Can't do a basic port forward
-
I'm just reading my ISP uses CGNAT by default, I'm still reading, but I wonder if that could be the issue.
-
It's because somehow you have another router there, with that 121.x.x.x, in which you should configure that port forward as well.
Could that be the ISP modem? If that is the case, have you tried to configure it in bridge mode?
In case you can't, try to access it and setup the port forward there as well -
@Glaz0n4 Yes, that is the problem, CGNAT sucks
-
Ah sweet, thanks :)
Apparently you can get them to disable it.
I wonder if it's cost cutting or something, they are actually a really good ISP.
My 'regular' wifi/router device worked fine.
Thanks for your help again, really appreciate the fast response.
-
@Glaz0n4 You are welcome :)
-
If your ISP get you a good IPv6, you can try to build a VPN Tunnel, and then you can route your private IPv4 through it.
-
@Glaz0n4
you mention this in your description
"I know using a VPN is a better way to do this, however I just want to get this working first."The RDP is no longer explicitly recommended, just an example:
https://www.welivesecurity.com/2019/12/17/bluekeep-time-disconnect-rdp-internet/
-
Thanks for the heads up.
I got this working earlier today and could connect over 3389 directly. I then deleted the rule. I plan on doing this via a VPN and will set that up when I have some time. Open VPN seems a good way to do this. I'm about to start a job in security, so bought this device to learn more about networking and security. So it'll be a fun learning experiment!
-
OpenVPN is a completely good choice.
https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/openvpn-remote-access-server.html
https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/using-the-openvpn-client-export-package.htmlin the meantime, these can also be good temporarily:
https://www.teamviewer.com/ -free version
https://anydesk.com/en -free version@Glaz0n4
So it'll be a fun learning experiment!
-
Hello!
I have similar problems with CGNAT at a couple of sites, but am able to get by with them running the client side of a site to site openvpn connection. This might not always be possible, so I was looking for other solutions.
I noticed that pfsense has a tinc package. It might be worthwhile looking into that and a MITM VPS as a way to address the CGNAT and secure remote admin issues.
Something like this :
https://ideaman924.com/2020/02/10/using-tinc-to-get-around-double-nat/
John
-
I was able to be removed from cgnat at no cost, so went that way :)
