09-17-2023 11:22 PM
I am running a home lab, I require a specific port open or forwarding. The way I got it to work previously, was by enabling port forwarding on the ISP router to ------> AP (WiFiPro) ------------> VM - However, this setup created double nat latency with some other applications and services in the network.
My question is as follows:
I need this particular VM to be able to be reached on a specific port through my public IP from clients sending packets inbound to my server. Can this be performed with the ISP router being on bridge, and connecting the Google Wifi Network to that port? Therefore eliminating double NAT?
If the answer is NO, is there a work around? Are there ways to open ports within the WiFI Pro Firewall?
Thanks
09-18-2023 08:09 AM
Hello @ravengus
If you can put your ISP router+modem in bridge mode, the Nest WiFi Pro unit's WAN port will have your public IP address. So, it will be the only thing you need to configure for port forwarding (and you will need to do that). The ISP router+modem will be acting like a pure modem, and not a firewall. So, no port forwarding will be required there. Just make sure your Nest WiFi Pro is the only thing connected to your ISP router+modem when you do that.
09-18-2023 10:56 AM
First of all thank you for your reply. I have done this, and Wifi Pro didn't let me create the opening port rule linked to the private IP within the mesh for some reason. Then I proceeded to enable a DMZ with the router and have WiFi Pro be the only device connected to the router and connected through the WAN port, and WiFi Pro will still not let me create the port rule. Am I doing something wrong? I understand that in this case traffic is open to the Internet, WiFi pro acts as the firewall, so technically there is no forwarding to do, but I am still in need of opening a specific port (not common) for this service in the server to work.
Thank you for your time,
09-18-2023 11:25 AM
You can definitely port forward through two layers of NAT router+firewall as long as you get all of the IP addresses right at each layer. But, it sounds like the port forwarding through the Nest WiFi Pro isn't working. I've seen reports of people having trouble with that in the past. For a start, you'll need to make sure the internal host has a reserved IP address assigned by the Nest WiFi Pro using DHCP. If it has a static IP address, Nest WiFi Pro may not be "aware" of it to set up the port forward. Also, you mentioned it's a VM. That can be particularly tricky, depending on how the networking is set up on the machine hosting the VM. You might have to set that machine up as a NAT firewall for the internal VMs as well, and then configure port forwarding in the Nest WiFi layer to point to the physical machine hosting the VM, and configure the VM networking to do the last layer of port forwarding.
09-18-2023 12:05 PM
Michael, thank you again for your swift reply. I have reserved the IP and set to static on that particular VM. Everything is wired physically to the main WiFi Pro Router via an unmanaged switch. Verified there is ping connectivity between all points including VM. WiFi Pro won't let me create the Port Foward Rule, (At least from the iOS App, haven't tried it from a google device. It would be beneficial to have a native dashboard within Chrome or sorts to manage more in deep the capabilities of the system)
09-18-2023 12:27 PM
You can't use a static IP address assignment. The VM needs to get its IP address assigned dynamically (via DHCP) by the Nest WiFi Pro router. It will always get the same IP address assignment since you will also set up an IP address reservation using the Google Home app. Once that reservation exists, you should be able to set up a port forward in the Google Home app.
Google/Nest WiFi are managed via Google-hosted services. The Google Home app talks to this back end, and the Google/Nest WiFi units also talk to this back end. The app and the Google/Nest WiFi units don't talk directly to each other under normal conditions. There's no web-based management interface.
09-18-2023 01:11 PM
I understand. Just wanted to create clarity. When I state the VM has a static IP, I mean it has reached the correct subnet that is managed by WiFi Pro, as it shows as one of the active devices in the network, then I have proceeded to create a reservation for that VM - via the Google Home app. Unfortunately, the rule is still not being able to be created. This was working a few months, ago when I launched a similar deployment. I am wondering if this is a KI with the current version of the app? Should I try to create the rule from an Android device?
09-18-2023 05:02 PM
So leaving this for reference. There seems to be an issue with cached versions of the app in between platforms. I was not able to add the port rule on my iOS device, but I tried enabling the same rule on the same VM with the same ports on an android device and that seemed to work. I noticed the previous rule was populating in that version of the app, but not in my iOS which was preventing me to add the rule. I ended up deleting the previous rule from the android device, and then re-add it and that did the trick. This can be closed, but I hope people running in the same issue can take a look.