What's new

DMZ and Port Forwarding issue. [SOLVED]

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Apollofirestorm

Occasional Visitor
Hello,

I have recently updated my RT-AC5300 Router to Asuswrt-Merlin version 384.15.

I am using PIA as a VPN; my external IP starts with 199.116.

The computer I am trying to add to the DMZ is wired.

These settings that I am trying to get working did work before I flashed Merlin onto the system.

I have factory reset the router and manually applied the settings again.

I did attempt to search the forums but unfortunately DMZ is too short of a search term and anything I found searching port forwarding was not useful.

I have been trying to get the DMZ or port forwarding function to work since I made that change and I am not sure what is wrong.

I am trying to forward 30924 to my computer. but no matter what I do, when I check the port on Can You See Me. it comes up as closed. I currently have the IP of my computer set int he DHCP server tab. I have that IP on the DMZ and I am forwarding that port to the IP on the Virtual Server/Port Forwarding tab. I checked the port with each step, and it did not work.

I would far prefer to put my computer on the DMZ so I don't have to configure anything to host Minecraft servers or multiplayer games as I do that a lot.

Any help would be deeply appreciated.

This is the post that resolved the issue. It turns out it was a setting in the program and not the router.

Code:
Proto Local Address Foreign Address State
TCP 127.0.0.1:30924 0.0.0.0:0 LISTENING
UDP 127.0.0.1:30924 *:*
The problem is that your program is only listening on the PC's loopback adapter (127.0.0.1) and not its LAN adapter (192.168.1.69). So this is a configuration issue with the program.
 
Last edited:
There's this in the Merlin change log:
Code:
384.12 (22-June-2019)
  - CHANGED: Inbound traffic sent to you through an OpenVPN client
             will now be dropped by default.  This can be changed
             through the new "Inbound Firewall" parameter found
             on the OpenVPN client page.  You should only change
             this to "Allow" if running a site2site tunnel with
             a trusted remote server, or if you do expect
             traffic to be forwarded to you through the tunnel.
 
I checked for that setting and turned it to "Allow" It did not change anything. I am using the PIA client on my computer though, I do not have it set up through the router. I did just test it to be sure and the Port does not forward even if the PIA client is disabled.
 
Are you sure your router's WAN IP address is public? What are the first two octets of the WAN IP address shown in the router's GUI?

Does the WAN IP address shown in the GUI match that shown at https://canyouseeme.org ?

All tests should be done with the VPN client turned off.
 
OK, I will do any remaining tests with the VPN off. Both the router and Canyouseeme have the same IP. starting with 67.186.

As an additional test I disabled both my computer and the router firewall and tested the port. It did still says closed, I re-enabled them.
 
The IP address looks good.

Are you certain there is a service actively listening on port 30924 on your PC?

Check the listening port by going to the PC's command prompt and typing:

netstat -an
 
I opened the program that should be listening on that port and now it is showing up as Listening on TCP and it is also showing up under UDP. but shouldn't it show up as open on the port scan page regardless of a program listening to it or not?

i did try https://canyouseeme.org/ with the port showing up in netstat and it is still showing closed.
 
Port forward Log.png
 
C:\Users\Me>netstat -an

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:808 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5040 0.0.0.0:0 LISTENING
TCP 0.0.0.0:7680 0.0.0.0:0 LISTENING
TCP 0.0.0.0:9001 0.0.0.0:0 LISTENING
TCP 0.0.0.0:27036 0.0.0.0:0 LISTENING
TCP 0.0.0.0:28252 0.0.0.0:0 LISTENING
TCP 0.0.0.0:39716 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING
TCP 0.0.0.0:53004 0.0.0.0:0 LISTENING
TCP 127.0.0.1:6463 0.0.0.0:0 LISTENING
TCP 127.0.0.1:27060 0.0.0.0:0 LISTENING
TCP 127.0.0.1:28385 0.0.0.0:0 LISTENING
TCP 127.0.0.1:30924 0.0.0.0:0 LISTENING
TCP 127.0.0.1:49745 0.0.0.0:0 LISTENING
TCP 127.0.0.1:49773 127.0.0.1:49774 ESTABLISHED
TCP 127.0.0.1:49774 127.0.0.1:49773 ESTABLISHED
TCP 127.0.0.1:49792 127.0.0.1:49793 ESTABLISHED
TCP 127.0.0.1:49793 127.0.0.1:49792 ESTABLISHED
TCP 127.0.0.1:49795 127.0.0.1:49796 ESTABLISHED
TCP 127.0.0.1:49796 127.0.0.1:49795 ESTABLISHED
TCP 127.0.0.1:49805 127.0.0.1:49806 ESTABLISHED
TCP 127.0.0.1:49806 127.0.0.1:49805 ESTABLISHED
TCP 127.0.0.1:52662 127.0.0.1:52663 ESTABLISHED
TCP 127.0.0.1:52663 127.0.0.1:52662 ESTABLISHED
TCP 127.0.0.1:54269 127.0.0.1:65001 ESTABLISHED
TCP 127.0.0.1:55632 127.0.0.1:55633 ESTABLISHED
TCP 127.0.0.1:55633 127.0.0.1:55632 ESTABLISHED
TCP 127.0.0.1:56858 127.0.0.1:56859 ESTABLISHED
TCP 127.0.0.1:56859 127.0.0.1:56858 ESTABLISHED
TCP 127.0.0.1:56992 127.0.0.1:56993 ESTABLISHED
TCP 127.0.0.1:56993 127.0.0.1:56992 ESTABLISHED
TCP 127.0.0.1:61021 127.0.0.1:61022 ESTABLISHED
TCP 127.0.0.1:61022 127.0.0.1:61021 ESTABLISHED
TCP 127.0.0.1:63355 127.0.0.1:63356 ESTABLISHED
TCP 127.0.0.1:63356 127.0.0.1:63355 ESTABLISHED
TCP 127.0.0.1:65001 0.0.0.0:0 LISTENING
TCP 127.0.0.1:65001 127.0.0.1:54269 ESTABLISHED
TCP 192.168.1.69:139 0.0.0.0:0 LISTENING
TCP 192.168.1.69:54277 192.168.1.155:3389 ESTABLISHED
TCP 192.168.1.69:55836 172.217.2.5:443 ESTABLISHED
TCP 192.168.1.69:55845 107.180.224.140:443 CLOSE_WAIT
TCP 192.168.1.69:55850 162.159.135.233:443 CLOSE_WAIT
TCP 192.168.1.69:55855 108.177.111.189:443 ESTABLISHED
TCP 192.168.1.69:56221 52.113.194.132:443 ESTABLISHED
TCP 192.168.1.69:56261 152.199.0.100:443 ESTABLISHED
TCP 192.168.1.69:56412 172.217.2.10:443 ESTABLISHED
TCP 192.168.1.69:56441 104.114.76.186:443 ESTABLISHED
TCP 192.168.1.69:56443 52.114.158.56:443 ESTABLISHED
TCP 192.168.1.69:56445 52.114.142.57:443 ESTABLISHED
TCP 192.168.1.69:56471 172.217.1.202:443 ESTABLISHED
TCP 192.168.1.69:56472 172.217.1.202:443 ESTABLISHED
TCP 192.168.1.69:56667 172.217.12.14:443 ESTABLISHED
TCP 192.168.1.69:56722 34.95.71.207:443 TIME_WAIT
TCP 192.168.1.69:56837 104.26.9.66:443 TIME_WAIT
TCP 192.168.1.69:56838 104.26.6.18:443 TIME_WAIT
TCP 192.168.1.69:56839 192.0.73.2:443 TIME_WAIT
TCP 192.168.1.69:56841 172.217.12.14:443 ESTABLISHED
TCP 192.168.1.69:56871 172.217.11.234:443 TIME_WAIT
TCP 192.168.1.69:56986 20.36.219.28:443 TIME_WAIT
TCP 192.168.1.69:56987 34.212.242.166:443 TIME_WAIT
TCP 192.168.1.69:56989 172.217.1.196:443 ESTABLISHED
TCP 192.168.1.69:56994 172.217.1.196:443 ESTABLISHED
TCP 192.168.1.69:56996 130.211.16.53:443 ESTABLISHED
TCP 192.168.1.69:57043 45.79.143.64:443 ESTABLISHED
TCP 192.168.1.69:57044 172.217.12.10:443 ESTABLISHED
TCP 192.168.1.69:57045 172.217.2.3:443 ESTABLISHED
TCP 192.168.1.69:57107 172.217.12.14:443 ESTABLISHED
TCP 192.168.1.69:57108 172.217.2.3:443 ESTABLISHED
TCP 192.168.1.69:57131 20.36.219.28:443 ESTABLISHED
TCP 192.168.1.69:57145 172.217.12.10:443 ESTABLISHED
TCP 192.168.1.69:57150 104.26.9.66:443 ESTABLISHED
TCP 192.168.1.69:57151 104.26.6.18:443 ESTABLISHED
TCP 192.168.1.69:57154 192.0.73.2:443 ESTABLISHED
TCP 192.168.1.69:61993 52.114.128.4:443 ESTABLISHED
TCP 192.168.1.69:61996 52.242.211.89:443 ESTABLISHED
TCP 192.168.1.69:61999 104.16.248.249:443 ESTABLISHED
TCP 192.168.1.69:62010 162.159.130.234:443 ESTABLISHED
TCP 192.168.1.69:62011 162.159.137.234:443 ESTABLISHED
TCP 192.168.1.69:62012 35.186.224.47:443 ESTABLISHED
TCP 192.168.1.69:62015 34.212.98.55:443 ESTABLISHED
TCP 192.168.1.69:62075 192.241.178.125:443 ESTABLISHED
TCP 192.168.1.69:62103 52.230.222.68:443 ESTABLISHED
TCP 192.168.1.69:62133 52.114.168.10:443 ESTABLISHED
TCP 192.168.1.69:63298 52.114.142.91:443 ESTABLISHED
TCP 192.168.1.69:63417 172.217.12.14:443 ESTABLISHED
TCP [::]:445 [::]:0 LISTENING
TCP [::]:808 [::]:0 LISTENING
TCP [::]:7680 [::]:0 LISTENING
TCP [::]:9001 [::]:0 LISTENING
TCP [::]:39716 [::]:0 LISTENING
TCP [::]:49667 [::]:0 LISTENING
TCP [::]:53004 [::]:0 LISTENING
TCP [::1]:50028 [::]:0 LISTENING
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1900 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3838 *:*
UDP 0.0.0.0:4500 *:*
UDP 0.0.0.0:5050 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5355 *:*
UDP 0.0.0.0:6771 *:*
UDP 0.0.0.0:6771 *:*
UDP 0.0.0.0:27036 *:*
UDP 0.0.0.0:28252 *:*
UDP 0.0.0.0:39716 *:*
UDP 0.0.0.0:50489 *:*
UDP 0.0.0.0:53813 *:*
UDP 0.0.0.0:55533 *:*
UDP 0.0.0.0:55649 *:*
UDP 0.0.0.0:56966 *:*
UDP 0.0.0.0:62778 *:*
UDP 0.0.0.0:62780 *:*
UDP 0.0.0.0:64970 *:*
UDP 0.0.0.0:65113 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:10010 *:*
UDP 127.0.0.1:30924 *:*
UDP 127.0.0.1:54323 *:*
UDP 127.0.0.1:56965 *:*
UDP 127.0.0.1:57781 *:*
UDP 127.0.0.1:59937 *:*
UDP 127.0.0.1:64495 *:*
UDP 192.168.1.69:137 *:*
UDP 192.168.1.69:138 *:*
UDP 192.168.1.69:1900 *:*
UDP 192.168.1.69:2177 *:*
UDP 192.168.1.69:5353 *:*
UDP 192.168.1.69:6771 *:*
UDP 192.168.1.69:50010 *:*
UDP 192.168.1.69:50024 *:*
UDP 192.168.1.69:50058 *:*
UDP 192.168.1.69:53949 *:*
UDP 192.168.1.69:56964 *:*
UDP 192.168.1.69:57780 *:*
UDP 192.168.1.69:59936 *:*
UDP 192.168.1.69:62772 *:*
UDP [::]:500 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:3838 *:*
UDP [::]:4500 *:*
UDP [::]:5353 *:*
UDP [::]:5355 *:*
UDP [::]:6771 *:*
UDP [::]:39716 *:*
UDP [::]:55534 *:*
UDP [::]:56967 *:*
UDP [::]:62779 *:*
UDP [::]:62781 *:*
UDP [::]:65113 *:*
UDP [::1]:1900 *:*
UDP [::1]:5353 *:*
UDP [::1]:56963 *:*
UDP [fe80::20fe:9b2a:970:9531%9]:6771 *:*
UDP [fe80::20fe:9b2a:970:9531%9]:62775 *:*
UDP [fe80::4820:ca0:36e0:9bae%10]:6771 *:*
UDP [fe80::4820:ca0:36e0:9bae%10]:62776 *:*
UDP [fe80::ccdf:85ab:2f02:e494%17]:1900 *:*
UDP [fe80::ccdf:85ab:2f02:e494%17]:2177 *:*
UDP [fe80::ccdf:85ab:2f02:e494%17]:6771 *:*
UDP [fe80::ccdf:85ab:2f02:e494%17]:56962 *:*
UDP [fe80::ccdf:85ab:2f02:e494%17]:62774 *:*
 
Code:
  Proto  Local Address          Foreign Address        State
  TCP    127.0.0.1:30924        0.0.0.0:0              LISTENING
  UDP    127.0.0.1:30924        *:*

The problem is that your program is only listening on the PC's loopback adapter (127.0.0.1) and not its LAN adapter (192.168.1.69). So this is a configuration issue with the program.
 
Welp, I reset the settings of the program and set them back up with that port and it worked. so thank you very much.
I do have one more question. If I set my computer in the DMZ it should allow me to use any port without forwarding it right? or am I misunderstanding what a DMZ is used for.
 
I do have one more question. If I set my computer in the DMZ it should allow me to use any port without forwarding it right? or am I misunderstanding what a DMZ is used for.
Yes that's correct. DMZ is exactly the same as port forwarding except you are forwarding "all ports" instead of individual ports.

So normally you would only forward the specific ports you want and not put the PC in the DMZ (which is the least secure option). Choose one way or the other, not both.

But rather than doing either of those things, IMHO it's usually better to have UPnP enabled on the router and let that take care of the ports automatically (most applications support UPnP). Applications that support UPnP usually also take care of opening the appropriate holes in the Windows Firewall so that you don't have to do it manually.
 
Similar threads

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top