What's new

From Superb to Merlin Port Triggering

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Graeme

Occasional Visitor
Hi,

Could anyone help me how to set up the Merlin ports to allow the port range 5060 with UDP. This is for SignVideo interpreter service for the deaf. How do i know which for Incoming Port, is that for Target Range?

Enter the details as following:
Rule Name: SignVideo

Trigger Range
Start Port: 5020 End Port: 5067

Target Range
Start Port: 5020 End Port: 5067

Protocol
Protocol UDP (Please note, some customers prefer to have both TCP & UDP)

Click Add Rule then Click Apply.

Exit the SuperHub router by closing the tab in the web browser (or click Sign Out) and then please restart the Router.
 

Attachments

  • VirginMedia Hub 2.0 V2.pdf
    486.9 KB · Views: 322
Is that the correct setting? Have uploaded the screenshot.
 

Attachments

  • Screen Shot 2017-07-06 at 10.34.53.png
    Screen Shot 2017-07-06 at 10.34.53.png
    222.8 KB · Views: 422
@Graeme Do you actually need to set up any port triggering? I have my superhub in modem mode and when I run the "SignVideo Health Checker" it looks like it's working without any changes to the router.

Code:
Starting connection tests [2017-07-06 17:53:10] ...

Testing visio4.visioassistance.net | 87.98.205.4 | SIP (5060 TCP)... SUCCESS
Testing visio4.visioassistance.net | 87.98.205.4 | SIP (5066 TCP)... SUCCESS
Testing visio4.visioassistance.net | 87.98.205.4 | SIP (5060 UDP)... SUCCESS
Testing visio4.visioassistance.net | 87.98.205.4 | SIP (5066 UDP)... SUCCESS
Testing visio4.visioassistance.net | 87.98.205.4 | TLS (5061 TCP)... SUCCESS
Testing visio4.visioassistance.net | 87.98.205.4 | TLS (5067 TCP)... SUCCESS
Testing visio4.visioassistance.net | 87.98.205.4 | RTP (13191 UDP)... SUCCESS

Testing visio4b.visioassistance.net | 87.98.205.24 | SIP (5066 TCP)... FAILURE
Testing visio4b.visioassistance.net | 87.98.205.24 | SIP (5066 UDP)... SUCCESS
Testing visio4b.visioassistance.net | 87.98.205.24 | TLS (5061 TCP)... FAILURE
Testing visio4b.visioassistance.net | 87.98.205.24 | TLS (5067 TCP)... FAILURE
Testing visio4b.visioassistance.net | 87.98.205.24 | RTP (13191 UDP)... SUCCESS

Testing visio3.visioassistance.net | 212.129.18.151 | SIP (5060 TCP)... SUCCESS
Testing visio3.visioassistance.net | 212.129.18.151 | SIP (5066 TCP)... SUCCESS
Testing visio3.visioassistance.net | 212.129.18.151 | SIP (5060 UDP)... SUCCESS
Testing visio3.visioassistance.net | 212.129.18.151 | SIP (5066 UDP)... SUCCESS
Testing visio3.visioassistance.net | 212.129.18.151 | TLS (5061 TCP)... SUCCESS
Testing visio3.visioassistance.net | 212.129.18.151 | TLS (5067 TCP)... SUCCESS
Testing visio3.visioassistance.net | 212.129.18.151 | RTP (13191 UDP)... SUCCESS

Testing sv2b.visioassistance.net | 185.36.25.254 | RTP (13191 UDP)... SUCCESS
Testing sv2b.visioassistance.net | 185.36.25.254 | HTTP (80 TCP)... SUCCESS

Testing vm.visioassistance.net | 212.83.152.250 | RTP (13191 UDP)... SUCCESS

Testing provisioning.ives.fr | 212.129.27.22 | HTTP (80 TCP)... SUCCESS

Testing time.nist.gov | 128.138.141.172 | NTP (123 UDP)... SUCCESS

Connection tests completed

The reason I ask is because the port triggering appears to be different on the Asus. It looks like you can only trigger on an individual port rather than a range (although that might be a bug).
 
The problem is that the Health Checker is only for PC and I only got iMac. I heard that SuperHub 3 is ok and the Hub 2ac, which I got that need to do the setting from the advice of the SignVideo IT team. They are a small team and don't have any knowledge about the Asus router unfortunately. The reason why I want to fix this because the video quality is poor on 2oomb speed, should be very clear. What Hub are you using?
 
I have to SuperHub 2, not the 2AC. But it is Modem Mode so all of its "router" functionality is disabled and being handled by my Asus router. I'm assuming based on your other posts that your SuperHub is also in Modem Mode. Is that correct?

You say the video quality is poor. Do you only have problems with this software or do you also have problems with other video streaming sites like YouTube, Netflix, Amazon Prime? If so have you done a speed test to confirm that your internet connection is working at the correct speed? Virgin Media is notorious for not being able to deliver the speeds they advertise.

In the mean time I'll investigate the port triggering a bit more and get back to you.

P.S. Do you only use this software from one computer (your iMac) or more than one? If you only ever use the one computer then we can setup port forwarding rather than port triggering which might be easier.
 
Last edited:
OK, thanks for confirming that. It's best to eliminate other factors first.;)

Did you see my updated question?
P.S. Do you only use this software from one computer (your iMac) or more than one? If you only ever use the one computer then we can setup port forwarding rather than port triggering which might be easier.
 
I'm only using one computer at the moment, so I'm plan to get the new iPad Pro sometime next month and would that still be a problem changing over to port triggering from port forwarding?
 
..would that still be a problem changing over to port triggering from port forwarding?
Only if we can't get port triggering to work. :eek:


@john9527 Is this a bug?

On the port triggering screen, if I enter the following:
Untitled.png

it generates this rule:
Code:
-A triggers -p tcp -m tcp --dport 5000:5050 -j TRIGGER--trigger-proto tcp --trigger-match 5000-5000 --trigger-relate 6000-6000

Is that correct??? :confused: or is the syntax more cryptic than it appears? Notice the missing space after TRIGGER and the incorrect port numbers.

I'm guessing it should be:
Code:
-A triggers -p tcp -m tcp --dport 5000:5050 -j TRIGGER --trigger-proto tcp --trigger-match 6000-6060 --trigger-relate 6060-6060
http://www.elbeno.com/openwrt/openwrt_porttrigger.html
https://www.snbforums.com/threads/asuswrt-merlin-378-56_2-port-triggering-broken.28132/
 
Last edited:
Is that correct??? :confused: or is the syntax more cryptic than it appears? Notice the missing space after TRIGGER and the incorrect port numbers.
There are two things going on.....
First, iptables-save (or iptables -S) has known trouble formatting the trigger rules. Look at /tmp/filter_rules to see the actual rule being generated by the code.
Second...there is such a lack of documentation on the TRIGGER chain, I'm not sure if trigger-match is to the incoming port or is matching against the outgoing port? That sequence hasn't been touched forever, and is currently set for trigger match to the trigger port in both my fork and the latest Merlin/ASUS.
 
Thanks @john9527 that was most enlightening. :)

Now that I can see the rules generated and can confirm them using iptables -nL I can definitely call Bug! on this one. :eek:

Using the example in post #9 the /tmp/filter_rules has the following:
Code:
-A triggers -p tcp -m tcp --dport 5000:5050 -j TRIGGER --trigger-type out --trigger-proto tcp --trigger-match 5000:5050 --trigger-relate 6000:6060

Spot the mistakes?;) 5000:5050 and 6000:6060 (for the TRIGGER parameters, not --dport) should be 5000-5050 and 6000-6060.

As it stands the :5050 and :6060 are being ignored resulting in this rule instead:
Code:
tcp dpts:5000:5050 TRIGGER type:out tcp match:5000 relate:6000

So it only opens the first port in the range. If I manually insert to rule using the correct syntax it works as expected (confirmed using GRC ShieldsUP).

:):):)

EDIT: Regarding --trigger-match it doesn't seem to matter what port or range you put in there. :confused: I tried it with various values (including completely unrelated) and it always opened the ports when there was a match on --dport

EDIT 2: So going back to the output of iptables-save, I can see that it was actually almost correct apart from where there is that missing space after TRIGGER when it should have " --trigger-type out " (tested/confirmed by manually inserting the rules with the correct syntax). But at least the port numbers were sane.
 
Last edited:
Now that I can see the rules generated and can confirm them using iptables -nL I can definitely call Bug! on this one. :eek:
Must be something in the air....this is the second 'been there forever' problem that has been discovered this month.

I've verified your results and am compiling a fix to test now. Nice detective work!
 
Must be something in the air....this is the second 'been there forever' problem that has been discovered this month.

I've verified your results and am compiling a fix to test now. Nice detective work!

Send me the patch once done, and I'll merge it on my end

Always nice seeing such old issues be uncovered and resolved!
 
@ColinTaylor
Fix done. Also took the opportunity to fix iptables-save for the TRIGGER chain.
Code:
admin@RT-AC68P-EC58:/tmp/home/root# iptables -nL | grep 5050
TRIGGER    tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpts:5000:5050 TRIGGER type:out tcp match:5000-5050 relate:6000-6050
admin@RT-AC68P-EC58:/tmp/home/root# iptables -S | grep 5050
-A triggers -p tcp -m tcp --dport 5000:5050 -j TRIGGER --trigger-type out --trigger-proto tcp --trigger-match 5000-5050 --trigger-relate 6000-6050
 
Thanks @john9527 that's excellent news. And you fixed iptables-save as well, impressive! :)

It makes me wonder how many people actually use this stuff. Or more to the point, think they are using it and believing it's fixed their issue, when it's really just a placebo.

Anyway, I believe the OP is using Merlin's current release so he'll have to wait for the fixes to go through the system.


@Graeme If you've been following this you'll realise that there's currently an issue with Port Triggering. But nevermind, while we're waiting for the fix to be released we can setup Port Forwarding instead.

The first thing you need to do is reserve a fixed IP address for your iMac. To do this go to LAN > DHCP Server and set Enable Manual Assignment to Yes. Then in the list below select the MAC address of your iMac from the drop-down. Change the IP address if you want to something like 192.168.1.100 (or you can leave it at its current value). It doesn't matter what address you choose so long as it is between the IP Pool starting and ending addresses. Hit the + button to add it to the list. Then hit Apply.

Now it's probably best to reboot the router. After the router comes back up, shutdown the iMac completely (not standby or sleep) and then power it back on. The iMac should now be using it's reserved IP address. Phew.

Now we can setup the Port Forwarding. Go to WAN > Virtual Server / Port Forwarding and set Enable Port Forwarding to Yes. Then add the following line to the list by using the + button. Then Apply.

Untitled.png


That's it. The router will now forward those ports to your iMac (192.168.1.100).

Now you can test SignVideo to see if this has fixed your problem. :)
 
It makes me wonder how many people actually use this stuff.

Very few people use port triggering. Personally, I only ever used it for IRC's identd daemon, and even then I no longer really bother with it since I use an IRC bouncer anyway.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top