What's new

Portforwarding issue

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Aidancov1

Occasional Visitor
Hi,

I have an ASUS router and have enabled a DDNS service with Duckdns and registered on Asus. I cannot reach this from outside network. I have tried many different ports but all refuse connection. When I do an NSLookup with the duckdns address it links to my external IP correctly so not sure what is wrong.

I would be grateful if anyone can help with this

Thanks
 
Are you sure your router has a public IP address and not a private or CGNAT address? Look at the "WAN IP:" on the Network Map router page. What are the first two octets?

Check that you have a service actively listening on the port you're forwarding to.
 
Thanks for confirming that. Well I can't think of any reason why this wouldn't work. If you tell us your router model and firmware version that might provide a clue. Also, what ports/protocols are you trying to forward?
 
You probably already checked this, but if you are using a modem have you opened a port from the gateway from your ISP?
 
I'm using just an Asus 58U on Merlin Firmware. It has WAN IP then a Gateway which is different again.
 

Attachments

  • Screenshot 2024-11-02 143043.png
    Screenshot 2024-11-02 143043.png
    19.3 KB · Views: 12
What specifically are you trying to remotely access? If it's the router itself, you don't actually port forward in that case since the router is the target. You only port forward to reach some other device behind the router.

If you're trying to reach the router itself, then typically you need to enable remote access to that service (GUI, SSH, etc.) on the Administration page, which just opens a port on the WAN.

If you're trying to reach some device behind the router, sometimes personal firewalls on the target device will prevent the access. Just depends on if it has a firewall, and if it does, how it's configured.

It would help to dump the firewall to see if in fact packets are at least reaching your router. Big difference between no packets at all vs. they get there, but things go awry from that point for some other reason (like the firewall issue above).

Code:
iptables -t nat -vnL
iptables -vnL INPUT
iptables -vnL FORWARD

Feel free to mask your public IP, but leave everything else alone.
 
I'm using just an Asus 58U on Merlin Firmware. It has WAN IP then a Gateway which is different again.
What kind of internet connection do you have, cable, VDSL, satellite, etc? If you're using a mobile (cellular) service they might not support port forwarding.
 
Last edited:
I have vdsl. Basically I just want to reach the router if I need to restart or change settings.
Then you don't use port forwarding for that.

You would either enable HTTPS access from WAN, which is a very bad idea from a security perspective. Or you would setup a VPN server (either on the router or a device on your LAN) and connect to that.
 
Yes I have setup Wireguard server on my Asus router and can connect from outside. Although I have dynamic ip so when that changes I can't reconnect via wireguard. How can I keep the public ip updated? I suppose thats where I was trying to use duckdns. Basically I just want to be able to access my internet from outside securely.
 
Yes I have setup Wireguard server on my Asus router and can connect from outside. Although I have dynamic ip so when that changes I can't reconnect via wireguard. How can I keep the public ip updated? I suppose thats where I was trying to use duckdns. Basically I just want to be able to access my internet from outside securely.
I don't use Wireguard but I do use OpenVPN. I would have thought there would have been an option in the Wireguard client where you can specify your router's DDNS name rather than its IP address.
 
You need to use Tailscale instead. Tailscale works thru a relay service that always knows your IP address even when you have dynamic IP. You can set it up so you can have access to your local LAN devices and also go out to the internet thru the router as an Exit Node. Tailscale uses wireguard as its underlying encryption method.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top