RT-AC68U Port Forwarding Problem

[Nadonate]

Hello,
First time Poster here hoping to get some help. First my current specs:

• Router AC1900 [RT-AC68U]
• Firmware Asuswrt-Merlin 380.66_6
• CFE 1.0.2.1 (Asus)

I managed to get the asus CFE and custom firmware on the device by following the excellent guide here.
I had an issue moving from tmobile firmware to Merlin after initial CFE update, this was resolved by flashing to Tomato > Merlin.

Since I have moved to Merlin I haven't been able to successfully forward ports.

Here are some screenshots of the relevant settings:

WAN

DHCP

Port Forwarding

Firewall

Results

Here are the troubleshooting steps I have tried:

1. Update Merlin firmware 380.XX > 380.66_6
2. Update CFE 1.0.2.0 > 1.0.2.1
3. Clear NVRAM, from SSH & manually
4. Enable DMZ, no change
5. Disable NAT Acceleration
6. Disable/enable UPNP
7. Restore default settings +reconfigure
8. Try different router IP addresses & DHCP ranges
9. Change NAT loopback, Merlin/ASUS

I'm kind of at the end of my rope, most of these troubleshooting steps were google recommendations. I had read on the ASUS forums this was an issue with early firmware on this unit. I did have port forwarding working on stock tmobile firmware and Tomato, so I assumed it was an issue with Merlin firmware.

Thanks for your help!

 

[ColinTaylor]

I can't see anything obviously wrong with your settings. You will of course actually have to have something (Plex?) actively listening on that port at 192.168.1.24 and a hole through that machine's firewall (if it has one).

Side note: Your LAN DHCP settings are pushing out Google's DNS servers in preference to the router's. There's nothing wrong with that but just be aware that you will not be able to use DNS to resolve your LAN client names (because Google's DNS servers have no way of knowing them). Just saying.

 

[Nadonate]

Yes, its a PLEX server on freenas. No firewall.

Thanks for the DNS tip, I must have been thinking I was on the WAN tab

thanks for the quick response...

 

[ColinTaylor]

Well I've just tried that same rule to forward to my Plex server (running on Centos) and it works fine. I am running a different firmware version to you though.

Can you see the forwards in System Log > Port Forwarding?

 

[Nadonate]

This is what I have in the port forwarding log:

Would there be any indications of a problem in the general log? I don't know what is normally reported:

Jul 13 18:49:04 rc_service: udhcpc 5162:notify_rc start_firewall
Jul 13 18:49:04 dhcp client: bound 107.181.192.158 via 107.181.192.1 during 7200 seconds.
Jul 13 18:49:05 start_nat_rules: apply the nat_rules(/tmp/nat_rules_eth0_eth0)!
Jul 13 18:50:09 rc_service: httpd 5169:notify_rc restart_firewall
Jul 13 18:50:09 start_nat_rules: apply the nat_rules(/tmp/nat_rules_eth0_eth0)!
Jul 13 18:50:15 dnsmasq-dhcp[5153]: DHCPDISCOVER(br0) f0:27:65:e0:27:b3
Jul 13 18:50:15 dnsmasq-dhcp[5153]: DHCPOFFER(br0) 192.168.1.29 f0:27:65:e0:27:b3
Jul 13 18:50:15 dnsmasq-dhcp[5153]: DHCPREQUEST(br0) 192.168.1.29 f0:27:65:e0:27:b3
Jul 13 18:50:15 dnsmasq-dhcp[5153]: DHCPACK(br0) 192.168.1.29 f0:27:65:e0:27:b3 android-a4bf8039d677b29f
Jul 13 19:29:15 dnsmasq-dhcp[5153]: DHCPREQUEST(br0) 192.168.1.110 88:88:88:88:87:88
Jul 13 19:29:15 dnsmasq-dhcp[5153]: DHCPACK(br0) 192.168.1.110 88:88:88:88:87:88 GameBox
Jul 13 19:40:05 rc_service: httpd 5169:notify_rc restart_firewall
Jul 13 19:40:05 start_nat_rules: apply the nat_rules(/tmp/nat_rules_eth0_eth0)!
Jul 13 19:40:32 rc_service: httpd 5169:notify_rc restart_firewall
Jul 13 19:40:33 start_nat_rules: apply the nat_rules(/tmp/nat_rules_eth0_eth0)!

 

[ColinTaylor]

The ports are forwarding to 192.168.1.2? Your earlier screen shot shows the rules forwarding to 192.168.1.24?

I'm assuming your freenas box has a fixed IP address?

The syslog won't show you anything useful about port forwarding.

 

[Nadonate]

The ports are forwarding to 192.168.1.2? Your earlier screen shot shows the rules forwarding to 192.168.1.24?

I'm assuming your freenas box has a fixed IP address?

The syslog won't show you anything useful about port forwarding.

Sorry for the confusion, I have been troubleshooting and changed the IP. The NAS is 192.168.1.11 & plex is 192.168.1.2 - both static


The rules now also reflect my change

 

[ColinTaylor]

Then everything on the router looks correct. I would start suspecting the Plex server. Any updates to that recently?

How about issuing the following on the Plex server just to confirm that is listening on all interfaces:

# netstat -ln | grep 32400
tcp        0      0 0.0.0.0:32400               0.0.0.0:*                   LISTEN

# lsof | grep 32400
Plex      4134      plex   56u     IPv4              21148      0t0        TCP *:32400 (LISTEN)

 

[Nadonate]

hmm, where would I issue this command? Is there a terminal I can access from the web UI? I can SSH into the plugin directory where Plex is located. Freenas uses a plugin system where plex is in an isolated enviroment (jail)

 

[Nadonate]

hmm, where would I issue this command? Is there a terminal I can access from the web UI? I can SSH into the plugin directory where Plex is located. Freenas uses a plugin system where plex is in an isolated enviroment (jail)

I could try another app... I have filezilla...

 

[ColinTaylor]

Sorry, no idea. I was assuming you had installed it on a Linux server. I don't know anything about Freenas.

 

[sfx2000]

First time Poster here hoping to get some help. First my current specs:

• Router AC1900 [RT-AC68U]
• Firmware Asuswrt-Merlin 380.66_6
• CFE 1.0.2.1 (Asus)

I managed to get the asus CFE and custom firmware on the device by following the excellent guide here.
I had an issue moving from tmobile firmware to Merlin after initial CFE update, this was resolved by flashing to Tomato > Merlin.

AsusWRT is a bit odd with hairpins on local servers and port forwards - it's good for security, but it can lead to some confusion when trying access services on the LAN side vs. the WAN side.

For local servers, don't use the public facing IP, use the local one...

 

[Nadonate]

AsusWRT is a bit odd with hairpins on local servers and port forwards - it's good for security, but it can lead to some confusion when trying access services on the LAN side vs. the WAN side.

For local servers, don't use the public facing IP, use the local one...

Thanks for the suggestion. You think it might be a NAT issue?
Is NAT acceleration something I should have enabled?

I can access the server fine from the LAN side. The problem is WAN.

The plex service should work fine with UPnP, if not it needs a port opened to serve content beyond my network.

I've used TCP Listen to troubleshoot several ports on this machine... no luck

 

[RMerlin]

Make sure the firewall on your Plex server allows connections from IPs outside your LAN.

Also, check your WAN IP to make sure it's public, and not behind another NATted router.

 

[Nadonate]

Make sure the firewall on your Plex server allows connections from IPs outside your LAN.

Also, check your WAN IP to make sure it's public, and not behind another NATted router.

the plex server is a plugin on my NAS, no firewall there.

Here are my hops:

 

[Nadonate]

Make sure the firewall on your Plex server allows connections from IPs outside your LAN.

Also, check your WAN IP to make sure it's public, and not behind another NATted router.

I really like Merlin BTW! Great feature set & fast!

It would be a bummer to go back to ASUS or Tomato

 

[Nadonate]

Ok, I have been doing some testing.

I flashed ASUS official 3.0.0.4.380_7743. After NVRAM clear and default settings I set my port forward rules, than tested:

My router decides it doesn't like my rule, but will allow WAN access to my server on UPnP port 28317:

Which works................................................until it decides not to work :

So, UPnP seems to open ports as needed, but its super flaky & temperamental. It will work for a few seconds that stop & manual port forwarding just doesn't work.

I am going to keep testing... thanks for everyone's help so far! Any additional suggestions are appreciated!

 

[Yaglur]

sorry to bump this up, but did you ever figure this out?

I seem to be having the same issue.

 

[ciss]

same here! I cant for the life of me to forward some ports for my nas (https, docker images, etc).
UPnP is also unreliable (works and then wont), so I disabled that completely.
Is this a known bug with these routers? I've been using ac56u for few years without problems, now on my shiny ac86u I get forwarding issues all the time.

Waiting for the next version I guess.. sigh

LE: I solved the issues. Apparently, my isp ran out of ivp4 ips and I appeared as double natted.
So, I logged out of the router interface, went and powered off the router phisically, waited 5 minutes and voila! Got back to single NAT! Hope this helps.

 

[Peter Andersson]

Cant get it working either