RT-AC86U will not fwd WAN port 80/443 to LAN

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

drivetheory

New Around Here
Model: Asus RT-AC86U
Firmware: Merlin 384.6

For whatever reason the router will not forward WAN port 80 or 443 to an internal IP address.
am not sure what i'm missing, "Enable Web Access from WAN" is set to "No"
the RT-AC86U firewall is set to enabled and all other ports work fine...
ideas?
 

RMerlin

Asuswrt-Merlin dev
MAke sure you aren't using AiCloud, which would use port 443 by default.

Port 80 might be even trickier to forward since it's used by default for the webui.
 

drivetheory

New Around Here
Double checked this weekend, took screenshots.
ALL special features are turned off, all other ports work fine.

aicloud
ai cloud.PNG
ai protection
ai protection.PNG
firewall
firewall.PNG
ports
ports.PNG


it seems the device will NOT release the ports...
I can't even set port 443 as the HTTPS port for the router itself LAN side even with aicloud disabled.
cloud disk.PNG
 

EventPhotoMan

Very Senior Member

ColinTaylor

Part of the Furniture
why is the local port blank?
You only need to enter a value there if you want to remap the port number to something different, like you have done in your first rule. Otherwise it can be left empty.
 

ColinTaylor

Part of the Furniture
it seems the device will NOT release the ports...
I can't even set port 443 as the HTTPS port for the router itself LAN side even with aicloud disabled.
I think the message always comes up on that page regardless of whether the port is actually being used. But try the following and see if it helps with your port forwarding:
Code:
nvram set enable_webdav=0
nvram commit
service reboot

Also check what ports are listed on System Log > Port Forwarding just in case some other device has mapped the same ports.
 

PHi

New Around Here
I realize this topic has been static for a while, but I have the same problem and the " nvram set enable_webdav=0" command did not work.
I appear to have the same problem as the OP. AiCloud disabled and/or set to a different port.

Any updates?

thanks
 

truglodite

Regular Contributor
Sorry, I haven't an answer to fix port forwarding, however glancing over this thread it appears the OP was forwarding ports for an NVR (surveillance system I assume). I understand there are real needs to do it this way, but for the average hobbyist/homeowner wanting to see a package on their doorstep or their kid sleeping in the crib with babysitter watching, please consider the security risks and unknowns with overseas made nvr/cameras (many have known backdoors, and the net is ripe with hacked camera feeds to view).

Alternatively, with an asus router you can setup an open vpn server and access nvr/cams remotely in a very secure way. This method is much safer for average folks... a lot harder to screw things up and end up with your nvr/cameras hacked.
 

PHi

New Around Here
Understood
My plan was to use a reverse proxy to access my devices. I am using NGINX listening to 443 (or trying to).
 

ColinTaylor

Part of the Furniture
What happens if you listen on another port, say 3000 and forward to that (3000 external -> 3000 internal)?
 

PHi

New Around Here
I can't open any other port to the router itself (192.168.1.1)
I can open 3000 and point it at one of the RPIs I have on my network.
However if I try to open 443 to the RPI that fails.
 

zy_zhao

Occasional Visitor
I can't open any other port to the router itself (192.168.1.1)
I can open 3000 and point it at one of the RPIs I have on my network.
However if I try to open 443 to the RPI that fails.
did you manage to open port 443 and 80 ??
 

Simulacra

Occasional Visitor
You can install NGINX through Entware and setup multiple domain forwardings.
1. Install nginx
2. Set up ports 8080 and 8443 for WebUI
3. Open a domain and set up subdomains like server.mydomain.com, camera3.mydomain.com etc.
4. Setup nginx.conf to redirect your requests like https://server.mydomain.com to your local machine (no matter which local port is used).
This approach allows you to utilize one 443 port for all your servers.
A typical nginx.conf

Code:
server {
  listen 80;
  server_name camera.yourdomain.com;
  return 301 https://camera.yourdomain.com$request_uri;
}

server {
  listen 443 ssl;
  server_name camera.yourdomain.com;
  ssl_certificate /opt/etc/nginx/camera.yourdomain.com/fullchain.cer;
  ssl_certificate_key /opt/etc/nginx/camera.yourdomain.com/camera.yourdomain.com.key;
  location / {
    proxy_set_header Host $host;
    proxy_pass https://192.168.10.153;
    }
}

A similar configuration can be used also to approach WebUI through 80 and 433 ports (redirection from 433 https://myrouter.mydomain.com to 192.168.10.1:8433 - whatever your router's local IP is
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top