Port Forward from a Teltonika router to the server
In this example, we are going to create two port forwardings to make a device/port behind a Teltonika Router accessible via the endpoint's public IP. The first port forwarding will be created on the router, forwarding traffic from the Bondix tunnel towards the device in LAN. The second port forwarding will be created on the endpoint server, forwarding requests from it's public IP to towards the appropiate tunnel.
But first, lets make sure on the server that the tunnel in question is configured with a fixed IP, as it will make things much easier:
The IP must be part of the environment's virtual network which the tunnel used (169.254.xx.0/24 by default). In this example, we are using 169.254.20.2.
Next, go to the router's webinterface and navigate to Network > Firewall > Port Forwardings. In this example, we are going to create a port forwarding from a device in LAN towards the Bondix tunnel:
- Protocol: as required by your needs. Defaults to TCP+UDP
- Source zone: "bondix" (where the request is coming from)
- External port: The port used for the forwarding. This port used here is just intermediate and can be used freely, although it is advised to use a port number higher than 1024.
- Internal zone: "lan" (where the request should be forwarded to)
- Internal IP address: the target device
- Internal port: the target port
In the firewall general settings, make sure that Masquerading for LAN => Bondix is enabled.
You can verify that it's working by attempting a connection on the server, e.g. "curl -o /dev/null http://169.254.20.2:12345"
Finally, the second port forwarding must be set up on the server:
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 20022 -j DNAT --to 169.254.20.2:12345 iptables -A FORWARD -p tcp -d 169.254.20.2 --dport 20022 -j ACCEPT
Make sure that the following argument is correct:
- eth0 - the interface name used on your server might differ
- 20022 - this is the port that the will be used for forwarding, and will be publicly accessible.
- 169.254.20.2:12345 - the tunnel ip + intermediate port used.