1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

DMZ and Port Forwarding issue. [SOLVED]

Discussion in 'Other LAN and WAN' started by Apollofirestorm, Feb 25, 2020.

  1. Apollofirestorm

    Apollofirestorm Occasional Visitor

    Joined:
    Feb 25, 2020
    Messages:
    12
    Hello,

    I have recently updated my RT-AC5300 Router to Asuswrt-Merlin version 384.15.

    I am using PIA as a VPN; my external IP starts with 199.116.

    The computer I am trying to add to the DMZ is wired.

    These settings that I am trying to get working did work before I flashed Merlin onto the system.

    I have factory reset the router and manually applied the settings again.

    I did attempt to search the forums but unfortunately DMZ is too short of a search term and anything I found searching port forwarding was not useful.

    I have been trying to get the DMZ or port forwarding function to work since I made that change and I am not sure what is wrong.

    I am trying to forward 30924 to my computer. but no matter what I do, when I check the port on Can You See Me. it comes up as closed. I currently have the IP of my computer set int he DHCP server tab. I have that IP on the DMZ and I am forwarding that port to the IP on the Virtual Server/Port Forwarding tab. I checked the port with each step, and it did not work.

    I would far prefer to put my computer on the DMZ so I don't have to configure anything to host Minecraft servers or multiplayer games as I do that a lot.

    Any help would be deeply appreciated.

    This is the post that resolved the issue. It turns out it was a setting in the program and not the router.

     
    Last edited: Feb 25, 2020
  2. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    10,915
    Location:
    UK
    There's this in the Merlin change log:
    Code:
    384.12 (22-June-2019)
      - CHANGED: Inbound traffic sent to you through an OpenVPN client
                 will now be dropped by default.  This can be changed
                 through the new "Inbound Firewall" parameter found
                 on the OpenVPN client page.  You should only change
                 this to "Allow" if running a site2site tunnel with
                 a trusted remote server, or if you do expect
                 traffic to be forwarded to you through the tunnel.
     
  3. Apollofirestorm

    Apollofirestorm Occasional Visitor

    Joined:
    Feb 25, 2020
    Messages:
    12
    I checked for that setting and turned it to "Allow" It did not change anything. I am using the PIA client on my computer though, I do not have it set up through the router. I did just test it to be sure and the Port does not forward even if the PIA client is disabled.
     
  4. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    10,915
    Location:
    UK
    Are you sure your router's WAN IP address is public? What are the first two octets of the WAN IP address shown in the router's GUI?

    Does the WAN IP address shown in the GUI match that shown at https://canyouseeme.org ?

    All tests should be done with the VPN client turned off.
     
  5. Apollofirestorm

    Apollofirestorm Occasional Visitor

    Joined:
    Feb 25, 2020
    Messages:
    12
    OK, I will do any remaining tests with the VPN off. Both the router and Canyouseeme have the same IP. starting with 67.186.

    As an additional test I disabled both my computer and the router firewall and tested the port. It did still says closed, I re-enabled them.
     
  6. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    10,915
    Location:
    UK
    The IP address looks good.

    Are you certain there is a service actively listening on port 30924 on your PC?

    Check the listening port by going to the PC's command prompt and typing:

    netstat -an
     
  7. Apollofirestorm

    Apollofirestorm Occasional Visitor

    Joined:
    Feb 25, 2020
    Messages:
    12
    There is no mention of 30924 that port in the netstat.
     
  8. Apollofirestorm

    Apollofirestorm Occasional Visitor

    Joined:
    Feb 25, 2020
    Messages:
    12
    By the way. Thank you very much for helping me out.
     
  9. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    10,915
    Location:
    UK
    That'll be the problem then (you did say you were trying to forward port 30924).
     
  10. Apollofirestorm

    Apollofirestorm Occasional Visitor

    Joined:
    Feb 25, 2020
    Messages:
    12
    I opened the program that should be listening on that port and now it is showing up as Listening on TCP and it is also showing up under UDP. but shouldn't it show up as open on the port scan page regardless of a program listening to it or not?

    i did try https://canyouseeme.org/ with the port showing up in netstat and it is still showing closed.
     
  11. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    10,915
    Location:
    UK
    No. A port will only show as "open" if it can connect to a listening port.

    Turn off the firewall on the PC (not the router) and try again.
     
  12. Apollofirestorm

    Apollofirestorm Occasional Visitor

    Joined:
    Feb 25, 2020
    Messages:
    12
    I was unaware that it would not show as open.

    I disabled both public and private firewall and scanned again. it is still closed.
     
  13. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    10,915
    Location:
    UK
    Can you provide a screen shot of the router's System Log -> Port Forwarding page.
     
  14. Apollofirestorm

    Apollofirestorm Occasional Visitor

    Joined:
    Feb 25, 2020
    Messages:
    12
  15. Apollofirestorm

    Apollofirestorm Occasional Visitor

    Joined:
    Feb 25, 2020
    Messages:
    12
    The port that was set up buy UPNP is open.
     
  16. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    10,915
    Location:
    UK
    Well that's promising. Can you post the output of "netstat -an".
     
    L&LD likes this.
  17. Apollofirestorm

    Apollofirestorm Occasional Visitor

    Joined:
    Feb 25, 2020
    Messages:
    12
    C:\Users\Me>netstat -an

    Active Connections

    Proto Local Address Foreign Address State
    TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:808 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:5040 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:7680 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:9001 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:27036 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:28252 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:39716 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING
    TCP 0.0.0.0:53004 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:6463 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:27060 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:28385 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:30924 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:49745 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:49773 127.0.0.1:49774 ESTABLISHED
    TCP 127.0.0.1:49774 127.0.0.1:49773 ESTABLISHED
    TCP 127.0.0.1:49792 127.0.0.1:49793 ESTABLISHED
    TCP 127.0.0.1:49793 127.0.0.1:49792 ESTABLISHED
    TCP 127.0.0.1:49795 127.0.0.1:49796 ESTABLISHED
    TCP 127.0.0.1:49796 127.0.0.1:49795 ESTABLISHED
    TCP 127.0.0.1:49805 127.0.0.1:49806 ESTABLISHED
    TCP 127.0.0.1:49806 127.0.0.1:49805 ESTABLISHED
    TCP 127.0.0.1:52662 127.0.0.1:52663 ESTABLISHED
    TCP 127.0.0.1:52663 127.0.0.1:52662 ESTABLISHED
    TCP 127.0.0.1:54269 127.0.0.1:65001 ESTABLISHED
    TCP 127.0.0.1:55632 127.0.0.1:55633 ESTABLISHED
    TCP 127.0.0.1:55633 127.0.0.1:55632 ESTABLISHED
    TCP 127.0.0.1:56858 127.0.0.1:56859 ESTABLISHED
    TCP 127.0.0.1:56859 127.0.0.1:56858 ESTABLISHED
    TCP 127.0.0.1:56992 127.0.0.1:56993 ESTABLISHED
    TCP 127.0.0.1:56993 127.0.0.1:56992 ESTABLISHED
    TCP 127.0.0.1:61021 127.0.0.1:61022 ESTABLISHED
    TCP 127.0.0.1:61022 127.0.0.1:61021 ESTABLISHED
    TCP 127.0.0.1:63355 127.0.0.1:63356 ESTABLISHED
    TCP 127.0.0.1:63356 127.0.0.1:63355 ESTABLISHED
    TCP 127.0.0.1:65001 0.0.0.0:0 LISTENING
    TCP 127.0.0.1:65001 127.0.0.1:54269 ESTABLISHED
    TCP 192.168.1.69:139 0.0.0.0:0 LISTENING
    TCP 192.168.1.69:54277 192.168.1.155:3389 ESTABLISHED
    TCP 192.168.1.69:55836 172.217.2.5:443 ESTABLISHED
    TCP 192.168.1.69:55845 107.180.224.140:443 CLOSE_WAIT
    TCP 192.168.1.69:55850 162.159.135.233:443 CLOSE_WAIT
    TCP 192.168.1.69:55855 108.177.111.189:443 ESTABLISHED
    TCP 192.168.1.69:56221 52.113.194.132:443 ESTABLISHED
    TCP 192.168.1.69:56261 152.199.0.100:443 ESTABLISHED
    TCP 192.168.1.69:56412 172.217.2.10:443 ESTABLISHED
    TCP 192.168.1.69:56441 104.114.76.186:443 ESTABLISHED
    TCP 192.168.1.69:56443 52.114.158.56:443 ESTABLISHED
    TCP 192.168.1.69:56445 52.114.142.57:443 ESTABLISHED
    TCP 192.168.1.69:56471 172.217.1.202:443 ESTABLISHED
    TCP 192.168.1.69:56472 172.217.1.202:443 ESTABLISHED
    TCP 192.168.1.69:56667 172.217.12.14:443 ESTABLISHED
    TCP 192.168.1.69:56722 34.95.71.207:443 TIME_WAIT
    TCP 192.168.1.69:56837 104.26.9.66:443 TIME_WAIT
    TCP 192.168.1.69:56838 104.26.6.18:443 TIME_WAIT
    TCP 192.168.1.69:56839 192.0.73.2:443 TIME_WAIT
    TCP 192.168.1.69:56841 172.217.12.14:443 ESTABLISHED
    TCP 192.168.1.69:56871 172.217.11.234:443 TIME_WAIT
    TCP 192.168.1.69:56986 20.36.219.28:443 TIME_WAIT
    TCP 192.168.1.69:56987 34.212.242.166:443 TIME_WAIT
    TCP 192.168.1.69:56989 172.217.1.196:443 ESTABLISHED
    TCP 192.168.1.69:56994 172.217.1.196:443 ESTABLISHED
    TCP 192.168.1.69:56996 130.211.16.53:443 ESTABLISHED
    TCP 192.168.1.69:57043 45.79.143.64:443 ESTABLISHED
    TCP 192.168.1.69:57044 172.217.12.10:443 ESTABLISHED
    TCP 192.168.1.69:57045 172.217.2.3:443 ESTABLISHED
    TCP 192.168.1.69:57107 172.217.12.14:443 ESTABLISHED
    TCP 192.168.1.69:57108 172.217.2.3:443 ESTABLISHED
    TCP 192.168.1.69:57131 20.36.219.28:443 ESTABLISHED
    TCP 192.168.1.69:57145 172.217.12.10:443 ESTABLISHED
    TCP 192.168.1.69:57150 104.26.9.66:443 ESTABLISHED
    TCP 192.168.1.69:57151 104.26.6.18:443 ESTABLISHED
    TCP 192.168.1.69:57154 192.0.73.2:443 ESTABLISHED
    TCP 192.168.1.69:61993 52.114.128.4:443 ESTABLISHED
    TCP 192.168.1.69:61996 52.242.211.89:443 ESTABLISHED
    TCP 192.168.1.69:61999 104.16.248.249:443 ESTABLISHED
    TCP 192.168.1.69:62010 162.159.130.234:443 ESTABLISHED
    TCP 192.168.1.69:62011 162.159.137.234:443 ESTABLISHED
    TCP 192.168.1.69:62012 35.186.224.47:443 ESTABLISHED
    TCP 192.168.1.69:62015 34.212.98.55:443 ESTABLISHED
    TCP 192.168.1.69:62075 192.241.178.125:443 ESTABLISHED
    TCP 192.168.1.69:62103 52.230.222.68:443 ESTABLISHED
    TCP 192.168.1.69:62133 52.114.168.10:443 ESTABLISHED
    TCP 192.168.1.69:63298 52.114.142.91:443 ESTABLISHED
    TCP 192.168.1.69:63417 172.217.12.14:443 ESTABLISHED
    TCP [::]:445 [::]:0 LISTENING
    TCP [::]:808 [::]:0 LISTENING
    TCP [::]:7680 [::]:0 LISTENING
    TCP [::]:9001 [::]:0 LISTENING
    TCP [::]:39716 [::]:0 LISTENING
    TCP [::]:49667 [::]:0 LISTENING
    TCP [::]:53004 [::]:0 LISTENING
    TCP [::1]:50028 [::]:0 LISTENING
    UDP 0.0.0.0:500 *:*
    UDP 0.0.0.0:1900 *:*
    UDP 0.0.0.0:3702 *:*
    UDP 0.0.0.0:3702 *:*
    UDP 0.0.0.0:3838 *:*
    UDP 0.0.0.0:4500 *:*
    UDP 0.0.0.0:5050 *:*
    UDP 0.0.0.0:5353 *:*
    UDP 0.0.0.0:5355 *:*
    UDP 0.0.0.0:6771 *:*
    UDP 0.0.0.0:6771 *:*
    UDP 0.0.0.0:27036 *:*
    UDP 0.0.0.0:28252 *:*
    UDP 0.0.0.0:39716 *:*
    UDP 0.0.0.0:50489 *:*
    UDP 0.0.0.0:53813 *:*
    UDP 0.0.0.0:55533 *:*
    UDP 0.0.0.0:55649 *:*
    UDP 0.0.0.0:56966 *:*
    UDP 0.0.0.0:62778 *:*
    UDP 0.0.0.0:62780 *:*
    UDP 0.0.0.0:64970 *:*
    UDP 0.0.0.0:65113 *:*
    UDP 127.0.0.1:1900 *:*
    UDP 127.0.0.1:10010 *:*
    UDP 127.0.0.1:30924 *:*
    UDP 127.0.0.1:54323 *:*
    UDP 127.0.0.1:56965 *:*
    UDP 127.0.0.1:57781 *:*
    UDP 127.0.0.1:59937 *:*
    UDP 127.0.0.1:64495 *:*
    UDP 192.168.1.69:137 *:*
    UDP 192.168.1.69:138 *:*
    UDP 192.168.1.69:1900 *:*
    UDP 192.168.1.69:2177 *:*
    UDP 192.168.1.69:5353 *:*
    UDP 192.168.1.69:6771 *:*
    UDP 192.168.1.69:50010 *:*
    UDP 192.168.1.69:50024 *:*
    UDP 192.168.1.69:50058 *:*
    UDP 192.168.1.69:53949 *:*
    UDP 192.168.1.69:56964 *:*
    UDP 192.168.1.69:57780 *:*
    UDP 192.168.1.69:59936 *:*
    UDP 192.168.1.69:62772 *:*
    UDP [::]:500 *:*
    UDP [::]:3702 *:*
    UDP [::]:3702 *:*
    UDP [::]:3838 *:*
    UDP [::]:4500 *:*
    UDP [::]:5353 *:*
    UDP [::]:5355 *:*
    UDP [::]:6771 *:*
    UDP [::]:39716 *:*
    UDP [::]:55534 *:*
    UDP [::]:56967 *:*
    UDP [::]:62779 *:*
    UDP [::]:62781 *:*
    UDP [::]:65113 *:*
    UDP [::1]:1900 *:*
    UDP [::1]:5353 *:*
    UDP [::1]:56963 *:*
    UDP [fe80::20fe:9b2a:970:9531%9]:6771 *:*
    UDP [fe80::20fe:9b2a:970:9531%9]:62775 *:*
    UDP [fe80::4820:ca0:36e0:9bae%10]:6771 *:*
    UDP [fe80::4820:ca0:36e0:9bae%10]:62776 *:*
    UDP [fe80::ccdf:85ab:2f02:e494%17]:1900 *:*
    UDP [fe80::ccdf:85ab:2f02:e494%17]:2177 *:*
    UDP [fe80::ccdf:85ab:2f02:e494%17]:6771 *:*
    UDP [fe80::ccdf:85ab:2f02:e494%17]:56962 *:*
    UDP [fe80::ccdf:85ab:2f02:e494%17]:62774 *:*
     
  18. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    10,915
    Location:
    UK
    Code:
      Proto  Local Address          Foreign Address        State
      TCP    127.0.0.1:30924        0.0.0.0:0              LISTENING
      UDP    127.0.0.1:30924        *:*
    The problem is that your program is only listening on the PC's loopback adapter (127.0.0.1) and not its LAN adapter (192.168.1.69). So this is a configuration issue with the program.
     
    L&LD and Apollofirestorm like this.
  19. Apollofirestorm

    Apollofirestorm Occasional Visitor

    Joined:
    Feb 25, 2020
    Messages:
    12
    Welp, I reset the settings of the program and set them back up with that port and it worked. so thank you very much.
    I do have one more question. If I set my computer in the DMZ it should allow me to use any port without forwarding it right? or am I misunderstanding what a DMZ is used for.
     
    L&LD likes this.
  20. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    10,915
    Location:
    UK
    Yes that's correct. DMZ is exactly the same as port forwarding except you are forwarding "all ports" instead of individual ports.

    So normally you would only forward the specific ports you want and not put the PC in the DMZ (which is the least secure option). Choose one way or the other, not both.

    But rather than doing either of those things, IMHO it's usually better to have UPnP enabled on the router and let that take care of the ports automatically (most applications support UPnP). Applications that support UPnP usually also take care of opening the appropriate holes in the Windows Firewall so that you don't have to do it manually.
     
    L&LD and Apollofirestorm like this.