In reply to a post by Pipexer:

Do you have a need for both the business hub and the drayrek router? it sounds as though there is unnecessary added complication in the setup.

I don't think both are being used as I thought the BT Business Hub had been replaced with the DrayTek after the service was moved from BT to Andrews and Arnold.

Edited by PCJM40 (Sun 03-Sep-23 22:03:09)

That would make sense given they are (a) different boxes and (b) different ISPs.

Sounds like the addressing was hard coded on the Honeywell gear rather than using DHCP (with static address assignments) on the router. The latter is often a more elegant / efficient / centralised way of managing this.

Something to consider next time you update the router and/or ISP changes.

Both open port and port redirect are port forwarding

only difference is open port forwards the port on certain port
say open port 80 and port 80 gets forwarded.

on port redirect you can open port 1000 and it forwards the traffic to another port say 80.

In your situation I would say OPEN the required port on the draytek unless you need to open
the same port for different internal devices then you can port redirect.

say 1 device 8080 redirect to port 80 device 1 ip
and device 2 8081 redirect to port 80 device 2 ip

you wrong here the Router always does the nat and every device shares its external dedicated ip or dynamic one (i very much doubt they have a block of ips but even the nat would direct the traffic)

port redirect and port open are port forwarding but redirect you can have different ports.

it is actually referring to both the router does care if the destination is on the router or other device it just forwards to the IP of the device required.

the fact its shown in different places on the menus is just the way the interface was shown
router destinations do take priority over external devices though.

Most people who are hosting a web page would redirect the router port so as to pass port 80/443 traffic
it is also a good procedure to change the router port for security of the router
if port 80 is externally forwarded to the router its easier to attack.

My post was correct as written and the contexts for which I qualified,
and no it is not called port forwarding if the destination IP address in the original packet is not on the router itself but the address of a host behind it.
In that case your are only opening a port for the specified destination and the router does not need to process the payload or modify the layer 3 or higher headers itself.

It is only port forwarding if NAT is required to translate the destination IP by modifying the layer 3 (network) and possibly 4 (transport) header prior to onward delivery.

I gave an example for my Wireguard setup where it is not port forwarding because it is IPv6
which is functionally analogous in IPv4 to having a public subnet routed to you for a network setup behind your own router,
but still governed by the default block from external firewall policy.

It was an attempt to describe the terms more precisely in case users need to work with a real router / firewall platform beyond how most SOHO boxes use or misuse the terminology.

Edited by prlzx (Mon 04-Sep-23 21:18:54)

In computer networking, port forwarding or port mapping is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall. This technique is most commonly used to make services on a host residing on a protected or masqueraded (internal) network available to hosts on the opposite side of the gateway (external network), by remapping the destination IP address and port number of the communication to an internal host.[1][2]

What makes this worse is that consumer routers will open the ports automatically for a port forward and AFAIK not all of them will even give you access to opening ports, nor will they tell you what was opened for NAT on the ones that do, in order to make sure users do not break the configuration. Networking is so dumbed down for people with zero knowledge that some people don't even know the difference between broadband and WiFi, its a bit of security nightmare to be honest.

Its taken many years with pfSense for me to get my head around how all this fits together given while it too automatically adds the rule, you get to see and modify it should you need something different.

For example, in my case I have a geoblock whitelist on my port forward so only UK/US traffic gets past the firewall, blocks almost all hack attempts hitting my home server as they tend to come from other countries where I do not need the server accessible from anyway.

I'd never touch a consumer router again now as once you get your head around this stuff its so much more flexible, and my networking knowledge is still fairly basic, though I think its fair to say well above average.

Edited by alexatkin (Tue 05-Sep-23 07:26:59)

Respectfully whilst this is fascinating it’s a bit like telling @prlzx how to suck eggs. 😅

The issue has been resolved, it wasn’t one of port forwarding (or whatever combination thereof anyway) so this discussion is all a bit well pointless and after the fact.