Menu
What's new
By:
Filters Better Search

DSL-AX82U HTTP/HTTPS Port Forwarding

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

A

AX82U-user-2k

New Around Here
Hi all,

I have troubles opening port 80/443 on my DSL-AX82U and forward it to a server running on a local machine and I wondered if the router might be blocking this port internally?
I've confirmed with my ISP that these ports are open and that CGNAT has been disabled on my service. I can forward almost any port - with the exception of 25. However, I can't seem to be able to forward port 80/443.

Any idea what I am missing?

port forwarding enabled:

1722825562965.png


Local access ports changed to HTTPS only:

1722825603679.png


I'm running gnuton Asus Merlin version: 3004.388.7_1-gnuton1 at the moment because I thought maybe this firmware has more power than the stock - it wasn't working with the stock firmware neither.



Thank you,
cheers
Phil
 
If you have access to SSH, you can issue the following command to see what if anything is already listening on those ports that may be preventing you from using them yourself.

Code: 
netstat -tupln

I realize that some ASUS GUIs have a similar feature (Network Tools->Netstat), but I prefer the command line because it offers more options and more informative display.
 
Thank you for your answer. Yes, I do have ssh access to the router:

It doesn't look like there is anything listening on port 80 though


Bash: 
netstat -tupln | grep 80
tcp        0      0 0.0.0.0:18017           0.0.0.0:*               LISTEN      1566/wanduck
udp        0      0 0.0.0.0:18018           0.0.0.0:*                           1566/wanduck
udp        0      0 127.0.0.1:38000         0.0.0.0:*                           1592/eapd
udp        0      0 127.0.0.1:58000         0.0.0.0:*                           1592/eapd
udp        0      0 127.0.0.1:58000         0.0.0.0:*                           1592/eapd


or 443
[CODE=bash]netstat -tupln | grep 443
tcp        0      0 127.0.0.1:8443          0.0.0.0:*               LISTEN      1704/httpds
tcp        0      0 192.168.50.1:8443       0.0.0.0:*               LISTEN      1704/httpds
 
One possibility that many ppl overlook is the target machine perhaps having a personal firewall that's preventing the remote access. IOW, the traffic is reaching the target but it's being rejected by the target itself.

If problems persist, I suggest dumping the relevant portions of the firewall so we can see if the port forwarding rules are there, in order, and whether any packets are even reaching the router.

Code: 
iptables -t nat -vnL
iptables -vnL
 
Good point. Unfortunately I don't think it's on the target machine.

This is a clean rasbpian setup with nothing running other than a micro python3 server. I can open other ports, e.g. I can do something like this:

Code: 
sudo python3 -m http.server 21

and open this port on the router.
It's literally just port 80 and 443 which I weirdly can't forward.


Code: 
sudo iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination


Bash: 
sudo iptables -vnL
[...]

Chain ufw-user-input (1 references)
 pkts bytes target     prot opt in     out     source               destination
    3   180 ACCEPT     6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
    0     0 ACCEPT     17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:80
    0     0 ACCEPT     6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
    0     0 ACCEPT     17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:443
    0     0 ACCEPT     6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:22
    1    60 ACCEPT     6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:21
    0     0 ACCEPT     17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:21
    1    60 ACCEPT     6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8080
    0     0 ACCEPT     17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:8080

and ufw

Bash: 
sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
80                         ALLOW       Anywhere
443                        ALLOW       Anywhere
22                         ALLOW       Anywhere
21                         ALLOW       Anywhere
8080                       ALLOW       Anywhere
80 (v6)                    ALLOW       Anywhere (v6)
443 (v6)                   ALLOW       Anywhere (v6)
22 (v6)                    ALLOW       Anywhere (v6)
21 (v6)                    ALLOW       Anywhere (v6)
8080 (v6)                  ALLOW       Anywhere (v6)
 
Sorry, did you mean `iptables -t nat -vnL` on the router right? The above is from the target machine 🙈
 
Last edited:
Update: iptables from the router:

Code: 
iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 1554 packets, 181K bytes)
 pkts bytes target     prot opt in     out     source               destination
  153 14310 GAME_VSERVER  all  --  *      *       0.0.0.0/0            x.hidden.hidden.x
  152 14266 VSERVER    all  --  *      *       0.0.0.0/0            x.hidden.hidden.x

Chain INPUT (policy ACCEPT 675 packets, 73773 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 335 packets, 29548 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 328 packets, 28385 bytes)
 pkts bytes target     prot opt in     out     source               destination
 1144  126K PUPNP      all  --  *      wan0    0.0.0.0/0            0.0.0.0/0
  879  107K MASQUERADE  all  --  *      wan0   !x.hidden.x        0.0.0.0/0
    9  1267 MASQUERADE  all  --  *      br0     192.168.50.0/24      192.168.50.0/24

Chain DNSFILTER (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain GAME_VSERVER (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:2222 to:192.168.50.69:2222
    1    44 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 to:192.168.50.69:2222
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 to:192.168.50.69:2222

Chain LOCALSRV (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain MAPE (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain PCREDIRECT (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain PUPNP (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain VSERVER (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 to:192.168.50.64
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 to:192.168.50.64
    1    60 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:21 to:192.168.50.64
  151 14206 VUPNP      all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain VUPNP (1 references)
 pkts bytes target     prot opt in     out     source               destination


With `iptables -vnL`, are you looking for something specific, it's pretty big.
 
Aah, I found it, thank you for the hint.

I weirdly enough had some `GAME_VSERVER` section in there, which is a special config in the webinterface. I've removed the invalid port forwardings and now it's working 🙈

Thank you.
 
You must log in or register to reply here.

Similar threads

waldo43
Solved Port Forwarding Issue
Replies
6
Views
463
waldo43
waldo43
SA_booley
Port forwarding only works on LAN
Replies
10
Views
645
bennor
B
C
Where to Download GNUton's Asus Merlin For DSL-AC68U
Replies
16
Views
3K
Tech9
Tech9
E
Cannot flash DSL-AX82U with GNUton firmware
Replies
18
Views
1K
Katana1074
Katana1074
P
How would you check or change the router's http or https webinterface port via telnet (only)?
Replies
2
Views
228
powersupply
P
Similar threads
Thread starter Title Forum Replies Date
A Having major difficulties setting up a VLAN ID on DSL-AX82U Asuswrt-Merlin 0
E Cannot flash DSL-AX82U with GNUton firmware Asuswrt-Merlin 18
J How do I use GNUton's fork for my DSL-AX82U please. Asuswrt-Merlin 6
G DSL AX 82 u Asuswrt-Merlin 1
C Where to Download GNUton's Asus Merlin For DSL-AC68U Asuswrt-Merlin 16
C Entware doesn't get mounted after reboot on DSL-AC68U Asuswrt-Merlin 0
P Wired DSL-AC68U as an AiMesh node with GNUTON 386.9 f/ware Asuswrt-Merlin 5
T [GNUTON] RT-AX82U v1 Issue with Wireguard Asuswrt-Merlin 2
M AX82U issues with WAN port going down every day Asuswrt-Merlin 2
GreyHawkz Asus RT-AX82U Stock vs Merlin Advantage? Asuswrt-Merlin 1

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 992 (members: 35, guests: 957)
Top