What's new

Port forwarding for virtual servers is still not working properly

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

lightpower

New Around Here
I'm using the latest firmware of Merlin on my RT-AC87U and I have serious problems with port forwarding...

Basicly it is working (now fully working, with serious compromises), so I can register port to be forwarded to a device, and after I set it, it is working for a while, but after a few hours I can't reach the host from WAN.

I have read several forums about this error, and I set everything that mentioned in threads:
- Disabled "NAT Acceleration" - although this setting reduced my WAN download speed from 500 Mbit/s to 300 Mbit/s... --> this setting made my devices reachable for a longer period of time, but didn't solved my problem by itself...
- Modified "NAT Loopback" from Asus to Merlin --> On a forum somebody said that this is a solution for this problems... -> To me this doesn't affect on reaching period or something...
- Disabled Firewall -> On another forum I have read that this is a"solution" --> and because I have no other choice I tried it, and it is working - so if I disable firewall and set NAT acceleration to disable, port forwarding works fine...

But this is nonsense... Previously I had a TP-Link router, I had firewall set on it, I was able to reach 500 Mbit/s download speed always and my port forwarded virtual servers were always reachable... (and worked like this for years). I bought this router to enhance the WiFi coverage and my LAN speed - but not at this price...

So my question is, is there any other option to set my virtual servers visible to WAN continously without these compromises?
 
Last edited:
There is no reason for it to not work - a port forward is something very simple in Linux firewalling. The vast majority of users with problems found out the problem was either the way they tested it (they were testing it from inside their network instead of from the outside), the destination machine that had a firewall blocking access, or the ISP equipment (modem double natting, certain ports filtered by the ISP, etc...)

Some ISP have issues with NAT acceleration, but it's a rare case.

The NAT loopback is ONLY for accessing a forward from within your LAN - it's unrelated to access from the WAN.

Do NOT disable the firewall on the router.
 
I don't know if there is reason to not work or there is no, but it's absolutely sure, that it doesn't work well... First of all make it clear, in every case I've tested it I tested it from outside, the destination devices are continously worked before for years with the same ISP without problem, and I don't have any modem or something - but if I would have, the case is the same, the servers that I talking about was actively used before I changed my router...

I didn't have any problem with NAT acceleration except, that if I enable it (I used Auto mode), my servers become unreachable...
I know, NAT loopback is what for, I have read it somewhere, and I tried it, nothing changed, as it is expected

I wouldn't disable the firewall on the router - I didn't do it for fun or something - but I have a project server at my home, and my colleagues in the project couldn't reach the server from their homes - That's why I know when my server(s) reachable from outside or not - but the project is still going on, so I had to do something to make it work, and this was the only way.

The problem that they described - when they wanted to reach the server (http / ftp) they got request timeout. If I restart the router it's working for a while, but a few hours later they got request timeouts again. Sometimes after some tryings they can reach the server, but the connection is very slow and usually after one successful request they got timeouts again... I haven't sensed this problem from LAN of course. But I have tested from mobile net, and I got the same errors...

When I turn HW acceleration off - the time period of working is extending... - If I disable firewall it is working continously without problem. (This wasn't my idea, I have read on a forum that Firewall disabling solved the problem for many people - and they were right - Certainly this is not a solution, because firewall is an important thing, but if i turn it on, the problem returns - so I can decide "which of my finger I bite")

I have changed to Merlin from stock AsusWRT because many people said that Merlin rectify the problem - I have had the same problem with stock firmware.
 
Last edited:
Which firmware version are you actually running - the latest could be dated by the time another user comes along to read the post. Latest could be a alpha/beta/release. When was the last time you did a factory reset and manually setup or used John's nvram save/restore tool? ISP may have changed things as well, lots are cracking down on home users running servers over their network without business accounts. Are you running on non-standard ports for HTTP and FTP if not your servers might be getting targeted by others trying to hack in. Might be better to setup OpenVPN and have you colleagues connect that way?
 
I don't know if there is reason to not work or there is no, but it's absolutely sure, that it doesn't work well... First of all make it clear, in every case I've tested it I tested it from outside, the destination devices are continously worked before for years with the same ISP without problem, and I don't have any modem or something - but if I would have, the case is the same, the servers that I talking about was actively used before I changed my router...

I didn't have any problem with NAT acceleration except, that if I enable it (I used Auto mode), my servers become unreachable...
I know, NAT loopback is what for, I have read it somewhere, and I tried it, nothing changed, as it is expected

I wouldn't disable the firewall on the router - I didn't do it for fun or something - but I have a project server at my home, and my colleagues in the project couldn't reach the server from their homes - That's why I know when my server(s) reachable from outside or not - but the project is still going on, so I had to do something to make it work, and this was the only way.

The problem that they described - when they wanted to reach the server (http / ftp) they got request timeout. If I restart the router it's working for a while, but a few hours later they got request timeouts again. Sometimes after some tryings they can reach the server, but the connection is very slow and usually after one successful request they got timeouts again... I haven't sensed this problem from LAN of course. But I have tested from mobile net, and I got the same errors...

When I turn HW acceleration off - the time period of working is extending... - If I disable firewall it is working continously without problem. (This wasn't my idea, I have read on a forum that Firewall disabling solved the problem for many people - and they were right - Certainly this is not a solution, because firewall is an important thing, but if i turn it on, the problem returns - so I can decide "which of my finger I bite")

I have changed to Merlin from stock AsusWRT because many people said that Merlin rectify the problem - I have had the same problem with stock firmware.

FTP occasionally needs work-arounds when NAT is involved. Make sure your colleagues use passive, not active.
 
Thanks for everyone - I think I have found out what was the problem. Basicly I have done a hard reset based on Zirescu's advice. And I configured step by step the router again. And now it is clear why Firewall disabling solved the problem previously - after the hard reset, and configuration, the port forwarding worked well, but I noticed, that the DoS protection option is disabled - this is the only thing that changed compared to the previous configuration. And it's working - I'll try to reenable the option - but it seems that DoS protection caused the problem --> and when I disabled the firewall, DoS protection also turned off.

answers to the questions:

1) I'm currently using the following firmware: RT-AC87U_380.64_2
When I created this thread I used this: RT-AC87U_380.64_0

2) I don't use common ports (21, 80, 22) for FTP, HTTP and SSH.

3) It would have been a miracle if my ISP after a decade would have changed the policy of virtual servers without any notification exactly when I changed my router to the current one. :D

4) Yes I'm thinking of OpenVPN - maybe I will configure later

I really don't know why the DoS protection cause problem like this - and why just after a few hours after the router is up (maybe the packet count?) - The second mistery, that the NAT acceleration why effect on the problem.

Anyway now It's working. Thanks for the help!
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top