What's new

RT-AC68U Port Forwarding and WAN Accsess issue

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

GlukRazor

New Around Here
I find some problems with my internate provider, so that I do complet reinstal my router with nvram cleanup (I hope so). Now, with 384.9 firmware, I could do nothing with ports: I cannot forward ports, cannot access WebIU or SSH from WAN. System even doesn’t response on ping from WAN. But I do allow all this stuff in WebUI. The only thing, I can do - I can get correct DDNS and Let’s Encrypt, but I cannot use them.
Could you kindly give me some advice on my topic?
 
Before anyone can help you, you beed to explain, in fine detail how you carried out the ״complet reinstal my router with nvram cleanup״. Then list all the warnings and other error messages in system log.
 
Before anyone can help you, you need to explain, in fine detail how you carried out the ״complet reinstall my router with nvram cleanup״. Then list all the warnings and other error messages in the system log.
You are absolutely right. I do NVRAM cleanup with "mtd-erase2 nvram" command, then do a factory default reset and install the latest version of firmware.

I see no error inside system log - only messages like this one:
Mar 18 20:47:41 kernel: DROP IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:10:7b:ef:5a:b1:fd:08:00 SRC=10.139.112.109 DST=10.139.119.255 LEN=229 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=209
Mar 18 20:47:42 kernel: DROP IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:e0:cb:4e:1a:f4:fb:08:00 SRC=10.139.112.122 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0xC0 TTL=128 ID=18502 PROTO=UDP SPT=68 DPT=67 LEN=308
 
You are absolutely right. I do NVRAM cleanup with "mtd-erase2 nvram" command, then do a factory default reset and install the latest version of firmware.

Your order is not correct.

First, flash the firmware you want to use. Then, do an NVRAM erase and full reset to factory defaults. You will also want to check the box to 'initialize' the router fully (via the GUI) or, do a format jffs on next boot followed by 3 reboots in the next 15 minutes or so, letting the router fully boot up between boots (at least 5 -10 minutes).

See the links in my signature for further information.
 
Your order is not correct.

First, flash the firmware you want to use. Then, do an NVRAM erase and full reset to factory defaults. You will also want to check the box to 'initialize' the router fully (via the GUI) or, do a format jffs on next boot followed by 3 reboots in the next 15 minutes or so, letting the router fully boot up between boots (at least 5 -10 minutes).

See the links in my signature for further information.
Thank you! I have done all this stuff but this does not solve my issue. My system even does not respond on a ping from WAN.
 
I have the exact same problem.AC68 but running 384.10_2 but I haven't done the flash/reset as L&LD described. I'll try that when I get home.
 
I have the exact same problem.AC68 but running 384.10_2 but I haven't done the flash/reset as L&LD described. I'll try that when I get home.
Welcome to the forum, Sven.

Make sure you read L&LD’s guide before you do anything:

https://www.snbforums.com/threads/n...l-and-manual-configuration.27115/#post-205573

In fact, you should read the whole of that thread carefully and print off what you need if you find that easier than scrolling on screen. Make sure you're happy with the instructions before you start and come back with any questions. Let us know how it goes.
 
Welcome to the forum, Sven.
Thank you for the welcome martinr!

I've now gone through all the steps* and I still can't get port forwarding to work but I can ping it (it's possible that worked before).
If a do an online nmap scan it says filtered on my forwarded ports. I didn't do one when it was working so I don't know if that is correct or if it should say open. If I temporarily enable the WAN administration that works too. I've disabled the firewall but to no effect.

Suggestions are welcome!

* Didn't find the Xbox-setting and B/G-protect when doing the reset thing. Guess I should have read the whole thread...
 
Thank you for the welcome martinr!

I've now gone through all the steps* and I still can't get port forwarding to work but I can ping it (it's possible that worked before).
If a do an online nmap scan it says filtered on my forwarded ports. I didn't do one when it was working so I don't know if that is correct or if it should say open. If I temporarily enable the WAN administration that works too. I've disabled the firewall but to no effect.

Suggestions are welcome!

* Didn't find the Xbox-setting and B/G-protect when doing the reset thing. Guess I should have read the whole thread...

Sven, for the XBox and b/g protect, look here:
https://www.snbforums.com/threads/n...l-and-manual-configuration.27115/#post-466181
 
@Sven Hedin Does your router's WAN interface have a public IP address?

What ports are you trying to forward?
It does have a public IP.
The ports are 22, 80, 443. I did a pcap dump on the target machine for port 22 and I saw nothing. I don't know if there are any tools for inspecting packages on Merlin but I didn't find pcap. It's possible my ISP is doing something fishy but it was working prior to the upgrade so I think it's unlikely.
 
The ports are 22, 80, 443.
Can you try forwarding a different external port, something like 20000->22. Ports 22, 80, 443 can be used by the router itself so I'm wondering whether it thinks there's some sort of conflict happening.

... but it was working prior to the upgrade so I think it's unlikely.
What firmware were you previously using that worked?
 
Can you try forwarding a different external port, something like 20000->22. Ports 22, 80, 443 can be used by the router itself so I'm wondering whether it thinks there's some sort of conflict happening.
Tried it. No luck.

What firmware were you previously using that worked?
I think it was 384.8_2 but I'm not sure.

Thing is the external IP is working from inside the network. To my understanding, the request is routed through the gateway (Merlin's LAN-interface), then to the WAN-interface, back to LAN with the forwarding rules. If this is correct it must be the ISP, right?
 
I think it was 384.8_2 but I'm not sure.
What firmware version are you currently using?

Are you running any VPN's?

Thing is the external IP is working from inside the network. To my understanding, the request is routed through the gateway (Merlin's LAN-interface), then to the WAN-interface, back to LAN with the forwarding rules. If this is correct it must be the ISP, right?
It uses NAT loopback so it's mostly the same, but not 100% the same.

Probably the only way to know for sure what's going on is to look at the output of this command:

iptables -S -t nat
 
And there it was. I'm running a VPN client on the port forwarded target machine. If I turn that off, everything is working as expected. Someday I'll learn not to change 10 things at the same time...

Sorry for waisting your time but thanks for the help!
Thanks for the feedback, Sven. Glad it’s fixed. You’re not wasting everybody’s time: we all learn from it, and it helps so that the next time someone has a similar question, the solution may well be arrived at far quicker.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top