Network Boot Featuring FreeBSD & Ubuntu Server

 

Don't see what you need? Check the Full List or *PM me, if I haven't made it I'll add it to the list.

*NOTE: I'll only add it to the list if the request is something I know I can do.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×