Introduction

Port forwarding is a network configuration method that directs incoming traffic from an external network to a specific device within a private network. It uses predefined rules to map external ports to internal IP addresses and ports, ensuring consistent access to services. This approach enables reliable connectivity for applications like servers, remote access, and online services.

Procedure for Testing 

TCP - Method used SSH server 

1)In Your client machine(LAN)you should have SSH installed
2)In router 'Add service' under Advanced > Port Forwarding
3)Select Common Service as SSH service and Service Type as TCP, then enter Server IPv4 Address where ssh server is installed, port is 22 and save.
4)In yourTry ssh for lan client machine(LAN)run https service(In browser https://www.google.com) device using gateway ip address(erouter0 IP), we should able to access lan client through gateway ip using ssh service.

EX: ssh <username of lan client>@<erouter0 ip>
Password: <give lan client login password>
Able to access the Client PC5)Goto to your external network(WAN),try access ftp server of client machine(ftp -p 192.168.2.30).incoming traffic on ports 21 after seeing an outgoing packet on port 443

UDP - The Netcat (nc) command is a command-line utility for reading and writing data between two computer networks. The communication happens using either TCP or UDP

1)In router configure Trigger port 443:443 and Target port 2399:2399Advance > Port Forwarding > Add Service, Common Service as other, Service Name as Netcat and Service Type as UDP, add lan clients's Server IPv4 Address 
2)In Your client machine(LAN)you have to run :  nc -u -l 23995000
3)From external WAN machine run nc -u 192.168.2.30 23995000 (192.168.2.30 - router router uplink ip address)  
4)In your client machine(LAN)run https service(In browser  https://www.google.com)
5)Goto to your external network(WAN), access server of client machine(Try sending some packets to wan client). Able to see incoming traffic on ports 2399 after seeing an outgoing packet on port 443

1)In router configure Trigger port 443:443 and Target port 5001:5001
2)In Your client machine (LAN)you have to run:  iperf -s -B 10.0.0.106 -i 1 -p 5001 (10.0.0.106 - LAN IP)
3)From external WAN machine run  iperf -c 192.168.161.216 -p 5001 -i  1 -t 60 -B 192.168.160.173 (192.168.161.216 - router uplink ip address, 192.168.160.173 - WAN PC Ip) 
4)In your client machine (LAN)run https service (In browser https://www.google.com)
5)In the WAN PC you will be able to see the traffic and, in the LAN PC, you will be able to see the traffic summery once you stopped the step 3.

By default Port triggering will be disabled in the RPI .We can enable using two methods .One is through DM and other way is through UI

DM : 

dmcli eRT addtable Device.NAT.X_CISCO_COM_PortTriggers.Trigger.
dmcli eRT setv Device.NAT.X_CISCO_COM_PortTriggers.Trigger.1.Description string Myservice343 
dmcli eRT setv Device.NAT.X_CISCO_COM_PortTriggers.Trigger.1.TriggerProtocol string TCP
dmcli eRT setv Device.NAT.X_CISCO_COM_PortTriggers.Trigger.1.TriggerPortStart uint 8080
dmcli eRT setv Device.NAT.X_CISCO_COM_PortTriggers.Trigger.1.TriggerPortEnd uint 8090
dmcli eRT setv Device.NAT.X_CISCO_COM_PortTriggers.Trigger.1.ForwardPortStart uint 3000 
dmcli eRT setv Device.NAT.X_CISCO_COM_PortTriggers.Trigger.1.ForwardPortEnd uint 4000

5000.

WEBUI

Step 1: Login to webui, from navigation -> Advanced ->Port TriggeringForwarding. Click on Add Port TriggerForwarding.

Image Removed

Image Added

Testing Steps (TCP and UDP)

 TCP : 

 Router configure Trigger port 443:443 and Target port 21:21.

...

From External network(WAN) try to access ftp server of client machine(LAN client) using router uplink ip address(Goto terminal enter ftp -p 192.168.2.30 in WAN client),
while client machine(LAN)run https service(In browser https://www.google.com)

...

...

                    Router configure Trigger port 443:443 and Target port 2399:2399.

UDP :     

Image Added

Image Removed

In Your client machine(LAN)you have to run : nc -u -l 23995000 
From external WAN machine run nc -u 192.168.2.30 23995000, while client machine(LAN)run https service(In browser https://www.google.com)

Iperf

DM : 

dmcli eRT addtable Device.NAT.X_CISCO_COM_PortTriggers.Trigger.
dmcli eRT setv Device.NAT.X_CISCO_COM_PortTriggers.Trigger.1.Description string iperf
dmcli eRT setv Device.NAT.X_CISCO_COM_PortTriggers.Trigger.1.TriggerProtocol string TCP
dmcli eRT setv Device.NAT.X_CISCO_COM_PortTriggers.Trigger.1.TriggerPortStart uint 443
dmcli eRT setv Device.NAT.X_CISCO_COM_PortTriggers.Trigger.1.TriggerPortEnd uint 443
dmcli eRT setv Device.NAT.X_CISCO_COM_PortTriggers.Trigger.1.ForwardPortStart uint 5001 
dmcli eRT setv Device.NAT.X_CISCO_COM_PortTriggers.Trigger.1.ForwardPortEnd uint 5001

WEB GUI: 

Step 1: Login to webui, from navigation -> Advanced ->Port Triggering. Click on Add Port Trigger (Configure Trigger port as 443:443 and Target port as 5001:5001)

Image Removed

Step2: In Your client machine (LAN)you have to run: iperf -s -B 10.0.0.106 -i 1 -p 5001 (10.0.0.106 - LAN IP)

Image Removed

Step3: In the WAN machine run  iperf -c 192.168.161.216 -p 5001 -i  1 -t 60 -B 192.168.160.173 (192.168.161.216 - router uplink ip address, 192.168.160.173 - WAN PC Ip) same time in the client machine (LAN)run https service (In browser https://www.google.com)

Image Removed

Supported devices

RaspberryPi , BananaPi

References

EPIC/User Stories

...

...