I’ve been running NextcloudPi for about several months and all has been going well.
I recently decided to flash OpenWRT on my Acher C7 router and have some questions about configuring the Port Forwarding as there are many more options than on the stock TP-Link firmware.
I have two internal IP addresses: one for the WiFi connected and one for the wired Ethernet connection.
Should I add a Port Forwarding rule for both of these or just one?
And should I add both ports 80 and 443 to both of these?
In other words, how many port forwarding rules should I have for my two internal IP addresses and ports 80 and 443?
What is Port Forwarding? Before answering that, understand basics of what is NAT (Network Address Translation).
You have a Public IP address, suppose 1.2.3.4
Now you have 10 devices of yours to connect to Internet. Since IP address can only be unique per device, so your router use NAT to break down that public IP connection to local LAN IP. Suppose 192.168.1.100 / 101 / 102 and so on. These internal LAN IPs and their devices are not visible from public internet. They can talk out but cant listen in.
There are 0 to 65,535 number of ports on each IP. So you public IP port 80 and 443 needs to be forwarded nextcloud server internal LAN IP. Each port can only be forwarded to one internal IP.
So anyone from Public Network trying to access port 80 or 443 of your public ip would be forwarded to your Nextcloud server internal IP by your router.
Thanks! Maybe I should add a bit of clarification. The Archer C7 UI only permitted one entry for each port (as far as I recall; I’ve now replaced the firmware). So configuration was pretty straightforward.
With OpenWRT there are many more options, and I can assign say, port 443 to both IP addresses: 1.2.3.4 and 1.2.3.5. And I can do the same with port 80.
I’m just wondering what the advantages/disadvantages of doing so would be.
Both IP addresses go to the same device, so I’m only using one, I’d use the one assigned to the wired connection. But maybe there is an advantage to using both?
Likewise with ports 80 and 443. I can reach my Nextcloud from outside my home network with only 443 set. So why also set 80? I’m guessing there’s a good reason it’s recommended, but it’s not clear to me what that is.
The table below shows the various port forwarding combinations I could configure. I’m uncertain what the minimum is that ensures functionality while limiting exposure to security risk.
TP-Link C7 has an option called Virtual Server under advance tab of Nat Fordwarding.
You need two entries here. Regardless of Wired or Wireless. One for Port 80 and another for port 443. In both cases, that entry should be for your Nextcloud Server IP. Once again, regardless of WiFi or Wired client.
The TP-Link router only accepts assignment for each port, whereas the OpenWRT firmware accepts multiple. I’m wondering if there is an advantage to assigning both the WiFi and Ethernet IP address to both ports 80 and 443, so four total assignments.
I think I’m just going to keep it simple. My NextcloudPi UI gives the wired IP address as the IP address, so I’ll just use that one and add both ports 443 and 80 to it.
