What's new

RT-AC68U Port Forwarding and WAN Accsess issue

GlukRazor

New Around Here
I find some problems with my internate provider, so that I do complet reinstal my router with nvram cleanup (I hope so). Now, with 384.9 firmware, I could do nothing with ports: I cannot forward ports, cannot access WebIU or SSH from WAN. System even doesn’t response on ping from WAN. But I do allow all this stuff in WebUI. The only thing, I can do - I can get correct DDNS and Let’s Encrypt, but I cannot use them.
Could you kindly give me some advice on my topic?
 

martinr

Part of the Furniture
Before anyone can help you, you beed to explain, in fine detail how you carried out the ״complet reinstal my router with nvram cleanup״. Then list all the warnings and other error messages in system log.
 

GlukRazor

New Around Here
Before anyone can help you, you need to explain, in fine detail how you carried out the ״complet reinstall my router with nvram cleanup״. Then list all the warnings and other error messages in the system log.
You are absolutely right. I do NVRAM cleanup with "mtd-erase2 nvram" command, then do a factory default reset and install the latest version of firmware.

I see no error inside system log - only messages like this one:
Mar 18 20:47:41 kernel: DROP IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:10:7b:ef:5a:b1:fd:08:00 SRC=10.139.112.109 DST=10.139.119.255 LEN=229 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=209
Mar 18 20:47:42 kernel: DROP IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:e0:cb:4e:1a:f4:fb:08:00 SRC=10.139.112.122 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0xC0 TTL=128 ID=18502 PROTO=UDP SPT=68 DPT=67 LEN=308
 

L&LD

Part of the Furniture
You are absolutely right. I do NVRAM cleanup with "mtd-erase2 nvram" command, then do a factory default reset and install the latest version of firmware.
Your order is not correct.

First, flash the firmware you want to use. Then, do an NVRAM erase and full reset to factory defaults. You will also want to check the box to 'initialize' the router fully (via the GUI) or, do a format jffs on next boot followed by 3 reboots in the next 15 minutes or so, letting the router fully boot up between boots (at least 5 -10 minutes).

See the links in my signature for further information.
 

GlukRazor

New Around Here
Your order is not correct.

First, flash the firmware you want to use. Then, do an NVRAM erase and full reset to factory defaults. You will also want to check the box to 'initialize' the router fully (via the GUI) or, do a format jffs on next boot followed by 3 reboots in the next 15 minutes or so, letting the router fully boot up between boots (at least 5 -10 minutes).

See the links in my signature for further information.
Thank you! I have done all this stuff but this does not solve my issue. My system even does not respond on a ping from WAN.
 

ColinTaylor

Part of the Furniture
My system even does not respond on a ping from WAN.
Does your router's WAN interface have a public IP address? If your WAN IP address begins with 10.x.y.z or 192.168.x.y then that will be your problem.
 

Sven Hedin

New Around Here
I have the exact same problem.AC68 but running 384.10_2 but I haven't done the flash/reset as L&LD described. I'll try that when I get home.
 

martinr

Part of the Furniture
I have the exact same problem.AC68 but running 384.10_2 but I haven't done the flash/reset as L&LD described. I'll try that when I get home.
Welcome to the forum, Sven.

Make sure you read L&LD’s guide before you do anything:

https://www.snbforums.com/threads/n...l-and-manual-configuration.27115/#post-205573

In fact, you should read the whole of that thread carefully and print off what you need if you find that easier than scrolling on screen. Make sure you're happy with the instructions before you start and come back with any questions. Let us know how it goes.
 

Sven Hedin

New Around Here
Welcome to the forum, Sven.
Thank you for the welcome martinr!

I've now gone through all the steps* and I still can't get port forwarding to work but I can ping it (it's possible that worked before).
If a do an online nmap scan it says filtered on my forwarded ports. I didn't do one when it was working so I don't know if that is correct or if it should say open. If I temporarily enable the WAN administration that works too. I've disabled the firewall but to no effect.

Suggestions are welcome!

* Didn't find the Xbox-setting and B/G-protect when doing the reset thing. Guess I should have read the whole thread...
 

ColinTaylor

Part of the Furniture
@Sven Hedin Does your router's WAN interface have a public IP address?

What ports are you trying to forward?
 

martinr

Part of the Furniture
Thank you for the welcome martinr!

I've now gone through all the steps* and I still can't get port forwarding to work but I can ping it (it's possible that worked before).
If a do an online nmap scan it says filtered on my forwarded ports. I didn't do one when it was working so I don't know if that is correct or if it should say open. If I temporarily enable the WAN administration that works too. I've disabled the firewall but to no effect.

Suggestions are welcome!

* Didn't find the Xbox-setting and B/G-protect when doing the reset thing. Guess I should have read the whole thread...
Sven, for the XBox and b/g protect, look here:
https://www.snbforums.com/threads/n...l-and-manual-configuration.27115/#post-466181
 

Sven Hedin

New Around Here
@Sven Hedin Does your router's WAN interface have a public IP address?

What ports are you trying to forward?
It does have a public IP.
The ports are 22, 80, 443. I did a pcap dump on the target machine for port 22 and I saw nothing. I don't know if there are any tools for inspecting packages on Merlin but I didn't find pcap. It's possible my ISP is doing something fishy but it was working prior to the upgrade so I think it's unlikely.
 

ColinTaylor

Part of the Furniture
The ports are 22, 80, 443.
Can you try forwarding a different external port, something like 20000->22. Ports 22, 80, 443 can be used by the router itself so I'm wondering whether it thinks there's some sort of conflict happening.

... but it was working prior to the upgrade so I think it's unlikely.
What firmware were you previously using that worked?
 

Sven Hedin

New Around Here
Can you try forwarding a different external port, something like 20000->22. Ports 22, 80, 443 can be used by the router itself so I'm wondering whether it thinks there's some sort of conflict happening.
Tried it. No luck.

What firmware were you previously using that worked?
I think it was 384.8_2 but I'm not sure.

Thing is the external IP is working from inside the network. To my understanding, the request is routed through the gateway (Merlin's LAN-interface), then to the WAN-interface, back to LAN with the forwarding rules. If this is correct it must be the ISP, right?
 

ColinTaylor

Part of the Furniture
I think it was 384.8_2 but I'm not sure.
What firmware version are you currently using?

Are you running any VPN's?

Thing is the external IP is working from inside the network. To my understanding, the request is routed through the gateway (Merlin's LAN-interface), then to the WAN-interface, back to LAN with the forwarding rules. If this is correct it must be the ISP, right?
It uses NAT loopback so it's mostly the same, but not 100% the same.

Probably the only way to know for sure what's going on is to look at the output of this command:

iptables -S -t nat
 

martinr

Part of the Furniture
And there it was. I'm running a VPN client on the port forwarded target machine. If I turn that off, everything is working as expected. Someday I'll learn not to change 10 things at the same time...

Sorry for waisting your time but thanks for the help!
Thanks for the feedback, Sven. Glad it’s fixed. You’re not wasting everybody’s time: we all learn from it, and it helps so that the next time someone has a similar question, the solution may well be arrived at far quicker.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top