On 28Mar2022 08:42, Cameron Simpson <cs(a)cskk.id.au> wrote:
I'm wondering if you're worrying about routing when you should
be
worrying about the port forward.
Just to follow up to my own post, here's a description of my home LAN:
public-ip-addr
NBN-modem
192.168.1.0/24
|
------+-------+------
|
192.168.1.2
fw
172.16.1.1
|
----+---------+------
|
172.16.1.6
home-server
I can ssh to my home server because the NBN modem has a public address.
The configuration required is:
NBN modem: static route to 172.16.1.0/24 via the fw addr, 192.168.1.2.
NBN modem: inbound port fwd of TCP port 22 to 172.16.1.6:22.
fw: Firewall rule permitting TCP traffic to 172.16.1.6:22 from the
public interface.
Default route for the home server if the fw internal addr.
Default route for the fw is the NBN modem internal addr.
NAT happens only on the NBN modem.
That's all.
Cheers,
Cameron Simpson <cs(a)cskk.id.au>