Reply
Highlighted
New Member
Posts: 8
Registered: ‎01-04-2016
Kudos: 1
Solutions: 1
Accepted Solution

Port forwarding and NAT

Hi all:

 

I have a NanoStation Loco M2 with the latest air OS XW.v6.1.7.32555.180523.1754.bin .

 

I have an ethernet digital display in a car park. I though the easiest way to drive it from the office would be to attach a NanoStation to the display over the Ethernet connector, and connect the NanoStation to the office WLAN in the building nearby. Ethernet and WLAN connectivity is working fine. The NanoStation can ping the digital display.

 

I am trying now to forward TCP port 5001 to TCP port 80 on the display (the display has a web interface for configuration), and the TCP port 4001 to TCP port 4001 on the display (the display accepts text over a TCP connection), from the 192.168.1.x WLAN IP address which the NanoStation gets over DHCP, to the 192.168.16.x Ethernet/LAN IP, which is statically configured.

 

I have done exactly this in the past with PicoStations without problems about a year ago. But now I cannot get it to work.

 

Before I begin troubleshooting with tcpdump etc, I have one basic question: does "port forwarding" require NAT? Or does "port forwarding" automatically use NAT for the forwarded ports?

 

The digital display needs no Internet access etc. It is just a basic TCP server that accepts incoming connections. The data is just some text. The HTTP connection will probably be more complex though, but as far as I know, it should work with NAT and/or port forwarding too. The digital display has no HTTPS to worry about.

 

Does turning NAT on and off on the NanoStation affect the "port forwarding" packets somehow? I mean, do the forwarded packets look different with and without NAT enabled?

 

Thanks in advance,

  R. Diez

 


Accepted Solutions
New Member
Posts: 8
Registered: ‎01-04-2016
Kudos: 1
Solutions: 1

Re: Port forwarding and NAT

In the meantime, I sniffed around a little further. It looks like "port forwarding" does not actually have anything to do with the "NAT" option. I looked with tshark on my Linux box, and the TCP packet source addresses are not changed. It looks rather like DNAT only. This DNAT translation seems to be automatically performed by the "port forward" feature, whether the "NAT" option is enabled or not on the NanoStation. It would be nice if you could confirm this, because I still haven't quite figured this all out yet.

This behaviour might have changed on recent airOS versions, because my setup used to work before, and not anymore. I guess the LAN clients now do require their gateway to be set to the NanoStation LAN IP address.

A route to a new subnet would require changes in the office network. The network administrator would not like that for such a simple setup.

It is not clear to me whether the bridge mode would work. The airOS manual states: "Bridge The device acts as a transparent bridge, operates
in Layer 2 (like a managed switch), and usually has only one IP address (for management purposes only)."

However, I need one IP address for the NanoStation's web interface, and another one for the display's web interface, which also uses port 80. Would that be the case in bridge mode?

Isolating the LAN has one advantage though: the display will not participate in any broadcast traffic over the office network. Network administrators tend to worry less if there are not "smart" bridges on the network.

View solution in original post


All Replies
Ubiquiti Employee
Posts: 1,286
Registered: ‎02-13-2017
Kudos: 435
Solutions: 135

Re: Port forwarding and NAT

Have you tried bridge mode?

Port forwarding is a NAT, but its not going to be required if you do not enable NAT in the first place.

If you are in router mode without NAT enabled, you don't need a port forward, you need a route to the new subnet.

Bridge mode is probably your best option here.

UBNT_Alternate_Logo.png
Ubiquiti Networks airMAX Support Team

Check out our ever-evolving Help Center for answers to many common questions!

New Member
Posts: 8
Registered: ‎01-04-2016
Kudos: 1
Solutions: 1

Re: Port forwarding and NAT

In the meantime, I sniffed around a little further. It looks like "port forwarding" does not actually have anything to do with the "NAT" option. I looked with tshark on my Linux box, and the TCP packet source addresses are not changed. It looks rather like DNAT only. This DNAT translation seems to be automatically performed by the "port forward" feature, whether the "NAT" option is enabled or not on the NanoStation. It would be nice if you could confirm this, because I still haven't quite figured this all out yet.

This behaviour might have changed on recent airOS versions, because my setup used to work before, and not anymore. I guess the LAN clients now do require their gateway to be set to the NanoStation LAN IP address.

A route to a new subnet would require changes in the office network. The network administrator would not like that for such a simple setup.

It is not clear to me whether the bridge mode would work. The airOS manual states: "Bridge The device acts as a transparent bridge, operates
in Layer 2 (like a managed switch), and usually has only one IP address (for management purposes only)."

However, I need one IP address for the NanoStation's web interface, and another one for the display's web interface, which also uses port 80. Would that be the case in bridge mode?

Isolating the LAN has one advantage though: the display will not participate in any broadcast traffic over the office network. Network administrators tend to worry less if there are not "smart" bridges on the network.
Reply