NAT Forwarding doesn't appear to be working
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Hi there
I'm trying to set up NAT port forwarding on a Deco M5, however, it doesn't appear to be working when connecting from an external host
My network topology is:
NBN DTD -> Deco M5 (main) -> unmanaged switch -> other devices (including one more Deco on wired connection for wifi mesh backhaul)
Of note, there is a QNAP NAS plugged into the unmanaged switch, which has a reserved IP and a wired connection to the main deco - so there is no wifi involved at all in its network path to the internet; On this NAS, there is an nginx proxy running in a docker container, which has its inbound ports (80 and 443) mapped to 34080 and 34443 on the NAS
I don't have double NAT (the NBN DTD is just a bridge), and have asked by ISP to disable CG-NAT which they've done; I have verified that the "WAN IP" reported by the Deco (via the app) is the same as what is shown by ip reporting services; The IP is dynamic, but there are some DDNS domains set up to resolve to it - however I'm doing my testing using the IP address
I've set up NAT Forwarding rules to the NAS's ip, mapping ports 80 and 443 to 34080 and 34443 respectively
When I connect to the external IP or a domain that resolves to it from the connection itself (there would be no routing to the internet), everything works and the connections hit the nginx proxy
However, when I connect from an external source (either a testing service or a 5g connection), it variously either times out or returns "connection refused"
For testing, I've also fully disabled the protection systems on the Deco (malicious content, intrusion prevention, infected devices quarantine), as well as changing QoS to standard and removing all high-priority devices I've also disabled UPNP
Is there any way I can see more detailed logs from the deco specifically around firewall activity such as blocked connections? I want to establish if the Deco is blocking (or failing to route) the traffic, or if it is a routing issue for my ISP to solve; I don't think the packets are hitting the nginx as nothing shows up in those logs (whereas I can see entries for successful local connections)
I have some screenshots but I am struggling to embed them in the editor, I'll try to edit or reply to the post
