What's new

Port forwarding through 2 routers

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Sachb

Senior Member

Port forwarding through 2 routers​

For years I was trying to Port forward through 2 routers. 1) Main router (Hall) 2) Second router (room) May help someone

THIS IS A SITUATION WHEN THE 2ND ROUTER IS CONNECTED TO THE FIRST ROUTER. (Via Extender, Powerline, Ethernet, etc)​


Solution:
Step 1: You need to reserve the IP address for the second router by configuring the First router.
Step 2: Use the DMZ server in the first router and let the traffic reach the second router. Once you've reserved the IP of the second router, enter that IP on the first router's DMZ menu.
Note: Make sure UPNP is enabled on both the routers, Firewall is off for Private network, and upnp is function on PC, mobile etc.

Port forwarding through 2 routers.png


Ip reservation.png



DMZ server.png


Hope this helps!!!
 
Why do you have this second router in router mode in first place?
Good question. This is done because the other modes disable some features. Access point is one mode I can use, but for some reason, I need the router in its full form so the router mode is the one I use.
 
This way you create two different networks with the second router in Double NAT. Something most people try to avoid.
 
This way you create two different networks with the second router in Double NAT. Something most people try to avoid.
But once you use the DMZ server all apps give a green flag, which means it's working. Might be a problem in a more complex setup.
 
With two different networks you have no roaming between the routers. DMZ is not necessary for port forwarding (just makes it easier), UPnP can be disabled (you can forward the ports you need only) and the firewall on the second router can stay enabled (its network will still have access to Router 1 network, but not vice versa) - different configurations depending on the use case. If you want specific router features, make the router with those features main and the other set as an access point. This is much cleaner single network configuration with extended Wi-Fi range.
 
Personally, I would stay as far away from that type of configuration as possible.

A DMZ should be a last resort in almost all scenarios. Forward the port that you actually need and keep them to a minimum.

UPnP should nevermind used unless the last resort. You are essentially giving full trust to every application and link you click on. Again, setup firewalls and port forwarding for known and necessary ports only.

Just ask any QNAP NAS user who was hit by QLocker, QLocker2 or Deadbolt about how bad this type of scenario is.

I run 3 levels or routers, and a forth for testing, and have no issues forwarding what I need with DMZ turned OFF at every level and UPnP disabled on all devices.
 
I tried Access point mode on the 2nd router & guess what, there was a 100 mbps + drop in wifi speeds. This is a drastic speed drop compared to router mode.

Access point mode

Access pointmode.jpg


Router Mode

Router mode.jpg


Conclusion Router mode is best even on the 2nd router to maximize wifi speeds and also have all the features.
 
Personally, I would stay as far away from that type of configuration as possible.

A DMZ should be a last resort in almost all scenarios. Forward the port that you actually need and keep them to a minimum.

UPnP should nevermind used unless the last resort. You are essentially giving full trust to every application and link you click on. Again, setup firewalls and port forwarding for known and necessary ports only.

Just ask any QNAP NAS user who was hit by QLocker, QLocker2 or Deadbolt about how bad this type of scenario is.

I run 3 levels or routers, and a forth for testing, and have no issues forwarding what I need with DMZ turned OFF at every level and UPnP disabled on all devices.
As long as your wifi is secured with a WPA2 + AES encryption, it doesn't matter, this is not 2006. We're in 2022 buddy.
 
Conclusion Router mode is best even on the 2nd router

Something is wrong with your testing. It's exactly the same radio and the same ports. AP mode is just wired to wireless bridge.

We're in 2022 buddy.

In theory, malicious software may use UPnP to open ports and you may get hit on WAN. Your wireless security is unrelated, buddy.
 
As long as your wifi is secured with a WPA2 + AES encryption, it doesn't matter, this is not 2006. We're in 2022 buddy.
None of that makes sense, your mixing up 'what it takes for someone to connect to my wireless network" with "what an app can open for 2 way communication on my firewall without me making config changes"
 
As long as your wifi is secured with a WPA2 + AES encryption, it doesn't matter, this is not 2006. We're in 2022 buddy.
I invite you to do a simple Google search on QLocker or Deadbolt in relation to a vulnerability in QNAP. NAS servers. You may not have one, but it is a simple example where UPNP was used to exploit a vulnerability in the operating system. The deadbolt ransomware attack took place in January of, guess what, 2022 :)

I am simply pointing out that ever since the option existed, and yes even today, it is inadvisable to run a DMZ. I'm obviously not saying it should never be done, but there are security issues that must be considered and as pointed out, it has nothing to do with WPA or AES (in the specific case with QNAP, we are talking wired devices anyway so definitely nothing to do with WiFi protocols). With these 3 ransomware attacks, all it took was a single port to be exposed providing a backdoor in through the admin console) which was either through DMZ, UPnP or forwarding the console port.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top