1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Port forwarding inbound on XXXXX from RT AC66U to Windows 10

Discussion in 'ASUS Wireless' started by ruasonid, May 23, 2020.

  1. ruasonid

    ruasonid Occasional Visitor

    Joined:
    Oct 17, 2015
    Messages:
    49
    I'm having a problem in getting port forwarding to work from my RT AC66U to my Windows 10 desktop over a wireless link. I've configured the desktop's wireless adapter address as 192.168.0.25 and opened some inbound ports in Windows Defender/Firewall. I'm using a VPN. On the router I've set port forwarding in the XXXXX range to the local IP:

    Service Name=test, Source IP=blank, Port range=XXXXX:XXXXX, Local port=21, Protocol=TCP

    I've enabled Respond to ICMP Echo (ping) Request from WAN.

    I'm unable to receive an inbound ping at my desktop, and the specified ports in XXXXX are not open to inbound traffic when tested from the WAN. This is the same with/without the VPN.

    The ISP claims that the ports are not blocked. Have I missed anything?
     
  2. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    11,724
    Location:
    UK
    Is the VPN running on the router or the PC? This won't work with the VPN active unless you have specific rules setup to bypass the VPN for the FTP traffic.

    The "Respond to ICMP Echo.." option refers only to the router's WAN IP address and not any of the clients on the LAN.
     
  3. ruasonid

    ruasonid Occasional Visitor

    Joined:
    Oct 17, 2015
    Messages:
    49
    Thanks for your prompt reply.

    The VPN is (at the moment) only on the devices.

    The ping is coming from another device/network across the WAN. It doesn't work with the VPN enabled or disabled. I've rebooted the router (incidentally, Merlin 380.70).
     
  4. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    11,724
    Location:
    UK
    If you don't get a reply when pinging the router's WAN IP address that would suggest you're not even getting that far.

    Have you confirmed that your router has a public IP address?
     
  5. ruasonid

    ruasonid Occasional Visitor

    Joined:
    Oct 17, 2015
    Messages:
    49
  6. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    11,724
    Location:
    UK
    Then I think you need to determine why you can't ping it. Can you ping it from a different network?
     
  7. ruasonid

    ruasonid Occasional Visitor

    Joined:
    Oct 17, 2015
    Messages:
    49
    OK, I am able to ping the public address 185.134.X.X from my mobile over the data network.
     
  8. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    11,724
    Location:
    UK
    Then that's the device you need to test the ftp with.
     
  9. ruasonid

    ruasonid Occasional Visitor

    Joined:
    Oct 17, 2015
    Messages:
    49
    I can ping the public address both via the VPN and without the VPN from my mobile.

    Using a port scanner utility on my mobile I can see that 21 and various other ports are open. The range I specified above is not.

    I can FTP from my mobile to the router's FTP server.
     
  10. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    11,724
    Location:
    UK
    So it's working then?

    EDIT: Sorry, I misread your reply.

    Try disabling the firewall in the desktop PC.

    Also, if possible try testing with something other than an FTP server. FTP is a really awkward protocol to get working because it requires the use of a helper and the dynamic opening of ports. Testing with something like SSH would be much easier.
     
    Last edited: May 23, 2020
  11. ruasonid

    ruasonid Occasional Visitor

    Joined:
    Oct 17, 2015
    Messages:
    49
    Thanks for all your suggestions.

    Just to be clear I can ping the router from my mobile (data network) with/without VPN and FTP into the router's FTP server (so FTP is working). I can also ssh into the router from using PuTTY on my mobile.

    I disabled the PC's firewall yet I still cannot reach the PC via the ports XXXXX. Have I understood correctly that the app (which needs port XXXXX) accesses the router on port 21 (TCP) then is (should be) forwarded to the PC?

    Would it be worth setting up an FTP server on the PC and trying to access that by a forwarded port? Or were you suggesting to do that using ssh (to the PC) from outside (e.g. my mobile)?
     
  12. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    11,724
    Location:
    UK
    I thought that's exactly what you've been trying to do (port 21 is the ftp control port). :confused:

    You haven't given us any details about this app. You've setup a rule for port XXXXX so that's the port the app needs to connect to from the internet. Port XXXXX is then forwarded to port 21 on your PC. If the app needs to connect to the PC on port XXXXX then why are you trying to use the ftp port? :confused:
     
    Last edited: May 23, 2020
  13. ruasonid

    ruasonid Occasional Visitor

    Joined:
    Oct 17, 2015
    Messages:
    49
    OK, so what should be my local port setting on the router? It seems to require a single port unless I missed how to input a range.

    Service name-test
    Source IP
    Port range XXXXX:XXXXX
    Local IP 192.168...
    Local port ?
    Protocol TCP

    Incidentally, the app is a new development project. It communicates over the XXXXX port range. I'm using docker and the desktop is listening on the XXXXX ports
     
  14. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    11,724
    Location:
    UK
    If your application is listening on port XXXXX on the PC then that's what the local port must be set to. The external port (Port range) would usually be set to the same (single) number otherwise the client would have to be configured differently for when it was connecting from outside than when it was inside the LAN.