DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

2710n / LAN Service / O2

  • cpcnw
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
12 Jan 2012 09:02 #70734 by cpcnw
2710n / LAN Service / O2 was created by cpcnw
Hi,

Is anyone using the Vigor 2710n on O2 in the UK and can comment here?

I am attempting to forward service ports for HTTPS [443] and SSH [22] to a Linux box behind the router.

I have a FW Filter Rule that pinholes my remote static IP and a NAT rule - but I didnt get anywhere until I
used the Open Ports facility, however I now find I can access from any IP so I seem to have got something
rather round my neck!

What I was hoping to achieve was a single port forward from my static WAN IP to a local IP on the LAN.
If anyone has a step-by-step or pointers that would be great?

Secondly - now I actuall have opened ports and access the secure Apache service I am seeing odd behaviour?

I can access the Apache root but not forward of the root and get odd messages from the browser

So to clarify ;

https://W.A.N.IP

This works and shows me the index page however ...

https://W.A.N.IP/server-manager/

Results in a browser error page ;

The website declined to show this webpage
HTTP 403
Most likely causes:
This website requires you to log in.

The URL above is the admin login page to SME Server and the same procedure is [and has always]
worked fine on many other installations of SME at other locations?

I am wondering if this is more to do with my mis-config of the Vigor OR something to do with O2
(do they actively try and block incoming services?)

Any help / pointers / advice greatly appreciated!

Please Log in or Create an account to join the conversation.

More
15 Jan 2012 18:52 #70781 by pcsupport
Replied by pcsupport on topic Re: 2710n / LAN Service / O2
Have you tried turning off the FW Filter Rule?

There shouldn't be any need for the filter rule - all you need to do is open the ports to the internal IP address.
www.pc-support.uk.com

Please Log in or Create an account to join the conversation.

  • cpcnw
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
16 Jan 2012 10:17 #70788 by cpcnw
Replied by cpcnw on topic Re: 2710n / LAN Service / O2

pcsupport wrote: Have you tried turning off the FW Filter Rule?

There shouldn't be any need for the filter rule - all you need to do is open the ports to the internal IP address.



I have always tried to increase security by specifying an individual remote IP that can match firewall rules otherwise anyone from any other IP would be able to attempt port scans / hacks etc?

Please Log in or Create an account to join the conversation.

  • cpcnw
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
18 Jan 2012 08:54 #70818 by cpcnw
Replied by cpcnw on topic Re: 2710n / LAN Service / O2

First, you may need to release port 21 from the Drayteks own use.
System Maintenance >> Management >> Management Port Setup
you may notice that User Define Ports or Default Ports are in operation

Telnet Port (Default: 23)
HTTP Port (Default: 80)
HTTPS Port (Default: 443)
FTP Port (Default: 21)
SSH Port (Default: 22)

For example, change the FTP port to 50021 then OK and reboot.
Hopefully you'll now find that your port forwarding fules function as expected.



Just found this above on the forums - suspect that this could be my problem for 22/443
but am not back on site until next week.

In this case can I switch off 'Open Ports' and stick to my NAT+FW rules for pin hole
to only my IP?

Please Log in or Create an account to join the conversation.

Moderators: Sami