Home / server / Questions / 252521
In Process
Nathan Osman
Asked: 2011-03-28 18:32:52 +0800 CST

How come I can't redirect TCP ports on this wireless router?

  • 772

I am configuring a router to redirect TCP port 5900 (yes, this is for VNC) to a specific IP address on the network. Here is what I have:

enter image description here

From a local computer on the same network, I can telnet to 192.168.1.64 (port 5900) just fine. However, when trying to telnet to the machine (port 5900) using its external IP address, it doesn't work. (The connection times out.)

The router is a Gigaset SE567, if that helps.

router ip port-forwarding

1 Answers

  1. You're running into the hairpin NAT problem. The problem is the following:

    1. Your client opens a connection to [externalIP]:5900
    2. Your gateway converts the target address to [InternalIP]:5900
    3. Your server on [internalIP] sees a connection from [InternalIP-2] and sends an ACK to [InternalIP-2]
    4. Your client sees an ACK from [InternalIP-2] and not from [externalIP] like it was expecting, and drops it. No connection is ever established.

    The gateway needs to be smart enough to translate internal source addresses to itself so it can handle the correct translations. Consumer routers generally don't support this operation. The usual method is to just use the internal IP when connecting internally, or use a split DNS configuration.

    • 7