Menu
What's new
By:
Filters Better Search

Port forwarding broken with HW NAT acceleration

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

S

sanbop

New Around Here
After upgrading to 386.1_2 (from a version that was at least a year old) port forwarding (on some non-standard ports, not sure if that matters) broke, until I disabled HW NAT acceleration (i.e. set it to “Disable” from “Auto”).

The way it broke was that I could make the TCP connection (from outside my home network) to that port, but then the client would just hang there and then time out eventually. Interestingly if I did a manual test (e.g. using telnet to the same port) and then I “nudged” it - e.g. pressed enter to send something - the other side seemed to come alive (i.e. the protocol-specific version version number was returned by the service behind the ASUS router). For now I just disabled HW NAT acceleration and moved on, but I figured this might be something worth looking into (or could help others facing the same issue).
  • Router: ASUS RT-AC1900
  • Firmware: 386.1_2 (RT-AC68U firmware)
  • WAN connection: Using PPPoE
 
I had this same issue and can confirm Disabling HW NAT Acceleration fixes the port forwarding issue. Seems to be a bug in this newer firmware.

Edit: Adding that my Device that is having this issue is a RT-AC3100.
 
Last edited:
Same thing here on my RT-AC3100, static IP WAN. I didn't really notice the hanging until I updated from Merlin 386.2_2 to Merlin 386.2_6 though, but I had also just changed some port forwarding rules due to adding another server to the LAN to handle some services that my older NAS was handling. I just now disabled NAT Acceleration and it seems to be working much better so far.
 
Last edited:
I'd like to confirm I have the issue as well on my RT-AC3100. In my case, it's affecting standard ports (HTTP and RDP). I am concerned how turning off the NAT acceleration might affect performance since I do have a fiber connection.

Do we have any idea where the bug lies, or if Merlin is able to fix it? Or is it something he'd have to wait on Asus to fix. I'm debating whether to roll back to earlier firmware.
 
I ended up submitting a report on GitHub, and based on our conversation, it's a bug outside of Merlin's control. I guess we can only hope that the appropriate party can or will fix it.

github.com

Port forwarding not working properly with NAT acceleration enabled · Issue #773 · RMerl/asuswrt-merlin.ng

Describe the bug When NAT acceleration is enabled, some of the port forwarding will not work. It seems to be random which ports are affected for each user. In my case, it is ports 80 and 3389. Disa...
github.com github.com

Based on our conversation, he recommended installing the stock firmware and confirming the issue was there as well (it was). He then recommended using the feedback form at the bottom of the WebUI to make Asus aware of the issue. I strongly encourage everyone here to do that as well, as the more users who bring it up, the more likely they are to care.
 
Last edited:
beefjerky said:
I ended up submitting a report on GitHub, and based on our conversation, it's a bug outside of Merlin's control. I guess we can only hope that the appropriate party can or will fix it.

github.com

Port forwarding not working properly with NAT acceleration enabled · Issue #773 · RMerl/asuswrt-merlin.ng

Describe the bug When NAT acceleration is enabled, some of the port forwarding will not work. It seems to be random which ports are affected for each user. In my case, it is ports 80 and 3389. Disa...
github.com github.com

Based on our conversation, he recommended installing the stock firmware and confirming the issue was there as well (it was). He then recommended using the feedback form at the bottom of the WebUI to make Asus aware of the issue. I strongly encourage everyone here to do that as well, as the more users who bring it up, the more likely they are to care.
Click to expand...
I really don't feel like installing the stock firmware. Is it possible to post the link here to the feedback form to submit the bug report?
 
ChickenMilk said:
I really don't feel like installing the stock firmware. Is it possible to post the link here to the feedback form to submit the bug report?
Click to expand...
It's a page within the firmware.

1626406347363.png
 
I was still having trouble accessing my Synology Surveilance Station externally, despite NAT Accel being disabled. I would also have to reload pages often on my Nextcloud site, although it was still much better than when NAT Accel was enabled.

I tried disabling DoS Protection, and I can now connect to my surveillance station much more reliably and faster. It also sped up and increase reliability to my Nextcloud site. Maybe DoS Protection can cause issues with services that do a lot of rapid back and forth handshaking.

I did try with DoS Protection off and NAT Accel on, but that seemed as bad as it ever was, so NAT Accel is still definitely the primary issue here i think.
 
I'd like to post a quick update regarding this situation with my RT-AC3100. Recently my speeds started to tank when going through my router. Instead of getting ~900Mbps both ways, I was *lucky* to hit 400Mbps either way. It was typically quite a bit lower. I'm not sure exactly when it started because I'm almost always on a VPN which limits my speeds somewhat anyway.

Anyhow, after a whole bunch of troubleshooting, I said "screw it" and did a factory reset on the current Merlin 386.3 firmware. My speeds were then exactly where they were supposed to be. I then went through and setup things manually as I didn't want to risk contaminating anything up by using my saved settings.

After going through all this, my speeds are fine and all my port forwards work, even with NAT acceleration enabled. I have no idea what happened or why. So, if you're having this issue, and are open to trying it, a factory reset and then manual setup might help. But, YMMV. No guarantees this will work for anyone else.
 
A full reset, when warranted, works almost 100% of the time (if it's not actual hardware, firmware, or misconfigured settings).
 
You must log in or register to reply here.

Similar threads

Mr Solis
Enabling NAT Acceleration (CTF) breaks Port Forwarding? (RT-AC68U w/ 386.12_4)
Replies
17
Views
964
ColinTaylor
C
GShlomi
Sharing my DualWan with port forwarding and DDNS experience
Replies
0
Views
143
GShlomi
GShlomi
C
IPv4 Firewall/Port-Forwarding - Appear to be the same thing on Asuswrt
Replies
4
Views
757
chrisisbd
C
A
PS5 port forwarding and VPN rules
Replies
4
Views
1K
ColinTaylor
C
H
Port Forwarding Over WireGuard Connection?
2
Replies
22
Views
2K
houmi
houmi
Similar threads
Thread starter Title Forum Replies Date
GShlomi Sharing my DualWan with port forwarding and DDNS experience Asuswrt-Merlin 0
GShlomi Two WANs but not dual-WAN, with port-forwarding Asuswrt-Merlin 7
Mr Solis Enabling NAT Acceleration (CTF) breaks Port Forwarding? (RT-AC68U w/ 386.12_4) Asuswrt-Merlin 17
A PS5 port forwarding and VPN rules Asuswrt-Merlin 4
SA_booley Port forwarding only works on LAN Asuswrt-Merlin 10
C Port Forwarding and Firewall - not working as I expect Asuswrt-Merlin 4
C IPv4 Firewall/Port-Forwarding - Appear to be the same thing on Asuswrt Asuswrt-Merlin 4
mixels Possible to configure RT-AX86U w/ Merlin with more than 64 port forwarding rules? Asuswrt-Merlin 9
V Port forwarding not working? Asuswrt-Merlin 6
Z Port forwarding for client connected to OpenVPN server Asuswrt-Merlin 0

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 759 (members: 26, guests: 733)
Top