1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Port forwarding doesn't seem to actually open ports

Discussion in 'Asuswrt-Merlin' started by SKSSF, Apr 7, 2020.

  1. SKSSF

    SKSSF New Around Here

    Joined:
    Apr 6, 2020
    Messages:
    4
    I’m running an ASUS RT-AC1900P with Merlin WRT 384.16 firmware. I’m trying to get a Liftmaster/Chamberlain 828LM (device that enables me to open my garage door from online) gateway working. This device requires the following ports open (per https://support.chamberlaingroup.co...ings-for-the-MyQ-Wi-Fi-products-1484145723404):
    I’ve given the 828LM a manually assigned IP, and I’ve configured the port forwarding; however, the device’s diagnostics indicate that it cannot access the internet even though it has an IP address. Canyouseeme.org reports that these 2 ports are closed due to a connection timeout (all timeouts set to default, except for UDP unreplied set to 180). Screenshot of port forwarding can be found here (sorry, the image feature isn't working for me).

    As a secondary diagnostic, I have a remote location for which ports on this router are forwarded for RSYNC, and using the tnc command in PowerShell from the remote location, the RSYNC ports are open, but ports 53/8883 are closed, confirming canyouseeme's findings.

    Other notes:
    • I’m running OpenVPN on my router, if that makes a difference.
    • I’ve hard reset the 828LM, but no change in behavior.
    • My router is running behind an Xfinity router in bridge mode (“low security” setting)
    Any thoughts on why those ports appear closed even though I’ve set them for port forwarding?
    Thanks!
    Sandheep
     
  2. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    11,777
    Location:
    UK
    Remove the port forwarding rule for port 53. It is not needed as that is an outbound port not inbound. All outbound ports are open by default.


    OpenVPN server or client? If it's a client you need to setup policy rules for this to work.
     
  3. CaptainSTX

    CaptainSTX Part of the Furniture

    Joined:
    May 2, 2012
    Messages:
    2,502
    I have my Chamberlain remote door controller working with a VPN. I have a different model that connects to my router using an Ethernet cable. While you are diagnosing your problem no harm in shutting VPN down by using policy based routing.

    1. What is you WAN IP on the AC1900P? You need to verify that it is a public IP and you are not in fact double NATed behind the Xfinity router. If you are then several things you can try.

    a. But the Xfinity router back in bridge mode. I have heard that sometimes after a firmware update they can revert back to router mode.

    b. You may also have to forward to forward the ports needed on your Xfinity router.

    c. You can run in a double NAT setup and connect your Chamberlain to the WiFi on the Xfinity router. This could be a security benefit having you IoT devices connect to the first router (Xfinity ) and then have your more secure devices connected to your second router as they would be in a different subnets and not accessible from any devices connected to the Xfinity router.

    d. Buy you own modem and stop paying Comcast a monthly rental fee. Then you would only have a single router to deal with.
     
  4. SKSSF

    SKSSF New Around Here

    Joined:
    Apr 6, 2020
    Messages:
    4
    Ah, sorry, I meant OpenVPN server. Regarding removing the port 53 rule, the presence of the rule wouldn't affect the connection issues, correct? The only harm is a potential security threat, right?
     
  5. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    11,777
    Location:
    UK
    It's a completely pointless rule that achieves nothing (unless you happen to be running a public DNS server on your Liftmaster!).
     
  6. SKSSF

    SKSSF New Around Here

    Joined:
    Apr 6, 2020
    Messages:
    4
    Thanks--I've confirmed that my Xfinity router is in bridge mode, and per the MerlinWRT interface, I've got a public IP (73.63.xx.xx). When the Xfinity router is in bridge mode, it doesn't offer much in terms of configuration--so forwarding ports is not an option. I'll look into getting my own cable modem, but per the test from the remote location (whose IP is granted forwarding access for the rsync port, the Xfinity router is not blocking access--at least for that port). So I'm doing something right with regards to my rsync port forwarding, but clearly something is wrong with the other port forwarding.

     
  7. SKSSF

    SKSSF New Around Here

    Joined:
    Apr 6, 2020
    Messages:
    4
    Also, I disabled the VPN and rebooted, but the port is still closed. Any other ideas here?