port forwarding on newer routers does not work
Still running a 5-year-old Comcast business router. It has full support for NAT, including the ability to map the incoming port to an outgoing port for example:
<WAN IP>:22 to <LAN IP>:2222 such as:
100.100.100.100:22 to 10.0.0.5:2222
This port remapping is critical (NOT just IP alone) because ports like port 22 (SSH) are *privileged* ports. A server process cannot run on port 22 except as root, which is a security risk. On top of that on a locked-down system, privileged ports are not even accessible (except by root).
Problem is, all the newer "better: Comcast routers fail to offer an option to map the incoming port to a *different* outgoing port. In effect, the only (brain dead) option is:
<WAN IP>:22 => <LAN IP>:22 <== cannot map to different port.
I'm flummoxed. Without this capability, I cannot upgrade my aging Comcast router, or my servers will be inaccessible.