Port forwarding via two routers, one repeater mode

Hi all,

I’ve two routers (gl-ax1800 and gl-sft1200). gl-ax1800 is the main router and gl-sft1200 is configured as repeater (connected via wifi to main router because it’s in different room). There is NAS behind gl-sft1200. I need to expose 8081 port in nas to be accessible from internet via port forwarding. Here is the setup

Internet ─► ISP MODEM ─► Router1(gl-ax1800, IP 192.168.8.1) ─► Router2(gl-sft1200, IP: 192.168.7.1, Repeater mode) ─► NAS(IP: 192.168.7.120)

Route2 is assigned an IP 192.168.8.157 by Router1

In Router1 (Firewalls > Port Forwards Menu):
I configured port forwarding as:
TCP/UDP | WAN |8081|192.168.8.157|8081

In Router2 (Firewalls > Port Forwards Menu):
I configured port forwarding as:
TCP/UDP | WAN |8081|192.168.7.120|8081

When I try to access <MY_PUBLIC_IP>:8081, it’s geting timeout.

Could you please give me some advice where I misconfigured? Thanks in advance.

1 Like

You may also need to forward 8081 from your ISP modem to your gl-ax1800, if you haven’t done so.

ISP modem doesnt block any ports. I know router1 port forwarding works as well because there are other rules which works in router1.

Can you test accessing 192.168.8.157:8081 and 192.168.8.1:8081 with the client device connected to the AX1800?

Is your ISP Modem using bridge mode or is the DMZ enabled for the AX1800?

Hi @yuxin.zou,
I can access to 192.168.8.157:8081 from my laptop connected to ax1800 but not to 192.168.8.1:8081

My ISP modem is in bridge mode. There is no firewall at all in isp modem.

DMZ is not enabled in ax1800.

Are there any additional services installed manually on the AX1800?
Can I successfully access it over the Internet if I change to another External Port? e.g. TCP/UDP | WAN |34567|192.168.8.157|8081

Can you check your configuration via SSH?

cat /etc/config/firewall

I removed double nat and managed to connect router2 to router1 via extender. Now router2 (ip:192.168.8.157) doesn’t have dchp, NAS is getting IP (192.168.8.244) from router1. However, still port forwarding doesn’t work.

Here is traceroute

traceroute 192.168.8.244                                                                                     
traceroute to 192.168.8.244 (192.168.8.244), 64 hops max, 52 byte packets
 1  gl-sft1200 (192.168.8.157)  11.008 ms  5.562 ms  5.590 ms
 2  nas_home (192.168.8.244)  6.941 ms  4.472 ms  5.668 ms

My firewall config is following and doesn’t forward 8082 from wan to my nas port 8081 behind router2;

TCP/UDP | WAN ANY IP | 8082 | LAN 192.168.8.157|8082
TCP/UDP | LAN SRC IP 192.168.8.157 |8082| LAN 192.168.8.244 |8081

I also tried one port forwarding like following it didnt work as well.
TCP/UDP | WAN ANY IP | 8082 | LAN 192.168.8.244|8081

As a note, there are other machines behind router1 and port forwarding works for them.

One more note, port forwarding works to NAS when I put behind router1 without using router2

Somehow router2 drop packages. I appriciate any help

finally I solved the problem with following config.
router1:
port forwarding:
TCP/UDP | WAN ANY IP | 8081 | LAN 192.168.8.157|8081

router2:
connected to router1 as repeater
enable DMZ on NAS IP (which finally allows port forwarding from router1). still safe because router1 has firewall

1 Like

Source ip on the second firewall should be any, or the ip of the first router, not the IP of the second router. Once you’ve got the second router on the same subnet, I’m not sure how it’s going to interpret WAN. I’d suggest explicitly naming 192.168.8.0/24 if you’re going that route.

Also, FWIW, I’d reconsider having your NAS be internet accessible without a VPN. Not really safe in 2023, even with a firewall on the rest of it (even if you were running an IDS/IPS, which you probably aren’t.