Port forwarding doesn't seem to actually open ports

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

SKSSF

New Around Here
I’m running an ASUS RT-AC1900P with Merlin WRT 384.16 firmware. I’m trying to get a Liftmaster/Chamberlain 828LM (device that enables me to open my garage door from online) gateway working. This device requires the following ports open (per https://support.chamberlaingroup.co...ings-for-the-MyQ-Wi-Fi-products-1484145723404):
  • TCP/UDP port 53 open (Internet Gateway only)
  • Inbound and outbound /TCP port 8883 open
I’ve given the 828LM a manually assigned IP, and I’ve configured the port forwarding; however, the device’s diagnostics indicate that it cannot access the internet even though it has an IP address. Canyouseeme.org reports that these 2 ports are closed due to a connection timeout (all timeouts set to default, except for UDP unreplied set to 180). Screenshot of port forwarding can be found here (sorry, the image feature isn't working for me).

As a secondary diagnostic, I have a remote location for which ports on this router are forwarded for RSYNC, and using the tnc command in PowerShell from the remote location, the RSYNC ports are open, but ports 53/8883 are closed, confirming canyouseeme's findings.

Other notes:
  • I’m running OpenVPN on my router, if that makes a difference.
  • I’ve hard reset the 828LM, but no change in behavior.
  • My router is running behind an Xfinity router in bridge mode (“low security” setting)
Any thoughts on why those ports appear closed even though I’ve set them for port forwarding?
Thanks!
Sandheep
 

ColinTaylor

Part of the Furniture
Remove the port forwarding rule for port 53. It is not needed as that is an outbound port not inbound. All outbound ports are open by default.


  • I’m running OpenVPN on my router, if that makes a difference.
OpenVPN server or client? If it's a client you need to setup policy rules for this to work.
 

CaptainSTX

Part of the Furniture
I have my Chamberlain remote door controller working with a VPN. I have a different model that connects to my router using an Ethernet cable. While you are diagnosing your problem no harm in shutting VPN down by using policy based routing.

1. What is you WAN IP on the AC1900P? You need to verify that it is a public IP and you are not in fact double NATed behind the Xfinity router. If you are then several things you can try.

a. But the Xfinity router back in bridge mode. I have heard that sometimes after a firmware update they can revert back to router mode.

b. You may also have to forward to forward the ports needed on your Xfinity router.

c. You can run in a double NAT setup and connect your Chamberlain to the WiFi on the Xfinity router. This could be a security benefit having you IoT devices connect to the first router (Xfinity ) and then have your more secure devices connected to your second router as they would be in a different subnets and not accessible from any devices connected to the Xfinity router.

d. Buy you own modem and stop paying Comcast a monthly rental fee. Then you would only have a single router to deal with.
 

SKSSF

New Around Here
Ah, sorry, I meant OpenVPN server. Regarding removing the port 53 rule, the presence of the rule wouldn't affect the connection issues, correct? The only harm is a potential security threat, right?
 

ColinTaylor

Part of the Furniture
Regarding removing the port 53 rule, the presence of the rule wouldn't affect the connection issues, correct? The only harm is a potential security threat, right?
It's a completely pointless rule that achieves nothing (unless you happen to be running a public DNS server on your Liftmaster!).
 

SKSSF

New Around Here
Thanks--I've confirmed that my Xfinity router is in bridge mode, and per the MerlinWRT interface, I've got a public IP (73.63.xx.xx). When the Xfinity router is in bridge mode, it doesn't offer much in terms of configuration--so forwarding ports is not an option. I'll look into getting my own cable modem, but per the test from the remote location (whose IP is granted forwarding access for the rsync port, the Xfinity router is not blocking access--at least for that port). So I'm doing something right with regards to my rsync port forwarding, but clearly something is wrong with the other port forwarding.

I have my Chamberlain remote door controller working with a VPN. I have a different model that connects to my router using an Ethernet cable. While you are diagnosing your problem no harm in shutting VPN down by using policy based routing.

1. What is you WAN IP on the AC1900P? You need to verify that it is a public IP and you are not in fact double NATed behind the Xfinity router. If you are then several things you can try.

a. But the Xfinity router back in bridge mode. I have heard that sometimes after a firmware update they can revert back to router mode.

b. You may also have to forward to forward the ports needed on your Xfinity router.

c. You can run in a double NAT setup and connect your Chamberlain to the WiFi on the Xfinity router. This could be a security benefit having you IoT devices connect to the first router (Xfinity ) and then have your more secure devices connected to your second router as they would be in a different subnets and not accessible from any devices connected to the Xfinity router.

d. Buy you own modem and stop paying Comcast a monthly rental fee. Then you would only have a single router to deal with.
 

SKSSF

New Around Here
Also, I disabled the VPN and rebooted, but the port is still closed. Any other ideas here?
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top