What's new

Port Forwarding issue on AC86U - not able to specify source IP

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

zefo

New Around Here
Hi. I don't know if anyone faced this issue and know how to fix it but any help would be much appreciated. I did a search on the forum and found a lot of port forwarding threads but none on this specific issue.

I have a RT-AC86U running firmware version 3.0.0.4.384_32799.

I try to setup port forwarding to a local server on port 443, but would like to limit the forward to specific source IP addresses (friends and family) and not leave it open to any source IP.

The problem is that the router seams to apply the open to all source IP rule, but never apply the rule where the Source IP is different from ALL.

When I create a rule to forward, but leave the field Source IP empty, the rule is added and appears under System Logs / Port Forwarding, and the rule woks. I tested it.

When I create a rule but enter a specific IP address in the Source IP field, the rule does not show under System Logs / Port Forwarding, and I can confirm that the rule does not work.

I have tried everything I can think and have read in this forum or elsewhere (reboot, leave Local Port empty, try with other port numbers, restore factory settings, etc)

Any help or potential avenues for resolution would be appreciated.

Thanks.

Here are screenshots of example settings.

Under WAN/Port Forwarding:
upload_2018-11-9_11-45-22.png


Under System Logs / Port Forwarding:
upload_2018-11-9_11-46-10.png
 
maybe wrong local IP, other subnet 1.217 is not within your 50.217.
Thanks for the reply. But it is not the issue. I just made up examples to show in the thread but even with right subnet it does not work. Thanks for the try.
 
I'm having trouble understanding what your trying to do?

Port forwards apply to forwarding incoming traffic from the router internet port to an internal device for supplied port or port range.

But I don't really understand the source IP field, I thought it was meant to be used in cases where you know the IP address of incoming requests and want to restrict it.
So it would need to be a valid route-able address.
But you used 192.222.222.222 which looks like it's a public rout-able IP address and you say that didn't work.
Have you been assigned this public address by your ISP?
 
I'm having trouble understanding what your trying to do?

Port forwards apply to forwarding incoming traffic from the router internet port to an internal device for supplied port or port range.

But I don't really understand the source IP field, I thought it was meant to be used in cases where you know the IP address of incoming requests and want to restrict it.
So it would need to be a valid route-able address.
But you used 192.222.222.222 which looks like it's a public rout-able IP address and you say that didn't work.
Have you been assigned this public address by your ISP?

Hi and thanks for your inputs. In my screenshots I used fake IP addresses only as examples but maybe it was more confusing that way.

First, here is what I try to do.
. I have setup a PC backup solution (similar to Crashplan and the likes) but instead of backing up in the cloud, it backs up to servers I have set up at my home and at a friends home
. There are backup clients running on friends and family PCs to be backed-up
. Backup clients connect to the backup servers via https
. The backup servers are userid & password-protected, but for increased protection, I want to allow connections only from my friends and family public IP addresses. They have fixes public IP addresses.

Hence, the reason why I wanted to set-up port-forwarding on asus router to do port-forward only when traffic comes from these specific public IP addresses. But I have never been able to make it work. Port forward works only when the SourceIP field is empty, which equals to ALL.

I have decided to rather use the linux firewall on the backup server to do the same.

But if someone finds out how to enable port-forward for specific source ip addresses, I am still interested in getting the solution.

Thanks.
 
Hello there,

i am working on something similar - and have a question in those regards. I have been creating and working with port forwading to have a backp with 2 NAS'es. But i realized that the source-ip option is only available with IP Adresses. As i have dynamic addresses on one end, i am not able to use that. I would more prefer in limiting it to a certain hostname (e.g. my.server.com) - is there any chance in doing so? the second internetrouter i have on the other hand is able of doing so.

Thanks so much for any help - this is appreciated.
 
Same issue here, I need to specify a range of source IP addresses, not just one. Why are all consumer router GUI's so awful. Does anyone know what commands to input in an ssh session to force this to work?
Cheers
 
Same issue here, I need to specify a range of source IP addresses, not just one. Why are all consumer router GUI's so awful. Does anyone know what commands to input in an ssh session to force this to work?
Cheers
Maybe you can use the slash notation to denote a range of IP addresses? (eg. "11.22.33.44/24")
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top