How to send a tcp packet to a device inside WLAN with a local IP from an external network?
Solution 1
It needs something else than a router
A router, both by definition and common usage, routes packets based on the indicated destination address and port, and not other factors.
Whatever tech you're using to send it, by the time a single TCP/IP packet arrives from an outside connection to the router, the router must decide what to do with that single packet, to which of the hundreds of your internal devices it should be sent - and it needs information to do that.
It cannot use the IP address information, since in your setup you'd have only a single external IP address, and that would be the address of the router - the same for all packets which you'd want to route differently.
It could use the TCP port information for that, as suggested in other answers, but it's apparently not acceptable.
It could use the packet payload, but it won't do that. The commonly used consumer wireless routers will not do inspection of each packet payload to decide their routing in whatever way. You could make a custom device or code to handle that, which would in effect be the same as "a server running inside the WLAN" which is apparently also not acceptable.
There is no other information - a router might make some decisions based on other fields in the IP packet header but those fields are either not usable at all for your needs or impractical - e.g. you might set up routing based on the source IP address and send packets with spoofed source addresses, but it would have all the same configuration problems as simply using ports for that.
Solution 2
Enter n port mappings (port forwardings) into the NAT gateway settings on the wireless router. For convenience' sake, maybe make the public ports correlate to the client's internal IP address (the host number part) plus a prefix (say, 50000).
So let's say you've got client machines on private addresses 10.0.0.2 through 10.0.0.202. Enter port mappings like this:
[wireless router public IP]:50002 -> 10.0.0.2:9999 [wireless router public IP]:50003 -> 10.0.0.3:9999 … [wireless router public IP]:50202 -> 10.0.0.202:9999
Now, in your client software, to reach each host, you always specify the public IP address of your NAT gateway (your wireless router), but you vary the port you specify based on which client you wanted to get to.
Most client software lets you specify a port, either by encoding it in the URL like http://example.com:50001/, or by specifying it as a command-line argument, often after a -p or -P option. Check the man page for your tool.
Solution 3
You have two options to accomplish your task
- Using VPN access to WiFi router - in that way your external device need to use some of vpn protocols available around (for example PPTP) in that way the device will have route to internal Wifi network, then you can connect directly to each IP.
- Using Socks - you need to find wifi router that have socks-proxy support.
The first way is more easy to be accomplish without change your application code. You can use DD-WRT or Mikrotik based Wifi routers for both options. For me Mikrotik is more easily to setup as VPN server. Here is more info about Socks implementation.
Solution 4
You can use port forwarding on your router, of course. But there are security risks associated with it.
If you are able to run OpenVPN on your devices, I suggest you create a VPN. With all your devices and your cloud/mobile also on the VPN, you can access them as if they were physically on the same network. Plus, all the communication would be encrypted.
Related videos on Youtube
14 : 27
14 : 39
11 : 47
16 : 12
34 : 29
03 : 25
03 : 20
Rifat Mahmud
Updated on September 18, 2022Comments
-
Rifat Mahmud over 1 year
I have to send a command from the internet to a device in a WLAN, which is listening to the port 9999.
The device itself is only assigned local IP.
I also have n (2-100+) number of devices with the same program (listening to port 9999).
I know all the devices' local IPs, and I know which IP to send command to.
How can I send the command from external network (cloud/mobile device) to a specific local IP through the gateway router?
I understand that it can be achieved with a server running inside the WLAN, or a dedicated gateway device. But I am interested to know if this possible with the wireless router only.
-
Francisco Tapia over 8 yearsif you provide us the Router model we can help you to archive this;) -
Rifat Mahmud over 8 yearsBut, can a single port be forwarded to multiple IPs? I have 100 or so devices in the network to forward the command to. See this: superuser.com/questions/424394/…
-
Francisco Tapia over 8 yearsno, you will need a rule for each device(im asumming you have a soho router)
-
Rifat Mahmud over 8 yearsThen it will not be feasible for me. Since, devices will keep increasing. It is an IoT use case.
-
Kryten over 8 yearsI think you're going to need to explain your use case a little more. You ask if a single port can be forwarded to multiple IPs - the answer is no, but there may be a work around using a load balancer or proxy. But we can't answer that question unless we know how your external application is supposed to choose which internal device to connect to. -
kasperd over 8 years@RifatMahmud The proper solution to your use case will be to upgrade the entire setup to IPv6. I hope the devices you are deploying already support IPv6. Anything else is going to be a workaround. -
ZaxLofful over 8 yearsPort forwarding would be the easiest option. You would just want to make sure that you filter the command at the other end so that people don't execute random code on your machine.
-
-
Rifat Mahmud over 8 yearsBut, can a single port be forwarded to multiple IPs? I have 100 or so devices in the network to forward the command to. See this: superuser.com/questions/424394/…
-
Rifat Mahmud over 8 yearsBut, can a single port be forwarded to multiple IPs? I have 100 or so devices in the network to forward the command to. See this: superuser.com/questions/424394/…
-
Francisco Tapia over 8 yearsthat i said, this is the answer EOF ;)
-
Francisco Tapia over 8 yearsthis could be the best alternative, even better than the answer right answer
-
Rifat Mahmud over 8 yearsSince there can be so many devices, It will not be feasible for me to have so many ports occupied. The organization can have other programs listening to those ports.
-
Spiff over 8 years@RifatMahmud 200 out of 65535 possible ports is less than 1% of the available ports.
-
Francisco Tapia over 8 years@RifatMahmud, if you want the right answer you should post the right question, i suggest you to edit your question because as u show us the problem this is the right answer.
-
jcbermu over 8 yearsPort forwarding is a point-to-point redirection. It won't work if you are trying to send the traffic to 2 or more devices. It will need a more sophisticated solution involving a load balancer. -
Eric Towers over 8 years@jcbermu : Does "port-forward to multicast" exist? If so, then the clients would have to demux their commands, but this could work.
-
Rifat Mahmud over 8 yearsInstead of a TCP packet, if I send a UDP packet from external source to the router, will the router broadcast the UDP payload to every device on the WLAN?
-
Admin over 8 years@RifatMahmud Nope, sorry. If it isn't associated with any recent packets that the router has seen, it'll be dropped. -
jcbermu over 8 years@EricTowers Some routers have the multicast option, but is not the usual feature that you find on every router.
-
Peteris over 8 years@RifatMahmud In general, UDP would have all the same concerns - it includes an entry port, just as TCP, and it can route either based on that port data or payload; but broadcasting doesn't require any decision making or extra information. However, as far as I know, consumer routers generally won't have a configuration option to enable broadcasting such packets to the whole internal subnet.
