1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

    Dismiss Notice
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

RT-AC68U Port Forwarding and WAN Accsess issue

Discussion in 'Asuswrt-Merlin' started by GlukRazor, Mar 17, 2019.

  1. GlukRazor

    GlukRazor New Around Here

    Joined:
    Mar 17, 2019
    Messages:
    3
    I find some problems with my internate provider, so that I do complet reinstal my router with nvram cleanup (I hope so). Now, with 384.9 firmware, I could do nothing with ports: I cannot forward ports, cannot access WebIU or SSH from WAN. System even doesn’t response on ping from WAN. But I do allow all this stuff in WebUI. The only thing, I can do - I can get correct DDNS and Let’s Encrypt, but I cannot use them.
    Could you kindly give me some advice on my topic?
     
  2. martinr

    martinr Part of the Furniture

    Joined:
    Nov 27, 2014
    Messages:
    2,328
    Location:
    Manchester, United Kingdom
    Before anyone can help you, you beed to explain, in fine detail how you carried out the ״complet reinstal my router with nvram cleanup״. Then list all the warnings and other error messages in system log.
     
  3. GlukRazor

    GlukRazor New Around Here

    Joined:
    Mar 17, 2019
    Messages:
    3
    You are absolutely right. I do NVRAM cleanup with "mtd-erase2 nvram" command, then do a factory default reset and install the latest version of firmware.

    I see no error inside system log - only messages like this one:
    Mar 18 20:47:41 kernel: DROP IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:10:7b:ef:5a:b1:fd:08:00 SRC=10.139.112.109 DST=10.139.119.255 LEN=229 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=209
    Mar 18 20:47:42 kernel: DROP IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:e0:cb:4e:1a:f4:fb:08:00 SRC=10.139.112.122 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0xC0 TTL=128 ID=18502 PROTO=UDP SPT=68 DPT=67 LEN=308
     
  4. L&LD

    L&LD Part of the Furniture

    Joined:
    Dec 9, 2013
    Messages:
    10,908
    Your order is not correct.

    First, flash the firmware you want to use. Then, do an NVRAM erase and full reset to factory defaults. You will also want to check the box to 'initialize' the router fully (via the GUI) or, do a format jffs on next boot followed by 3 reboots in the next 15 minutes or so, letting the router fully boot up between boots (at least 5 -10 minutes).

    See the links in my signature for further information.
     
    martinr likes this.
  5. GlukRazor

    GlukRazor New Around Here

    Joined:
    Mar 17, 2019
    Messages:
    3
    Thank you! I have done all this stuff but this does not solve my issue. My system even does not respond on a ping from WAN.
     
  6. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    10,603
    Location:
    UK
    Does your router's WAN interface have a public IP address? If your WAN IP address begins with 10.x.y.z or 192.168.x.y then that will be your problem.
     
  7. Sven Hedin

    Sven Hedin New Around Here

    Joined:
    Apr 16, 2019
    Messages:
    6
    I have the exact same problem.AC68 but running 384.10_2 but I haven't done the flash/reset as L&LD described. I'll try that when I get home.
     
  8. martinr

    martinr Part of the Furniture

    Joined:
    Nov 27, 2014
    Messages:
    2,328
    Location:
    Manchester, United Kingdom
    Welcome to the forum, Sven.

    Make sure you read L&LD’s guide before you do anything:

    https://www.snbforums.com/threads/n...l-and-manual-configuration.27115/#post-205573

    In fact, you should read the whole of that thread carefully and print off what you need if you find that easier than scrolling on screen. Make sure you're happy with the instructions before you start and come back with any questions. Let us know how it goes.
     
  9. Sven Hedin

    Sven Hedin New Around Here

    Joined:
    Apr 16, 2019
    Messages:
    6
    Thank you for the welcome martinr!

    I've now gone through all the steps* and I still can't get port forwarding to work but I can ping it (it's possible that worked before).
    If a do an online nmap scan it says filtered on my forwarded ports. I didn't do one when it was working so I don't know if that is correct or if it should say open. If I temporarily enable the WAN administration that works too. I've disabled the firewall but to no effect.

    Suggestions are welcome!

    * Didn't find the Xbox-setting and B/G-protect when doing the reset thing. Guess I should have read the whole thread...
     
  10. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    10,603
    Location:
    UK
    @Sven Hedin Does your router's WAN interface have a public IP address?

    What ports are you trying to forward?
     
  11. martinr

    martinr Part of the Furniture

    Joined:
    Nov 27, 2014
    Messages:
    2,328
    Location:
    Manchester, United Kingdom
    Sven, for the XBox and b/g protect, look here:
    https://www.snbforums.com/threads/n...l-and-manual-configuration.27115/#post-466181
     
  12. Sven Hedin

    Sven Hedin New Around Here

    Joined:
    Apr 16, 2019
    Messages:
    6
    It does have a public IP.
    The ports are 22, 80, 443. I did a pcap dump on the target machine for port 22 and I saw nothing. I don't know if there are any tools for inspecting packages on Merlin but I didn't find pcap. It's possible my ISP is doing something fishy but it was working prior to the upgrade so I think it's unlikely.
     
  13. Sven Hedin

    Sven Hedin New Around Here

    Joined:
    Apr 16, 2019
    Messages:
    6
    martinr likes this.
  14. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    10,603
    Location:
    UK
    Can you try forwarding a different external port, something like 20000->22. Ports 22, 80, 443 can be used by the router itself so I'm wondering whether it thinks there's some sort of conflict happening.

    What firmware were you previously using that worked?
     
  15. Sven Hedin

    Sven Hedin New Around Here

    Joined:
    Apr 16, 2019
    Messages:
    6
    Tried it. No luck.

    I think it was 384.8_2 but I'm not sure.

    Thing is the external IP is working from inside the network. To my understanding, the request is routed through the gateway (Merlin's LAN-interface), then to the WAN-interface, back to LAN with the forwarding rules. If this is correct it must be the ISP, right?
     
  16. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    10,603
    Location:
    UK
    What firmware version are you currently using?

    Are you running any VPN's?

    It uses NAT loopback so it's mostly the same, but not 100% the same.

    Probably the only way to know for sure what's going on is to look at the output of this command:

    iptables -S -t nat
     
    martinr likes this.
  17. Sven Hedin

    Sven Hedin New Around Here

    Joined:
    Apr 16, 2019
    Messages:
    6
    And there it was. I'm running a VPN client on the port forwarded target machine. If I turn that off, everything is working as expected. Someday I'll learn not to change 10 things at the same time...

    Sorry for waisting your time but thanks for the help!
     
    L&LD and martinr like this.
  18. martinr

    martinr Part of the Furniture

    Joined:
    Nov 27, 2014
    Messages:
    2,328
    Location:
    Manchester, United Kingdom
    Thanks for the feedback, Sven. Glad it’s fixed. You’re not wasting everybody’s time: we all learn from it, and it helps so that the next time someone has a similar question, the solution may well be arrived at far quicker.
     
    Sven Hedin and L&LD like this.