InControl Access Behind Nat


#1

I have BR1 Max Pro that I was configuring on my home network. I notice that it connects to Incontrol2 from behind my router. however, I can’t access the Remote Web Admin from Incontrol2 from behind my NAT. If I put it in the DMZ it works and I can access the device from IC2 because it gets a public IP, but it dosne’t allow from a private 192.168.1.X space. I even removed all the rules from my firewall and I still can’t access the Remote Wed Admin from my home router.

Do i need to setup port forwarding from behind a NAT?


#2

Would you please check this forum thread …


#3

@sitloongs,

I can see my device come up in Incontrol2 and give status and stats. but I cant access it via remote web manager.


#4

Make sure you have the service ports opened for the firewall in front the BR1 pro, then the IC2 Remote Webadmin should work. The forum post given previously actually include IC2 connection & Remote Webadmin requirement. Please seek help from your purchase point (local partner) if it’s still not work.


#5

@sitloongs,

I don’t even have any FW active in front of the BR1 its just being NAT to a private ip address. The device connects to InControl2 and registers. I just have issues using the remote web admin to log into the device.


#6

Never seen remote web admin not work to a device behind NAT before. I regularly manage BR1s that are behind 2 or more NAT routers absolutely fine.

Something is blocking the outbound traffic from the BR1 that goes and creates the Remote Web Admin Session on IC2. I would take a close look at the logs on your firewall appliance and see what is being blocked.


#7

Martin,

I have no FW between BR1 its just satellite modem. Is there any outbound
ports I need to look at?

Barranett Farquharson, Jr.
CTO

Cinetcomm, LLC

PO Box 571148

Las Vegas, NV 89157-1148

Office: (702) 844 2410

Mobile: (818) 210 2848

www.cinetcomm.com


#8

You said you have a router/firewall on the WAN of the BR1 and that the BR1 has a NAT IP on its WAN. The fact that it works when in the DMZ of that router suggests that router is blocking traffic.

[EDIT: Just read your response. Its a satellite modem - which is actually a router as its routing between the satellite WAN and providing you with a local private IP on the BR1.

Potentially it is blocking some outbound ports. Can you access the modem and set up a 1:1 NAT on it?]


#9

Martin,

Yes you’re correct but even when the firewall is disabled and I just have
NAT it connects but the remote web admin dosen’t work. I will try to DHCP
reserve that IP and do a 1:1 NAT to see if that fixed the problem.

Barranett Farquharson, Jr.
CTO

Cinetcomm, LLC

PO Box 571148

Las Vegas, NV 89157-1148

Office: (702) 844 2410

Mobile: (818) 210 2848

www.cinetcomm.com


#10

OK, lets see what you discover.

Remote Web admin is a two stage process, IC2 sends a request for a connection and then a adhoc VPN/Proxy is setup by the remote device to provide remote access. In both cases the source port in use by the Peplink device will be high (or at least out of the way of ‘normal’ network services).

I just did a network capture of a device as I requested remote access and source traffic from it was coming from ports 37600 and 58505. Higher range ports can sometimes be mistaken as BitTorrent traffic and so filtered by ISPs / routers.

Is there any chance your provider could be filtering upstream?


Troubleshooting Speedfusion connectivity
#11

I will follow up with them


#12

@MartinLangmaid, @sitloongs I spoke with my provider and they were blocking certain ports in M2M mode on the SIM. I asked them to change the configuration which they did and all is working well. I just have high latency over the satellite link but I’m able to log into incontrol2.

Thank you for your assistance.


#13

Hooray a Win! Good stuff.