Port-Forwarding To Different Internal Port, Keeping It Simple
November 14, 2013 12:07 PM Subscribe
My old router with Tomato firmware did it very simply: there was a blank for the external port, and a blank for the internal port behind NAT, and external traffic sent to the external port gets forwarded to the internal computer on the internal port. Now, I can't seem to find any router hardware or alternative firmware that does it so simply.
Simple is what I'm looking for: I have two computers at home that I want to RDP into through my NAT router, which means I need two different ports facing the outside world; in particular, I don't want the standard RDP port open to the outside world, because an open port 3389 attracts a lot of unwanted login attempts.
The other part of 'simple' is that I know how to change a computer's RDP port -- I'm trying to not have to configure both a router and a computer, just the router.
Tomato, which is no longer being developed and doesn't support many kinds of hardware, did it right out of the box -- I can forward port 6200 to 3389 on one computer, and 4300 to port 3389 on a different computer.
So: I want to be able to pick a non-standard port facing the outside, both for security and so I can connect to more than one computer running the same service on the NATted network -- but I can't use Tomato at this time. Am I missing something about DD-WRT, or are there now routers that do this natively?
(I have several Netgear wireless routers, a couple non-wireless Linksys NAT routers, and I'm not opposed to buying a new router if some smart manufacturer is including it in their hardware -- as long as it keeps things simple).
Simple is what I'm looking for: I have two computers at home that I want to RDP into through my NAT router, which means I need two different ports facing the outside world; in particular, I don't want the standard RDP port open to the outside world, because an open port 3389 attracts a lot of unwanted login attempts.
The other part of 'simple' is that I know how to change a computer's RDP port -- I'm trying to not have to configure both a router and a computer, just the router.
Tomato, which is no longer being developed and doesn't support many kinds of hardware, did it right out of the box -- I can forward port 6200 to 3389 on one computer, and 4300 to port 3389 on a different computer.
So: I want to be able to pick a non-standard port facing the outside, both for security and so I can connect to more than one computer running the same service on the NATted network -- but I can't use Tomato at this time. Am I missing something about DD-WRT, or are there now routers that do this natively?
(I have several Netgear wireless routers, a couple non-wireless Linksys NAT routers, and I'm not opposed to buying a new router if some smart manufacturer is including it in their hardware -- as long as it keeps things simple).
If you don't want to mess with spotty support on wireless firmwares - you could install smoothwall on an old PC and use the wireless stuff as APs.
Smoothwall is varying degrees of simple and easy to use while remaining quite full featured. It's what I use at home to do what you are doing.
posted by Pogo_Fuzzybutt at 12:22 PM on November 14, 2013
Smoothwall is varying degrees of simple and easy to use while remaining quite full featured. It's what I use at home to do what you are doing.
posted by Pogo_Fuzzybutt at 12:22 PM on November 14, 2013
Response by poster: eschatfische: that looks like *exactly* what I want -- however, I checked a few Asus router's manuals, and none of the three I read say anything about this. Is there any way to tell which routers can do this -- or is this the list I'm looking for?
posted by AzraelBrown at 12:43 PM on November 14, 2013
posted by AzraelBrown at 12:43 PM on November 14, 2013
Best answer: You're going down the right path with the ASUSWRT compatibility list you linked to - I believe that any of the Asus routers that run ASUSWRT will operate in the same way as the article I linked to. The RT-AC66U (802.11ac/n) and RT-N66U (802.11n) models are generally considered best in class.
posted by eschatfische at 1:03 PM on November 14, 2013 [2 favorites]
posted by eschatfische at 1:03 PM on November 14, 2013 [2 favorites]
DD-WRT absolutely does this - I'm doing exactly what you're describing, it works perfectly, and I can't imagine it being any simpler - the port-forwarding setup page in the GUI has a line for each forwarding rule with internal IP, internal port, and external port.
Also, the crapola stock Linksys firmware I replaced with DD-WRT had the same feature.
posted by Rat Spatula at 3:57 PM on November 14, 2013
Also, the crapola stock Linksys firmware I replaced with DD-WRT had the same feature.
posted by Rat Spatula at 3:57 PM on November 14, 2013
If you want to stick with Tomato, Tomato USB was the place to look, and they now point people to LinksysInfo forums. I had good luck with the Toastman builds for awhile but it's kind of confusing. EasyTomato is excellent if you have an ASUS RT-N16 (but only that, they don't support other hardware.) The RT-N66U is another good choice to buy to run either Tomato or DD-WRT on.
posted by Nelson at 4:16 PM on November 14, 2013
posted by Nelson at 4:16 PM on November 14, 2013
You've got some great leads here. FWIW, this practice is known as "port address translation," PAT, though one usually just hears it called "port translation," and is a special case of NAT. If the above doesn't pay off, use that as your search-term.
posted by Sunburnt at 7:02 PM on November 14, 2013 [1 favorite]
posted by Sunburnt at 7:02 PM on November 14, 2013 [1 favorite]
Frankly I'm amazed to hear of the existence of routers that don't make this an easy thing to do. Even the shittiest Belkin router I've ever had the misfortune to use could do this with its shitty stock Belkin firmware.
What have you got that's making it hard?
posted by flabdablet at 8:10 PM on November 14, 2013
What have you got that's making it hard?
posted by flabdablet at 8:10 PM on November 14, 2013
Going from memory...
There are two different places to do port forwarding in the gui. One is a straight outside to inside port forward, you only set one port number. The other is where you set the outside port and then can set an alternative port on the inside (or the same port for that matter). I had trouble at one point with the GUI not displaying ports that were already forwarded. I do not remember what the fix was.
posted by jmsta at 8:39 AM on November 15, 2013
There are two different places to do port forwarding in the gui. One is a straight outside to inside port forward, you only set one port number. The other is where you set the outside port and then can set an alternative port on the inside (or the same port for that matter). I had trouble at one point with the GUI not displaying ports that were already forwarded. I do not remember what the fix was.
posted by jmsta at 8:39 AM on November 15, 2013
Response by poster: I went with a low-end Asus router, since the port forwarding was my primary need and wifi service less important (mostly employees doing personal stuff on their smartphones, don't need to encourage them), and it worked great. Thanks, eschatfische!
posted by AzraelBrown at 2:24 PM on November 20, 2013
posted by AzraelBrown at 2:24 PM on November 20, 2013
This thread is closed to new comments.
posted by eschatfische at 12:14 PM on November 14, 2013 [2 favorites]