There is a device behind the router, say 192.168.0.2, and ssh enabled on port 22. Gw address specified as 192.168.0.1 in the route table.
And there is a router, 192.168.0.1
I'm creating a port forward rule to access the device from wan.
source - port - destination - port
0 - 22 - 192.168.0.2 - 22
So, anyone coming from wan on port 22, can access the device.
However, when I remove the gw address (192.168.0.1) from the route table of the device, then port forward is not working anymore.
What I don't understand is here;
- In local network router and the device can reach each other. If there is an ssh client app in the router, I can connect to the device whether there is a gateway is set in the device or not. So, local network is working on ETH0 interface of the router.
- Port forward should route all my packages coming from WAN interface on specific port to the specific port of specific IP which resides behind the LAN interface.
- Request is coming from the WAN, which means communication is started by a remote device. And in this case, local device should has nothing to do with the gateway address, because it just responding a request which is coming from the LAN interface of the gw.
- When the device sends the response, the router should send it to the remote client.
In this case, I don't see the necessity of entering the gw address to the device.
At which point am I mistaken?
Best Answer
Port forwarding change the destination IP address, but leave the source IP address unchanged.
When your internal SSH machine reply to the original sender, it takes the source IP address of the packet it received and set this address as the destination IP address of its reply.
Without a gateway it doesn't know where to send the reply and so the communication fail.