I Think I Found a Bug with Port Forwarding on AC66U

[pcfr33k]

You cannot use the same port twice even if you assign it to another IP? That makes no sense unless I can assign more than 1 IP somehow to that same port? For Example my XBOX and Net Extender both need Port 53 open. I can only enter that for one or the other even though both devices have different IP addresses.

I know I was able to do this on my Buffalo Router with DD-WRT.

Any suggestions on a workaround? I am on the Firmware version 1 below the latest version. I had a problem flashing the latest version. That could be because I flashed the latest stock Asus Firmware first, but that was a beta firmware so I have to assume that is why I had a failure flashing the latest Merlin's. Latest stable not beta. I did try to flash it within the routers admin Firmware upgrade though.

 

[TerminX]

You're a little bit confused on how this works. Port 53 is DNS and that port needs to be open in an outbound direction, not inbound--you have no need to forward incoming requests on port 53 to any device.

 

[pcfr33k]

You're a little bit confused on how this works. Port 53 is DNS and that port needs to be open in an outbound direction, not inbound--you have no need to forward incoming requests on port 53 to any device.

Its not just 53 it is also 4500, 500, 52428, 88,3074,80 and 3544. So which ones are DNS and how do I set them outbound? I tried this port 52428 and I can only set it once to one IP, I cannot set it again to a different IP? My sons XBOX is working fine with all those ports I have set in Port Forwarding. This is how I have done it in the past. So I have been doing it wrong?

Thanks

EDITED:

So it looks like I need to enter in the 53 both in Port range and local port. Is that what you meant by outbound?

 

[ColinTaylor]

There are no restrictions on any outgoing ports.

</RANT ON>As a general side note, I find it quite aggravating that a site like portforward.com is still spreading misinformation after all these years. I would have thought that a site that's only purpose is to list port forwarding requirements doesn't appear to know the difference between incoming and outgoing traffic. </RANT OFF>

 

[RMerlin]

There are no restrictions on any outgoing ports.

</RANT ON>As a general side note, I find it quite aggravating that a site like portforward.com is still spreading misinformation after all these years. I would have thought that a site that's only purpose is to list port forwarding requirements doesn't appear to know the difference between incoming and outgoing traffic. </RANT OFF>

I've done my fair amount of rants myself on this complete non-sense that they are still spreading, to no result, so I just gave up.

Forwarded does not equal Open. That very simple concept still eludes all those so-called experts who keep confusing less technical users.

And another pet peeve of mine: you cannot forward one port to two different IPs. Technically it makes zero sense. If a router allows this, then their web interface is simply broken, since only the FIRST rule will even work.

 

[pcfr33k]

I've done my fair amount of rants myself on this complete non-sense that they are still spreading, to no result, so I just gave up.

Forwarded does not equal Open. That very simple concept still eludes all those so-called experts who keep confusing less technical users.

And another pet peeve of mine: you cannot forward one port to two different IPs. Technically it makes zero sense. If a router allows this, then their web interface is simply broken, since only the FIRST rule will even work.

So if XBOX needs port 4500 and my Samsung Net Extender needs port 4500 how does one set this up when each device has a different ip unless I setup a port range then I can get around it. For example 4500:4501 for the Xbox and 4500:4502 for the Samsung Net Extender.

 

[ColinTaylor]

http://www.verizonwireless.com/support/network-extender-faqs/

Do specific ports need to be enabled on my router or firewall for the Network Extender to work?

No, the Network Extender uses standard IPSec ESP VPN ports to make its connection through the Internet. It shouldn't require any special port configuration.

In those rare instances in which the Network Extender can't connect to the Verizon Wireless network, you may need to open ports 500, 4500, 53 and 52428. Contact your ISP, Network Administrator or switch/router/firewall manufacturer for detailed instructions on how to open ports on your equipment.

 

[pcfr33k]

Thanks for the link. I actually do not need to open any of the ports just enable IPSec and all is good. I have another thread on this as to what happened when I enabled IPSec. I had to switch DNS providers because the one I had would not work with VPN enabled and IPSec enabled. The DNS would not resolve or I could not connect at all to the Internet with VPN or connect through my DHCP no VPN.

So how would one use the same port for two different ips? If each needed the same port to be open?

 

[ColinTaylor]

So how would one use the same port for two different ips? If each needed the same port to be open?

As RMerlin stated earlier, that is impossible. Incoming traffic on a specific port can only go to one destination.

This is not a problem for outgoing traffic because the firewall masquerades the IP address and port.

What you want to do is forget about port forwarding and just make sure that UPnP is enabled on the router (WAN > Internet Connection > Basic Config). UPnP is designed precisely for your situation. It allows clients to dynamically create and delete port forwarding rules as and when it needs them.

 

[pcfr33k]

Thanks will do that instead

 

[scyto]

So if XBOX needs port 4500 and my Samsung Net Extender needs port 4500 how does one set this up when each device has a different ip unless I setup a port range then I can get around it. For example 4500:4501 for the Xbox and 4500:4502 for the Samsung Net Extender.

All 65000 UDP ports and TCP ports are open outbound by default on all routers, you do not need to set anything up unless you in some way blocked these ports by choice. How it works is that your xbox opens the connection outbound (think of it making a pipe) one this connection outbound is open (pipe) the traffic (water) can flow in both directions just fine - they key distinction is the pipe is only created between the device inside your network and the device outside the network you contact. This is how web traffic gets to your browser - same thing.

When we talk about a port mapping we are saying that an EXTERNAL device is allowed to create a 'pipe' inbound that an internal device will reply to. In general if one doesn't understand these things this could be a very bad thing as now any device anywhere on the internet can make an inbound pipe inside your firewall without your permission.

Bottom line, you don't need to make any [inbound] port mappings expect for very special explicit reason - and certainly not for things like skype, xbox, http, https etc traffic, - hope that helps?

--edit--
uPnP will do what you need exactly as Colin said.

 

[pcfr33k]

Thanks again I understand now.