1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Port Forwarding issue on AC86U - not able to specify source IP

Discussion in 'ASUSWRT - Official' started by zefo, Nov 9, 2018.

  1. zefo

    zefo New Around Here

    Nov 9, 2018
    Hi. I don't know if anyone faced this issue and know how to fix it but any help would be much appreciated. I did a search on the forum and found a lot of port forwarding threads but none on this specific issue.

    I have a RT-AC86U running firmware version

    I try to setup port forwarding to a local server on port 443, but would like to limit the forward to specific source IP addresses (friends and family) and not leave it open to any source IP.

    The problem is that the router seams to apply the open to all source IP rule, but never apply the rule where the Source IP is different from ALL.

    When I create a rule to forward, but leave the field Source IP empty, the rule is added and appears under System Logs / Port Forwarding, and the rule woks. I tested it.

    When I create a rule but enter a specific IP address in the Source IP field, the rule does not show under System Logs / Port Forwarding, and I can confirm that the rule does not work.

    I have tried everything I can think and have read in this forum or elsewhere (reboot, leave Local Port empty, try with other port numbers, restore factory settings, etc)

    Any help or potential avenues for resolution would be appreciated.


    Here are screenshots of example settings.

    Under WAN/Port Forwarding:

    Under System Logs / Port Forwarding:
  2. Grisu

    Grisu Very Senior Member

    Aug 28, 2014
    maybe wrong local IP, other subnet 1.217 is not within your 50.217.
  3. zefo

    zefo New Around Here

    Nov 9, 2018
    Thanks for the reply. But it is not the issue. I just made up examples to show in the thread but even with right subnet it does not work. Thanks for the try.
  4. raven-au

    raven-au Regular Contributor

    Nov 25, 2014
    I'm having trouble understanding what your trying to do?

    Port forwards apply to forwarding incoming traffic from the router internet port to an internal device for supplied port or port range.

    But I don't really understand the source IP field, I thought it was meant to be used in cases where you know the IP address of incoming requests and want to restrict it.
    So it would need to be a valid route-able address.
    But you used which looks like it's a public rout-able IP address and you say that didn't work.
    Have you been assigned this public address by your ISP?
  5. zefo

    zefo New Around Here

    Nov 9, 2018
    Hi and thanks for your inputs. In my screenshots I used fake IP addresses only as examples but maybe it was more confusing that way.

    First, here is what I try to do.
    . I have setup a PC backup solution (similar to Crashplan and the likes) but instead of backing up in the cloud, it backs up to servers I have set up at my home and at a friends home
    . There are backup clients running on friends and family PCs to be backed-up
    . Backup clients connect to the backup servers via https
    . The backup servers are userid & password-protected, but for increased protection, I want to allow connections only from my friends and family public IP addresses. They have fixes public IP addresses.

    Hence, the reason why I wanted to set-up port-forwarding on asus router to do port-forward only when traffic comes from these specific public IP addresses. But I have never been able to make it work. Port forward works only when the SourceIP field is empty, which equals to ALL.

    I have decided to rather use the linux firewall on the backup server to do the same.

    But if someone finds out how to enable port-forward for specific source ip addresses, I am still interested in getting the solution.

  6. toxiroxi

    toxiroxi New Around Here

    Apr 7, 2019
    Hello there,

    i am working on something similar - and have a question in those regards. I have been creating and working with port forwading to have a backp with 2 NAS'es. But i realized that the source-ip option is only available with IP Adresses. As i have dynamic addresses on one end, i am not able to use that. I would more prefer in limiting it to a certain hostname (e.g. my.server.com) - is there any chance in doing so? the second internetrouter i have on the other hand is able of doing so.

    Thanks so much for any help - this is appreciated.