Can't port forward Ports 443 and 80 on second router /w own static public IP

2

I am a novice when it comes to networking, I have been banging my head on my desk trying to configure out this network. My theory was to have a block of public IPs to statically assign to individual routers in my network. I need more than one public IP because I need to use ports 80 and 443 for multiple servers.

Comcast provided me with a wireless gateway Cisco DPC3939B (wireless+dhcp+bridge off) which I connect two Linksys EA8300 routers to WAN statically assigning each router its own public IP from the block. Each router is connected to the same network via LAN.

Router 1 with Public IP ..***.193 is forwarding all ports correctly. Router 2 with Public IP ..194 forwards all ports except ports 80 & 443 correctly. The gateway is allocating the public IPs correctly.

I have disabled both firewalls and DHCP servers on each Linksys EA8300 router and enabled NAT on both.

How do I get Router 2 to correctly forward ports 443 and 80?

Thank you for any help on this in advance.

Network Diagram

roid

Posted 2018-05-17T02:34:12.503

Reputation: 21

Answers

1

I think your problem is that the LAN default gateway only points to a single router. NAT tables are not shared between the routers, and port forwarding is simply a manually configured NAT table entry. The traffic for a NAT table must both enter and leave on the same router to work properly.

TCP traffic coming to your server on the Router 2 .194 public address must leave on that same router so that the outbound packets get translated to the same .194 address. TCP is connection-oriented, and the connection is dependent on the IP address. If the traffic leave on Router 1, the packets will be translated to the .193 address, and the client attempting to connect with TCP to the .194 server will not recognize that the traffic is part of the connection to .194.

Ron Maupin

Posted 2018-05-17T02:34:12.503

Reputation: 3 130

Hey Ron thank your for responding to my thread! How would I go about directing the default LAN gateway to multiple routers? Is it even possible? Or would I need to get a business class router to replace Router 1 (.193) and set up one-to-one NAT or one-to-many NAT with Access Rules? Thank you again for your help. – roid – 2018-05-17T12:35:39.980

Setting up multiple default gateways doesn't solve the problem. The problem is that you hosts have no idea which from which router a packet came, and they need to send return traffic back the way it came. You could choose one server to be the .193 server with Router 1 as its default gateway, and the .194 server with Router 2 as its default gateway (or vice versa). You need to make sure that traffic on any one connection only uses the same router bidirectionally. – Ron Maupin – 2018-05-17T12:43:00.807

Tried putting Router 2 on its own network, with local ip 192.168.1.2 and set the.194 server default gateway to 192.168.1.2, but no luck. You are right still its a traffic conflict. It is reaching .194 just not being sent back to client. Firewall off, proper ports forwarded, dhcp off, static external IP, Comcast gateway, and mask look good. I may try connect server directly to Cisco gateway see if traffic is sent back from there. – roid – 2018-05-17T19:58:33.953

Asked: 2018-05-17T02:34:12.503

Viewed: 336 times

Active: 2018-05-29T19:42:47.770