I have an application that runs on Red Hat 9 Linux (I know it is old). From another (Windows) PC on the LAN I can run a client program that can access the application, by specifying the LAN IP address and port. The application uses 192.168.1.103 and port 5555. I can also access the server using the same IP address and port 21 through Cute FTP. By changing the IP address I can also access the application on another server (overseas).

However, I am unable to work out how to access the local server application from an external PC.

I tried to use the IP address from the internet with port 5555 and it failed to connect.

I use a wired and wireless ADSL2 router from TP-Link.

I tried to go into the Advanced Setup and under the NAT-Virtual Servers setup "direct incoming traffic from WAN (identified by protocol and external port) to internal server with private IP address on LAN side".

I did not know how to decide what protocol to use so I left it at the default TCP protocol. This also failed to connect.

On the Linux box I allowed the ports 20:22 using iptables to get the Cute FTP working from any PC on my LAN. I tried to do the same for the router IP address 192.168.1.1 and port 5555 but this also failed to make any difference.

I do not know whether I need to change stuff in Linus or the router or both.

I would appreciate any suggestions on what else I could try to get the client to access the server.

Do you have the port forwarded on your router to the server machine's IP? If not, check out www.portforward.com . May not help, but it might, too.

When you are accessing from an external PC, you will be connecting to the router, rather than directly to the server. So you will need to know the outward facing address of the router (eg go to dnswatch to find your public facing IP).

The other thing you will need to do is forward the particular port that you want from the router through to the server machine on the intranet. This will be in the router settings. It is more secure to just forward just the ports you need rather than directing all traffic to it (unless you are going to take extra care with the server).

You will be directing port 5555 on the router to port 5555 on 192.168.1.103. It is probably TCP traffic, although this depends on the server application you are running (find out if it requires UDP).

In terms of allowing incoming data, it will not be coming from address 192.168.1.1, but from the address of the external machine (even though it is coming via the router, the packet source address will be from the public ip of the client PC; the router attempts to be transparent). So if you are filtering with iptables, you are going to have to allow at least this one external address to initiate incoming packets on port 5555.

Thanks for the tips. I have tried all the combinations and permutations of the iptables and the router that I can think of.

iptables commands below
iptables -F INPUT
iptables -A INPUT -p tcp --dport 20:80 -s 192.168.1.1 -j ACCEPT
iptables -A INPUT -p tcp --dport 20:80 -s 192.168.1.100 -j ACCEPT
iptables -A INPUT -p tcp --dport 20:80 -s 124.182.xxx.xxx -j ACCEPT
iptables -A INPUT -s 0/0 -i eth0 -d 192.168.1.1 -p TCP -j ACCEPT
iptables -A INPUT -p tcp --dport 5555 -s 192.168.1.1 -j ACCEPT
iptables -A INPUT -p tcp --dport 5555 -s 192.168.1.107 -j ACCEPT
iptables -A INPUT -p tcp --dport 5555 -s 124.182.xxx.xxx -j ACCEPT
service iptables save

where xxx.xxx is the end of the public facing ip address for here.

I tried adding and deleteing various combos of the above lines.

On the router I redirected port 5555 to 192.168.1.103 for TCP and UDP and TCP/UDP.

Any other hints that i could try?