Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Trying to Port Forward Behind 2 Routers
New Posts  All Forums:Forum Nav:

Trying to Port Forward Behind 2 Routers

post #1 of 14
Thread Starter 
Hi guys, I'm a bit of a networking newb here.
I'm comfortable around computers, but the networking side has always eluded me, too much terminology and numbers have always kind of scared me off.

I think it's time I started slowly fixing that.

I've got dd-wrt on my older Linksys WRT54GL v1.1



It's a bit of an odd situation I find myself in, I'm the landlord, but since my new tenants had a DSL contract, I'm actually sharing off their internet connection.


The current setup looks like this.

Provider -> DSL Modem/Router -> My Linksys Router -> My Computer.


I am trying to do some port mapping for a game (Supreme Commander, it's a bit older and uses a P2P connection).
I did the steps in this list.
http://portforward.com/english/routers/port_forwarding/Linksys/WRT54GL/Supreme_Commander.htm
However, being behind a 2nd router, it doesn't seem to be working for me.


Can somebody give me a hand and point me in the right direction?
Both on how to fix this and the reasoning behind it?

I'd like to learn! smile.gif
Dostya
(13 items)
 
  
Reply
Dostya
(13 items)
 
  
Reply
post #2 of 14
You would need to be doing port forwarding on both routers.

Provider -> DSL Modem/Router -> My Linksys Router -> My Computer
port xxx -> port xxx -> port xxx
Work in Progress
(15 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-8350 Gigabyte GA-990FXA-UD3 Sapphire Radeon HD7850 Mushkin Blackline Frostbyte PC3-12800 2x4GB DDR3 
RAMHard DriveHard DriveCooling
Mushkin Blackline Frostbyte PC3-12800 2x4GB DDR3 Samsung 850 EVO Crucial M4 Kraken x61 
OSMonitorPowerCase
Windows 7 64 Bit 22" LG LCD Seasonic X760 NZXT S340 Elite (White) 
  hide details  
Reply
Work in Progress
(15 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-8350 Gigabyte GA-990FXA-UD3 Sapphire Radeon HD7850 Mushkin Blackline Frostbyte PC3-12800 2x4GB DDR3 
RAMHard DriveHard DriveCooling
Mushkin Blackline Frostbyte PC3-12800 2x4GB DDR3 Samsung 850 EVO Crucial M4 Kraken x61 
OSMonitorPowerCase
Windows 7 64 Bit 22" LG LCD Seasonic X760 NZXT S340 Elite (White) 
  hide details  
Reply
post #3 of 14
Bridge the modem to the router
    
CPUMotherboardGraphicsGraphics
Intel Core i7 860 Asus P7P55D-E Pro MSI GTX560 Ti TwinFrozr II MSI GTX560 Ti TwinFrozr II 
RAMHard DriveHard DriveHard Drive
Corsair 8GB DDR3 OCZ Vertex 3 Western Digital Caviar Black Western Digital Caviar Green 
Hard DriveOptical DriveCoolingOS
Samsung 840 Pro Lite-On 24x DVD-RW CoolerMaster V8 Windows 8.1 Professional 
OSMonitorMonitorMonitor
Debian 7.1 Samsung S22B350H Samsung S22B350H Samsung S22B350H 
KeyboardPowerCaseMouse
Ducky Shine II Corsair HX850 CoolerMaster Storm Enforcer Logitech M500 
Mouse PadAudio
Razer Goliathus Microsoft LifeChat LX 3000 
  hide details  
Reply
    
CPUMotherboardGraphicsGraphics
Intel Core i7 860 Asus P7P55D-E Pro MSI GTX560 Ti TwinFrozr II MSI GTX560 Ti TwinFrozr II 
RAMHard DriveHard DriveHard Drive
Corsair 8GB DDR3 OCZ Vertex 3 Western Digital Caviar Black Western Digital Caviar Green 
Hard DriveOptical DriveCoolingOS
Samsung 840 Pro Lite-On 24x DVD-RW CoolerMaster V8 Windows 8.1 Professional 
OSMonitorMonitorMonitor
Debian 7.1 Samsung S22B350H Samsung S22B350H Samsung S22B350H 
KeyboardPowerCaseMouse
Ducky Shine II Corsair HX850 CoolerMaster Storm Enforcer Logitech M500 
Mouse PadAudio
Razer Goliathus Microsoft LifeChat LX 3000 
  hide details  
Reply
post #4 of 14
While you could either forward ports on both routers or bridge/combine the two LANs and just port-forward on the DSL router, I would recommend considering security before committing to a particular solution.


A segmented approach places you behind your router's firewall and keeps you on a separate broadcast domain internally. While more secure, it is inherently more complex.

Bridging the two networks leaves you entirely at the mercy of the tenant's security skill set and leaves the both of you open to snooping, viruses, etc. You might as well plug your PC directly into their DSL router.

Regardless as to which solution you go for (save getting your own ISP connection), ultimately, you're going to have to rely on your tenants for any kind of port-forwarding or firewall modifications --unless they let you do it yourself.

 
Kids-PC
(12 items)
 
White Heat
(20 items)
 
CPUMotherboardGraphicsRAM
Intel Core i5-2400 - BX80623I52400 ASUS P8P67 GIGABYTE GeForce GTX 550 Ti - GV-N550D5-1GI G.SKILL Ripjaws X + Turbulence II 
Hard DriveHard DriveOptical DriveCooling
80 GB Hitachi SATA II 500 GB Seagate SATA II LITE-ON 24X DVD Writer - iHAS224-06 CORSAIR CAFA50 
OSMonitorPowerCase
Microsoft Windows 7 Ultimate Edition 64-bit Acer G205HVbd Rosewill HIVE Series HIVE-650 NZXT Source 210 S210-001 
CPUMotherboardGraphicsRAM
Intel Core i7-4790K ASUS Maximus VII Impact EVGA GeForce GTX 980 Ti Classified G.SKILL Trident X Series F3-1600C7D-16GTX 
Hard DriveHard DriveCoolingOS
Samsung 840 EVO (OS Drive) Samsung XP941 (Storage Drive) Corsair Hydro Series Extreme Performance H100i Microsoft Windows 10 Professional 
MonitorMonitorKeyboardPower
ASUS ROG Swift PG278Q ASUS PB278Q Corsair Vengeance K70 RGB (non-trampstamp) Corsair AX860 
CaseMouseOtherOther
Corsair Graphite 380T Logitech G400 Corsair - Individually Sleeved AX 860/760 ATX 2... Individually Sleeved AX 860/760 ATX 24pin Cable... 
OtherOtherOtherOther
Xbox 360 Wireless Gaming Receiver BitFenix Spectre Pro 200mm Fan - White LED (BFF... Corsair SP120 PWM High Performance Fans Corsair AF120 Quite Edition Fan 
  hide details  
Reply
 
Kids-PC
(12 items)
 
White Heat
(20 items)
 
CPUMotherboardGraphicsRAM
Intel Core i5-2400 - BX80623I52400 ASUS P8P67 GIGABYTE GeForce GTX 550 Ti - GV-N550D5-1GI G.SKILL Ripjaws X + Turbulence II 
Hard DriveHard DriveOptical DriveCooling
80 GB Hitachi SATA II 500 GB Seagate SATA II LITE-ON 24X DVD Writer - iHAS224-06 CORSAIR CAFA50 
OSMonitorPowerCase
Microsoft Windows 7 Ultimate Edition 64-bit Acer G205HVbd Rosewill HIVE Series HIVE-650 NZXT Source 210 S210-001 
CPUMotherboardGraphicsRAM
Intel Core i7-4790K ASUS Maximus VII Impact EVGA GeForce GTX 980 Ti Classified G.SKILL Trident X Series F3-1600C7D-16GTX 
Hard DriveHard DriveCoolingOS
Samsung 840 EVO (OS Drive) Samsung XP941 (Storage Drive) Corsair Hydro Series Extreme Performance H100i Microsoft Windows 10 Professional 
MonitorMonitorKeyboardPower
ASUS ROG Swift PG278Q ASUS PB278Q Corsair Vengeance K70 RGB (non-trampstamp) Corsair AX860 
CaseMouseOtherOther
Corsair Graphite 380T Logitech G400 Corsair - Individually Sleeved AX 860/760 ATX 2... Individually Sleeved AX 860/760 ATX 24pin Cable... 
OtherOtherOtherOther
Xbox 360 Wireless Gaming Receiver BitFenix Spectre Pro 200mm Fan - White LED (BFF... Corsair SP120 PWM High Performance Fans Corsair AF120 Quite Edition Fan 
  hide details  
Reply
post #5 of 14
An easy and simple way to fix this is to go on the new tenants router set your router IP in what is a DMZ (De-militarised zone).

What this does it completely opens you up the internet as if their router wasn't even there, this means that you'll have your own router protecting you from the internet and not theirs.

Although doing this reduces security as you no longer have 2 routers protecting you, it doesn't mean that you are any less vulnerable than a normal home network that only uses a single router.

Their router will pass any packets from the internet to your router regardless of what they tell it to do for their network.

On the other hand if you didn't mind doing some configuration you could just port forward the same ports on their router (I think the first comment mentioned this), this wouldn't open your router to the internet and their security policies etc. will still apply to your traffic.
Skynet HQ
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Athlon X2 Dual Core 2.70GHz Asus M3N-78 PRO ATI XFX 5770 5GB Corsair DDR2 
OSMonitorKeyboardPower
Windows 7 Ultimate 2x 23" LG Flatrons Logitech MX3100 850w PSU 
CaseMouse
X-Blade Gaming Case Logitech MX1100 
  hide details  
Reply
Skynet HQ
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Athlon X2 Dual Core 2.70GHz Asus M3N-78 PRO ATI XFX 5770 5GB Corsair DDR2 
OSMonitorKeyboardPower
Windows 7 Ultimate 2x 23" LG Flatrons Logitech MX3100 850w PSU 
CaseMouse
X-Blade Gaming Case Logitech MX1100 
  hide details  
Reply
post #6 of 14
Quote:
Originally Posted by L.J View Post

An easy and simple way to fix this is to go on the new tenants router set your router IP in what is a DMZ (De-militarised zone).

What this does it completely opens you up the internet as if their router wasn't even there, this means that you'll have your own router protecting you from the internet and not theirs.

Although doing this reduces security as you no longer have 2 routers protecting you, it doesn't mean that you are any less vulnerable than a normal home network that only uses a single router.

Their router will pass any packets from the internet to your router regardless of what they tell it to do for their network.

On the other hand if you didn't mind doing some configuration you could just port forward the same ports on their router (I think the first comment mentioned this), this wouldn't open your router to the internet and their security policies etc. will still apply to your traffic.

DMZing the 2nd router would likely break any port forwards on the first router.
    
CPUMotherboardGraphicsGraphics
Intel Core i7 860 Asus P7P55D-E Pro MSI GTX560 Ti TwinFrozr II MSI GTX560 Ti TwinFrozr II 
RAMHard DriveHard DriveHard Drive
Corsair 8GB DDR3 OCZ Vertex 3 Western Digital Caviar Black Western Digital Caviar Green 
Hard DriveOptical DriveCoolingOS
Samsung 840 Pro Lite-On 24x DVD-RW CoolerMaster V8 Windows 8.1 Professional 
OSMonitorMonitorMonitor
Debian 7.1 Samsung S22B350H Samsung S22B350H Samsung S22B350H 
KeyboardPowerCaseMouse
Ducky Shine II Corsair HX850 CoolerMaster Storm Enforcer Logitech M500 
Mouse PadAudio
Razer Goliathus Microsoft LifeChat LX 3000 
  hide details  
Reply
    
CPUMotherboardGraphicsGraphics
Intel Core i7 860 Asus P7P55D-E Pro MSI GTX560 Ti TwinFrozr II MSI GTX560 Ti TwinFrozr II 
RAMHard DriveHard DriveHard Drive
Corsair 8GB DDR3 OCZ Vertex 3 Western Digital Caviar Black Western Digital Caviar Green 
Hard DriveOptical DriveCoolingOS
Samsung 840 Pro Lite-On 24x DVD-RW CoolerMaster V8 Windows 8.1 Professional 
OSMonitorMonitorMonitor
Debian 7.1 Samsung S22B350H Samsung S22B350H Samsung S22B350H 
KeyboardPowerCaseMouse
Ducky Shine II Corsair HX850 CoolerMaster Storm Enforcer Logitech M500 
Mouse PadAudio
Razer Goliathus Microsoft LifeChat LX 3000 
  hide details  
Reply
post #7 of 14
Quote:
Originally Posted by dushan24 View Post

DMZing the 2nd router would likely break any port forwards on the first router.

I think you might be right --especially if both networks need the same ports forwarded. I'm not sure what would happen if, for example, they both hosted something like a Minecraft server. I'm inclined to think the defined port-forwarding policy would process that traffic, and the DMZ host would see none of it.
 
Kids-PC
(12 items)
 
White Heat
(20 items)
 
CPUMotherboardGraphicsRAM
Intel Core i5-2400 - BX80623I52400 ASUS P8P67 GIGABYTE GeForce GTX 550 Ti - GV-N550D5-1GI G.SKILL Ripjaws X + Turbulence II 
Hard DriveHard DriveOptical DriveCooling
80 GB Hitachi SATA II 500 GB Seagate SATA II LITE-ON 24X DVD Writer - iHAS224-06 CORSAIR CAFA50 
OSMonitorPowerCase
Microsoft Windows 7 Ultimate Edition 64-bit Acer G205HVbd Rosewill HIVE Series HIVE-650 NZXT Source 210 S210-001 
CPUMotherboardGraphicsRAM
Intel Core i7-4790K ASUS Maximus VII Impact EVGA GeForce GTX 980 Ti Classified G.SKILL Trident X Series F3-1600C7D-16GTX 
Hard DriveHard DriveCoolingOS
Samsung 840 EVO (OS Drive) Samsung XP941 (Storage Drive) Corsair Hydro Series Extreme Performance H100i Microsoft Windows 10 Professional 
MonitorMonitorKeyboardPower
ASUS ROG Swift PG278Q ASUS PB278Q Corsair Vengeance K70 RGB (non-trampstamp) Corsair AX860 
CaseMouseOtherOther
Corsair Graphite 380T Logitech G400 Corsair - Individually Sleeved AX 860/760 ATX 2... Individually Sleeved AX 860/760 ATX 24pin Cable... 
OtherOtherOtherOther
Xbox 360 Wireless Gaming Receiver BitFenix Spectre Pro 200mm Fan - White LED (BFF... Corsair SP120 PWM High Performance Fans Corsair AF120 Quite Edition Fan 
  hide details  
Reply
 
Kids-PC
(12 items)
 
White Heat
(20 items)
 
CPUMotherboardGraphicsRAM
Intel Core i5-2400 - BX80623I52400 ASUS P8P67 GIGABYTE GeForce GTX 550 Ti - GV-N550D5-1GI G.SKILL Ripjaws X + Turbulence II 
Hard DriveHard DriveOptical DriveCooling
80 GB Hitachi SATA II 500 GB Seagate SATA II LITE-ON 24X DVD Writer - iHAS224-06 CORSAIR CAFA50 
OSMonitorPowerCase
Microsoft Windows 7 Ultimate Edition 64-bit Acer G205HVbd Rosewill HIVE Series HIVE-650 NZXT Source 210 S210-001 
CPUMotherboardGraphicsRAM
Intel Core i7-4790K ASUS Maximus VII Impact EVGA GeForce GTX 980 Ti Classified G.SKILL Trident X Series F3-1600C7D-16GTX 
Hard DriveHard DriveCoolingOS
Samsung 840 EVO (OS Drive) Samsung XP941 (Storage Drive) Corsair Hydro Series Extreme Performance H100i Microsoft Windows 10 Professional 
MonitorMonitorKeyboardPower
ASUS ROG Swift PG278Q ASUS PB278Q Corsair Vengeance K70 RGB (non-trampstamp) Corsair AX860 
CaseMouseOtherOther
Corsair Graphite 380T Logitech G400 Corsair - Individually Sleeved AX 860/760 ATX 2... Individually Sleeved AX 860/760 ATX 24pin Cable... 
OtherOtherOtherOther
Xbox 360 Wireless Gaming Receiver BitFenix Spectre Pro 200mm Fan - White LED (BFF... Corsair SP120 PWM High Performance Fans Corsair AF120 Quite Edition Fan 
  hide details  
Reply
post #8 of 14
Quote:
Originally Posted by felladium View Post

I think you might be right --especially if both networks need the same ports forwarded. I'm not sure what would happen if, for example, they both hosted something like a Minecraft server. I'm inclined to think the defined port-forwarding policy would process that traffic, and the DMZ host would see none of it.

My understanding of it is that the first router would employ PAT overflow. Therefore the correct traffic would be sent to the correct internal IP address. Such as if you had 2 instances of HTTP using port 80 on the same network, using PAT overflow the router works out which host is which outside IP and thus routes the correct traffic.

I'm fairly confident that it would work but worst case scenario is that you just delete the DMZ IP address and port forward it manually. DMZing just saves you the hassle of having future access to the first route.

Someone please correct me if I'm wrong.
Skynet HQ
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Athlon X2 Dual Core 2.70GHz Asus M3N-78 PRO ATI XFX 5770 5GB Corsair DDR2 
OSMonitorKeyboardPower
Windows 7 Ultimate 2x 23" LG Flatrons Logitech MX3100 850w PSU 
CaseMouse
X-Blade Gaming Case Logitech MX1100 
  hide details  
Reply
Skynet HQ
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Athlon X2 Dual Core 2.70GHz Asus M3N-78 PRO ATI XFX 5770 5GB Corsair DDR2 
OSMonitorKeyboardPower
Windows 7 Ultimate 2x 23" LG Flatrons Logitech MX3100 850w PSU 
CaseMouse
X-Blade Gaming Case Logitech MX1100 
  hide details  
Reply
post #9 of 14
Quote:
Originally Posted by dushan24 View Post

DMZing the 2nd router would likely break any port forwards on the first router.

For a minute there I didn't quite understand what you mean by "break any port forwards", but I explain it in the comment above.

Just wanted to say, I like you display pic. Fractal shapes are crazy things and also help to answer the question "How long is a piece of string?" thumb.gif
Skynet HQ
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Athlon X2 Dual Core 2.70GHz Asus M3N-78 PRO ATI XFX 5770 5GB Corsair DDR2 
OSMonitorKeyboardPower
Windows 7 Ultimate 2x 23" LG Flatrons Logitech MX3100 850w PSU 
CaseMouse
X-Blade Gaming Case Logitech MX1100 
  hide details  
Reply
Skynet HQ
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Athlon X2 Dual Core 2.70GHz Asus M3N-78 PRO ATI XFX 5770 5GB Corsair DDR2 
OSMonitorKeyboardPower
Windows 7 Ultimate 2x 23" LG Flatrons Logitech MX3100 850w PSU 
CaseMouse
X-Blade Gaming Case Logitech MX1100 
  hide details  
Reply
post #10 of 14
Quote:
Originally Posted by L.J View Post

My understanding of it is that the first router would employ PAT overflow. Therefore the correct traffic would be sent to the correct internal IP address. Such as if you had 2 instances of HTTP using port 80 on the same network, using PAT overflow the router works out which host is which outside IP and thus routes the correct traffic.

I'm fairly confident that it would work but worst case scenario is that you just delete the DMZ IP address and port forward it manually. DMZing just saves you the hassle of having future access to the first route.

Someone please correct me if I'm wrong.

That is true for outbound traffic. Example: You and someone else on your network go to Google:80 and the router keeps track of the translations for those outbound flows.

The current concern is with inbound traffic. There is only one Internet routeable IP of concern in this equation (the WAN IP of the first router). That will be the destination IP used any client wishing to communicate with a device on either the tenant or OP's network. That is the only IP the client will see. When the first router receives the clients traffic, it has to base it's forwarding/discarding decision on defined, explicit policies or internal defaults (like catch-alls). I think the DMZ is like a catch-all for things left undefined and I think configured policies have priority over the DMZ. Therefore, I'm fairly certain that if they both host something that listens on the same port, OP is going to suffer without some additional tweaking somewhere.
 
Kids-PC
(12 items)
 
White Heat
(20 items)
 
CPUMotherboardGraphicsRAM
Intel Core i5-2400 - BX80623I52400 ASUS P8P67 GIGABYTE GeForce GTX 550 Ti - GV-N550D5-1GI G.SKILL Ripjaws X + Turbulence II 
Hard DriveHard DriveOptical DriveCooling
80 GB Hitachi SATA II 500 GB Seagate SATA II LITE-ON 24X DVD Writer - iHAS224-06 CORSAIR CAFA50 
OSMonitorPowerCase
Microsoft Windows 7 Ultimate Edition 64-bit Acer G205HVbd Rosewill HIVE Series HIVE-650 NZXT Source 210 S210-001 
CPUMotherboardGraphicsRAM
Intel Core i7-4790K ASUS Maximus VII Impact EVGA GeForce GTX 980 Ti Classified G.SKILL Trident X Series F3-1600C7D-16GTX 
Hard DriveHard DriveCoolingOS
Samsung 840 EVO (OS Drive) Samsung XP941 (Storage Drive) Corsair Hydro Series Extreme Performance H100i Microsoft Windows 10 Professional 
MonitorMonitorKeyboardPower
ASUS ROG Swift PG278Q ASUS PB278Q Corsair Vengeance K70 RGB (non-trampstamp) Corsair AX860 
CaseMouseOtherOther
Corsair Graphite 380T Logitech G400 Corsair - Individually Sleeved AX 860/760 ATX 2... Individually Sleeved AX 860/760 ATX 24pin Cable... 
OtherOtherOtherOther
Xbox 360 Wireless Gaming Receiver BitFenix Spectre Pro 200mm Fan - White LED (BFF... Corsair SP120 PWM High Performance Fans Corsair AF120 Quite Edition Fan 
  hide details  
Reply
 
Kids-PC
(12 items)
 
White Heat
(20 items)
 
CPUMotherboardGraphicsRAM
Intel Core i5-2400 - BX80623I52400 ASUS P8P67 GIGABYTE GeForce GTX 550 Ti - GV-N550D5-1GI G.SKILL Ripjaws X + Turbulence II 
Hard DriveHard DriveOptical DriveCooling
80 GB Hitachi SATA II 500 GB Seagate SATA II LITE-ON 24X DVD Writer - iHAS224-06 CORSAIR CAFA50 
OSMonitorPowerCase
Microsoft Windows 7 Ultimate Edition 64-bit Acer G205HVbd Rosewill HIVE Series HIVE-650 NZXT Source 210 S210-001 
CPUMotherboardGraphicsRAM
Intel Core i7-4790K ASUS Maximus VII Impact EVGA GeForce GTX 980 Ti Classified G.SKILL Trident X Series F3-1600C7D-16GTX 
Hard DriveHard DriveCoolingOS
Samsung 840 EVO (OS Drive) Samsung XP941 (Storage Drive) Corsair Hydro Series Extreme Performance H100i Microsoft Windows 10 Professional 
MonitorMonitorKeyboardPower
ASUS ROG Swift PG278Q ASUS PB278Q Corsair Vengeance K70 RGB (non-trampstamp) Corsair AX860 
CaseMouseOtherOther
Corsair Graphite 380T Logitech G400 Corsair - Individually Sleeved AX 860/760 ATX 2... Individually Sleeved AX 860/760 ATX 24pin Cable... 
OtherOtherOtherOther
Xbox 360 Wireless Gaming Receiver BitFenix Spectre Pro 200mm Fan - White LED (BFF... Corsair SP120 PWM High Performance Fans Corsair AF120 Quite Edition Fan 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Trying to Port Forward Behind 2 Routers