RT-AC66U Port Forwarding

[jjb72]

I've been trying to set up port forwarding on the RT-AC66U without much success.

Basically nothing seems to work, I've tried stock firmware and now Merlins, neither seem to work and I'm beginning to wonder if I've just missed something unbelievably simple or the router is duff. I've never had issues with port forwarding on any other router I've ever owned, but this is the first time I've moved past the entry level ones.

I've turned off my firewall on the PC for all testing.

I've factory reset the router (running latest Merlin) and reconnected to the internet through a BT fibre modem. The only devices connected to the network are a phone and the PC.

I've enabled port forwarding under WAN->Virtual Server / Port Forwarding and added Counter Strike(TCP) (this time, I've tried many other ports previously). See image.

I can't get to the port from the outside world.

So I removed the port forward, enabled 'Enable Web Access from WAN', I can see that port fine (8080). So altered the port # to 27030 (same as CS one), can get to that port as well.

I DMZ my PC's IP, the only port I can get to is the 'Web Access' one on the router, no other ports are open.

Tried turning off the routers firewall, still can only access whichever port is set in web access, nothing seems to get past the router into the network.

Any pointers gratefully received!

 

[colecaz]

On your attachment you don't have a destination port specified, so it doesn't know where to send the WAN ports to be forwarded. You have the IP set but not the port.

See if that helps.

 

[RMerlin]

On your attachment you don't have a destination port specified, so it doesn't know where to send the WAN ports to be forwarded. You have the IP set but not the port.

See if that helps.

That's actually the correct way to set it up. He's forwarding a range, so you have to leave the destination field empty. Ports will then be forwarded on a 1:1 basis.

I would make sure that the ISP's modem isn't also running its own router, basically firewalling everything before it reaches your Asus router.

Do not use the DMZ, as it interferes with regular firewall functionality.

 

[colecaz]

Thanks, Merlin. I learned something today.

 

[jjb72]

Thanks for your replies and apologies for the late reply!

I've basically given up, I think the router is duff.

I've got 2 other routers, both of which port forwarding works perfectly ok with the same set up (all tried plugged into the same BT modem, there's no other router on the network), but the Asus just will not forward any port. Tried older firmware, current Asus firmware and Merlins with no joy!

 

[wonderfulme]

Ditto. AC-66U, latest beta firmware (3.0.0.4.378_6117), same exact problem. Port forwarding is not functional.

My setup is ISP (Ethernet connection) -> AC-66U (WAN ETH port) -> 192.168.1.100 (LAN ETH, Desktop). Firewall is disabled on both the router and the desktop. ISP is not blocking any ports.

Any way to make it work?

Thanks.

 

[RMerlin]

Ditto. AC-66U, latest beta firmware (3.0.0.4.378_6117), same exact problem. Port forwarding is not functional.

My setup is ISP (Ethernet connection) -> AC-66U (WAN ETH port) -> 192.168.1.100 (LAN ETH, Desktop). Firewall is disabled on both the router and the desktop. ISP is not blocking any ports.

Any way to make it work?

Thanks.

Hm, you can't forward *EVERY* port from the WAN to a LAN client This is what your config here basically tries to do.

 

[wonderfulme]

Hm, you can't forward *EVERY* port from the WAN to a LAN client This is what your config here basically tries to do.

Yes, I can. I mean in what way am I prohibited from that? Like, zero way.

That's exactly what I'm trying to achieve. And it would've worked with proper port forwarding. Basically, it says forward everything to me.

Nope, the specific ports have zero bearing either.

 

[RMerlin]

Yes, I can. I mean in what way am I prohibited from that? Like, zero way.

That's exactly what I'm trying to achieve. And it would've worked with proper port forwarding. Basically, it says forward everything to me.

Then which port will be left for your router to use for NAT or anything else? Or the webui itself?

 

[wonderfulme]

Then which port will be left for your router to use for NAT or anything else? Or the webui itself?

The idea was for the router to transparently translate all incoming connections to 192.168.1.100.

And it actually works now that I'm sober. What threw me off was that if a given port is actually closed on 192.168.1.100, the connection would time out, rather than be flat out refused, as I expected it to.

C:\Users\wonderfulme>ncat -l 5555
wonderfulme@remote:~$ telnet X.X.X.X 5555
Trying X.X.X.X...
Connected to X.X.X.X.
Escape character is '^]'.
don't drink and drive
C:\Users\wonderfulme>ncat -l 5555
don't drink and drive

Thanks for the input. I guess the lesson here is whatever iptables magic happens behind that web interface of AC66, it confuses the hell out of random drunk people.