What's new

RT-AC86U will not fwd WAN port 80/443 to LAN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

drivetheory

New Around Here
Model: Asus RT-AC86U
Firmware: Merlin 384.6

For whatever reason the router will not forward WAN port 80 or 443 to an internal IP address.
am not sure what i'm missing, "Enable Web Access from WAN" is set to "No"
the RT-AC86U firewall is set to enabled and all other ports work fine...
ideas?
 
MAke sure you aren't using AiCloud, which would use port 443 by default.

Port 80 might be even trickier to forward since it's used by default for the webui.
 
Double checked this weekend, took screenshots.
ALL special features are turned off, all other ports work fine.

aicloud
ai cloud.PNG
ai protection
ai protection.PNG
firewall
firewall.PNG
ports
ports.PNG


it seems the device will NOT release the ports...
I can't even set port 443 as the HTTPS port for the router itself LAN side even with aicloud disabled.
cloud disk.PNG
 
it seems the device will NOT release the ports...
I can't even set port 443 as the HTTPS port for the router itself LAN side even with aicloud disabled.
I think the message always comes up on that page regardless of whether the port is actually being used. But try the following and see if it helps with your port forwarding:
Code:
nvram set enable_webdav=0
nvram commit
service reboot

Also check what ports are listed on System Log > Port Forwarding just in case some other device has mapped the same ports.
 
I realize this topic has been static for a while, but I have the same problem and the " nvram set enable_webdav=0" command did not work.
I appear to have the same problem as the OP. AiCloud disabled and/or set to a different port.

Any updates?

thanks
 
Sorry, I haven't an answer to fix port forwarding, however glancing over this thread it appears the OP was forwarding ports for an NVR (surveillance system I assume). I understand there are real needs to do it this way, but for the average hobbyist/homeowner wanting to see a package on their doorstep or their kid sleeping in the crib with babysitter watching, please consider the security risks and unknowns with overseas made nvr/cameras (many have known backdoors, and the net is ripe with hacked camera feeds to view).

Alternatively, with an asus router you can setup an open vpn server and access nvr/cams remotely in a very secure way. This method is much safer for average folks... a lot harder to screw things up and end up with your nvr/cameras hacked.
 
Understood
My plan was to use a reverse proxy to access my devices. I am using NGINX listening to 443 (or trying to).
 
What happens if you listen on another port, say 3000 and forward to that (3000 external -> 3000 internal)?
 
I can't open any other port to the router itself (192.168.1.1)
I can open 3000 and point it at one of the RPIs I have on my network.
However if I try to open 443 to the RPI that fails.
 
I can't open any other port to the router itself (192.168.1.1)
I can open 3000 and point it at one of the RPIs I have on my network.
However if I try to open 443 to the RPI that fails.
did you manage to open port 443 and 80 ??
 
You can install NGINX through Entware and setup multiple domain forwardings.
1. Install nginx
2. Set up ports 8080 and 8443 for WebUI
3. Open a domain and set up subdomains like server.mydomain.com, camera3.mydomain.com etc.
4. Setup nginx.conf to redirect your requests like https://server.mydomain.com to your local machine (no matter which local port is used).
This approach allows you to utilize one 443 port for all your servers.
A typical nginx.conf

Code:
server {
  listen 80;
  server_name camera.yourdomain.com;
  return 301 https://camera.yourdomain.com$request_uri;
}

server {
  listen 443 ssl;
  server_name camera.yourdomain.com;
  ssl_certificate /opt/etc/nginx/camera.yourdomain.com/fullchain.cer;
  ssl_certificate_key /opt/etc/nginx/camera.yourdomain.com/camera.yourdomain.com.key;
  location / {
    proxy_set_header Host $host;
    proxy_pass https://192.168.10.153;
    }
}

A similar configuration can be used also to approach WebUI through 80 and 433 ports (redirection from 433 https://myrouter.mydomain.com to 192.168.10.1:8433 - whatever your router's local IP is
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top