lan to wan connection refused by windows firewall

Question

I have plenty of experience with LAN's and bridges however this is my first time using a WAN style setup...

here is a diagram of my network

WAN (public ip & 10.1.10.1)---COMP1 (10.1.10.2)
                           ---
                           ---LAN(10.1.10.3 & 192.168.1.1) --- COMP2 (192.168.1.2)

the WAN gateway of LAN is setup as 10.1.10.1 and the port forward rules

WAN:A -> COMP1:B
WAN:C -> LAN(10.1.10.3):D
LAN:D -> COMP2:D

from the public internet connecting to WAN(public ip):C connects me to COMP2:D

from COMP1 connecting to LAN(10.1.10.3):D connects me to COMP2:D. However netstat on COMP2 lists the connection as LOCAL(COMP2:D) REMOTE(COMP2:XYZ) when I was expecting REMOTE(COMP1:XYZ)

Yet the connection COMP2->WAN:A never works... I don't know what's wrong. What would make COMP2 think a remote connection from an external network was from itself? Shouldn't LAN see a 10.1.10.? destination address and quickly route it to the WAN gateway which should then treat it as a normal LAN local packet address?

I don't see any custom NAT rules on either router as far as I can tell.

EDIT - ADDITIONAL IP ADDRESS INFO

COMP1

• IP: 10.1.10.2
• SUBNET MASK: 255.255.255.0
• IP GATEWAY: 10.1.10.1
• DHCP SERVER: ...
• DNS SERVER: ...

COMP2

• IP: 192.168.1.2
• SUBNET MASK: 255.255.255.0
• default gateway 192.168.1.1
• dns server: 10.1.10.1

• $ ip r

  default via 192.168.1.1 dev eth0  proto static  metric 1024
  169.254.0.0/16 dev eth0  scope link  metric 1000
  192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.2
  

UPDATE

couldn't justify fiddling with network settings so instead I just moved COMP2 directly to WAN and it still didn't work... turns out it was windows firewall that wasn't working correctly, even with a port exception to allow any program to listen on port B on any network from any ip from any port... disabling windows firewall ends up being the only solution...

FIREWALL DETAILS

General

• Enabled: checked

• Action: Allow the connection

  Programs and Services

• Programs: All programs that meet the specified conditions

• Application Packages/Services: Apply to all.../Apply to all...

  Remote Computers

• Only allow connections from these computers: unchecked

• Skip the rule for connections from these computers: unchecked

  Protocols and Ports

• Protocol type: TCP

• Local port: Specific Ports: 8080

• Remote port: All Ports

  Scope

• Local Ip address: Any IP addres

• Remote IP address: Any IP address

  Advanced

• Domain profile: checked

• Private profile: checked
• Public profile: checked
• Interface types: all interface types

• edge traversal: allow edge traversal

  Local Principals

• Only allow connections from these users: unchecked

• Skip this rule for connections from these users: unchecked

  Remote Users

• Only allow connections from these users: unchecked

• Skip this rule for connections from these users: unchecked

just checked again and port 8080 only works if I disable the windows 'public' firewall, the 'private' firewall doesn't block port 8080... (note COMP2 now has the ip 10.1.10.3 because it is now connected directly to WAN like COMP1)

Answer 1

Your post is a bit difficult to understand.

First, you need to specify the services you are attempting to connect! If your COMP2->WAN:A is over a NAT'd network, and that service is something like Windows Remote Desktop, then you have to specify in your firewall settings that you will allow certain interactions such as NAT Traversal in your windows firewall settings, or the connection will be refused. If your other port forwards are working, and one of them is not, check the local firewall settings on the machine to ensure that the ports are available. See this post if you will - Windows Advanced Firewall: What does "Edge Traversal" mean?