Hello,
I am struggling to get a specific port forwarding rule to work on my RT-AC68U. I currently have this configuration:
ISP (WAN <some public IP>) -- RT-AC68U (LAN 192.168.1.0/24) -- Cisco Catalyst 2960-S (Trunk 192.168.1.2) -- VLAN (192.168.65.0/24)
I have a LAN static route on the RT-AC68U for 192.168.65.0 (GW 192.168.1.2), which works fine to allow traffic from outside to reach the VLAN on the switch.
I am trying to configure a port forwarding rule on the RT-AC68U to permit traffic on TCP port xyz to IP 192.168.65.x, however this is not working.
I believe this could be resolved via double-NAT to VLAN 192.168.65.0 (i.e. port forward to 192.168.1.2 instead) however the Cisco 2960-S is L2 only with basic IP routing.
I would really like to avoid setting up a second router in the environment for the VLAN since it seems like port forwarding to a device on the static route network should work.
I did also reach out to Cisco and they believe that the RT-AC68U should support port forwarding to a non-connected subnet, so perhaps this is a bug?
I was wondering if perhaps there needs to be an iptables rule added to the router to permit the traffic to the VLAN subnet, but I am not too familiar with what the rule would look like, or why it would be needed if there is a port forwarding rule in place?
I am running firmware 384.5.
Any help would be greatly appreciated!
-Dan
I am struggling to get a specific port forwarding rule to work on my RT-AC68U. I currently have this configuration:
ISP (WAN <some public IP>) -- RT-AC68U (LAN 192.168.1.0/24) -- Cisco Catalyst 2960-S (Trunk 192.168.1.2) -- VLAN (192.168.65.0/24)
I have a LAN static route on the RT-AC68U for 192.168.65.0 (GW 192.168.1.2), which works fine to allow traffic from outside to reach the VLAN on the switch.
I am trying to configure a port forwarding rule on the RT-AC68U to permit traffic on TCP port xyz to IP 192.168.65.x, however this is not working.
I believe this could be resolved via double-NAT to VLAN 192.168.65.0 (i.e. port forward to 192.168.1.2 instead) however the Cisco 2960-S is L2 only with basic IP routing.
I would really like to avoid setting up a second router in the environment for the VLAN since it seems like port forwarding to a device on the static route network should work.
I did also reach out to Cisco and they believe that the RT-AC68U should support port forwarding to a non-connected subnet, so perhaps this is a bug?
I was wondering if perhaps there needs to be an iptables rule added to the router to permit the traffic to the VLAN subnet, but I am not too familiar with what the rule would look like, or why it would be needed if there is a port forwarding rule in place?
I am running firmware 384.5.
Any help would be greatly appreciated!
-Dan
Last edited:
