Custom service forwarding explanation

Hello experts,
What is general idea of this functionality?

I am trying to reverse engineer one configuration which I think is wrong but I am not sure.

Devices in question are AV automation server on one VLAN and home automation server (lights etc.) on another VLAN. AV server should send commands to smart-home server for lights and blinds and currently is not working.
Both VLAN are configured to have inter vlan routing and I confirm that routing is working fine.
Somebody setup custom service forwarding:
from: Any network, port 502 - To “IP address of smart-home server” again on port 502

So my question is: is there any sense to forward from one port to same port on different VLAN when inter vlan routing is working fine?

thanks
King regards

Custom service forwarding looks at all traffic leaving a VLAN for a specific port number. When it sees traffic leaving on that port it rewrites the IP header to change the IP and port to the ones you specify in the rule.

The standard DNS service forwarder is a good example. If the router sees any device trying to request DNS queries (on port 53) from any IP other than the local LAN IP of the router, it redirects those requests to the local DNS proxy. This helps reduce undesired DNS results from external DNS services.

In your case then, any LAN device (likely a PLC in your case) that sends a Modbus message (on port 502) to any IP other than the one entered in the custom forward rule will get its traffic redirected to that IP on port 502.

I suspect that it was likely put in place to help those those devices on a LAN segment that send a message to the broadcast IP get that message out of their subnet and forward it to the main controller / server. However I doubt that will work as its only traffic that leaves the VLAN that is forwarded and internal broadcast traffic by design does not not leave…

One limitation of Peplink VLANs is that apart from Apple Bonjour, there is no way to get multi-cast traffic to pass between VLANs (because it really shouldn’t be needed) but alas, lots of home automation / iot / audio systems are not multi-VLAN aware and so this would be desired.

3 Likes

This clears a lot of things for me. And now it does make sense.

Now I am just curious. Can we use Custom service forwarding for multi-cast forwarding? Of course we would need to know specific port and device IP address.
I am thinking about SONOS products witch uses multi-cast for connecting App with device.

Actually I don’t think so, as I think it only affects traffic that is routed through via the LAN IP of the router. Broadcast traffic is not routed of course.

1 Like