How do I port forward a Linux computer?

For quite a while I tried to use port forwarding using my network. But it never works. This is what I typed when I tried to port-forward a SMB drive. The External & Internal ports 445 and 192.168.1.103 (my servers local adress). Also I used both TCP and UDP protocols.

I tried port-forwarding even work with SMB, FTP or apache servers. My router is connected to my broadband-provider's router, so its like a extender.

Can my internet provider disallow this feature? Or is port-forwarding always working.

For more context i use Mercusys AC12G router and a linux PC running Zorin OS 15. Here is a emulator of my routers environment provided by Mercusys.

So how do I port forward my linux PC?

WAN Pages of both routers:

1 - Router WAN Page

2 - Broadband Router WAN Page

3 - Broadband Router WAN Statuts Page


Solution 1:

In short:

  1. Your broadband-provider does CGNAT, so the outermost place where you'd need to do "port forwarding" is actually out of your reach. Ask your ISP about getting a 'static' IP address.

  2. Even if CGNAT were not an issue, you would still need to set up "port forwarding" on the outermost router (the Huawei) before those connections could even reach the Mercusys in the first place.

Can my internet provider disallow this feature? Or is port-forwarding always working.

See last week's discussion at: Can an ISP block port forwarding?

In short, it's not that the feature can or cannot be disabled, but rather that the router might not even receive the packets that you're telling it to forward.

The most common reason is that there's another layer of NAT beyond the router. If we're talking about an "inner" router chained off another "outer" home router, then it's that "outer" router which needs port-forwarding to be configured before the inner one can even see the inbound connections.

And if we're talking about the outermost router, then it would be NAT at the ISP's level (aka CGNAT) that causes the same problem – and they might move you back to a non-CGNAT address on request, or they might not.

In your case, it's both. There are three layers of NAT on your way ot the Internet (and so three places where port-forwarding would need to be set up) – your inner router is still set up to do routing & NAT; your outer router (being a PPPoE client) almost certainly does routing & NAT; and your ISP also performs CGNAT.

(You can easily detect CGNAT by looking at the "WAN IP Address" on the Huawei – it's from the 100.64.0.0/10 range, which is actually a private address range that ISPs use for CGNAT.)


Side topic:

My router is connected to my broadband-provider's router, so its like a extender.

The question is whether it's truly "like an extender" (i.e. a bridge aka access point), or whether it's still doing its original job of a router.

  • If the Mercusys router were indeed in bridge/extender/access point mode, then it wouldn't create a network boundary, therefore port-forwarding rules configured on it would be irrelevant. (Port-forwarding rules are only necessary where routing and NAT happen, so in your case that'd be the ISP-provided Huawei router.)

  • However, according to the emulator, your Mercusys doesn't actually have such a mode. Usually, when you chain one router off another router, it doesn't automatically start working "like an extender" – you still have a separate "inner" network and you still have firewalling and NAT between both routers' networks.

    Some routers have an explicit configuration to make it work as a bridge, but yours doesn't. In others this can still be done by not using the 'WAN' port (often known as a "LAN-to-LAN connection"), but you haven't done that either.

So if both routers independently perform NAT, you would need to set up the same port-forwarding rules on both of them. (But, ideally, it would be better to actually configure one of the routers to work like a bridge/extender so that the unnecessary NAT layer could be completely removed.)