RT-AC66U Ports Not Forwarding

[teapa]

I have the same issue. I tried everything. I installed Merlin and dd-wrt after I installed the Asus latest firmware. Shut down all the firewalls, etc. I am trying to set up a foscam camera as a baby monitor. Any port open will do...Any ideas? Please help!

 

[RMerlin]

I have the same issue. I tried everything. I installed Merlin and dd-wrt after I installed the Asus latest firmware. Shut down all the firewalls, etc. I am trying to set up a foscam camera as a baby monitor. Any port open will do...Any ideas? Please help!

If you can't get it to work with different firmwares, then either the way you are testing is flawed (you cannot test a port forward unless you actively have a device listening to that port, for instance), or your modem is configured in router rather than bridged mode, which means it blocks all inbound connections before they can even reach your router. You will have to check with your ISP if the modem can be bridged.

 

[jimnall]

asus 66u router port forwarding

Port Forwarding, WAN and Port Forwarding tab, absolutely does work if you leave the local port field blank. I can't understand why the manual for the router doesn't clearly state this.
Maybe there are more wrinkles if your port forwarding is more complex than my simple VNC and Broadwave applications require.
Thanks again. Jim Nall

 

[lodester]

@teapa , if you factory reset your device you'll be able to port forward.... for a while. This has been a problem with this router since the first day it shipped. There is no setting or combination of settings that fixes it once your RT-AC66U decides to no longer forward traffic, period. ASUS is completely unhelpful and only backs out of support by implying the user doesn't know what they're doing.
It's so bad that I've actually considered talking to my attorney about the feasibility of a class-action lawsuit because the issue is always resolve-able by doing a factory reset, but the difficult part is the only way I know how to reproduce the problem is to wait. This still occurs on the latest build (3.0.0.4.376_3861).
It's a real shame because otherwise it's a great router. However, a router that can't port forward is no router at all, it's a piece of sh*t. I'll be replacing this and won't be buying ASUS networking equipment ever again for the sole reason that their support is dismissive and unhelpful.

 

[lodester]

I can assure you that port forwarding is working fine on the router, it is a configuration issue on your end.

You haven't been working with retail electronics very long. It's entirely possible your router doesn't have this flaw but you are absolutely wrong. I know you think you know how every RT-AC66U works down to the wire, but your statement is plain wrong. I've got one right here that routinely quits routing traffic with ZERO modifications. The only way to recover is to factory reset, reconfigure, and wait for it to die again. Three times now in the last year, and this time I'm just done with it. ASUS is usually good technology, but it's all pacific-rim electronic consumer hell. I'm just pissed off that ASUS could care less, and like you, they just assume that I don't know what I'm doing or saying and I've been working in this industry for 20 years. So you and ASUS can take your holier-than-thou proclamations and shove it where the sun don't shine.

 

[lodester]

absolutely does work if you leave the local port field blank.

First of all, that's not how Port Forwarding works. You're allowed to say WAN port 3333 go to IP address xxxxx , port 21. What you're configuring is implicit 1:1 port mapping, which is valid, but it's not "how to forward ports" it's one way to forward ports on a 1:1 basis.

Second, what you really meant to say is "absolutely does work on my router" , I will gladly trade you my AC66U for yours. PM me. Totally serious.

 

[RMerlin]

You haven't been working with retail electronics very long. It's entirely possible your router doesn't have this flaw but you are absolutely wrong. I know you think you know how every RT-AC66U works down to the wire, but your statement is plain wrong. I've got one right here that routinely quits routing traffic with ZERO modifications. The only way to recover is to factory reset, reconfigure, and wait for it to die again. Three times now in the last year, and this time I'm just done with it. ASUS is usually good technology, but it's all pacific-rim electronic consumer hell. I'm just pissed off that ASUS could care less, and like you, they just assume that I don't know what I'm doing or saying and I've been working in this industry for 20 years. So you and ASUS can take your holier-than-thou proclamations and shove it where the sun don't shine.

I'm not saying your router does not have a problem. I'm saying that the port forwarding functionality itself is working fine - it's a very simple entry in the kernel's iptables, there's very little that could go wrong with that specific part of the code. What I'm saying is that something else is causing your issue, especially if you need a factory default reset to regain it.

I'm not the only one out there using port forwards on the router.

I've been dealing with routers for about 15 years now, back before wifi even appeared.

 

[RMerlin]

This still occurs on the latest build (3.0.0.4.376_3861).

BTW, that's not the latest build. 378_4850 beta has been available for a few weeks now, it's worth giving it a try to see if it resolves your issue, in case it would be a bug related to CTF. In fact, CTF would be the most likely cause of issues there, unless it's something else external to the router causing the problem. Try disabling NAT acceleration under LAN -> Switch Control.

 

[john9527]

@lodester - Can you check your nvram usage on the Tools-Sysinfo tab? For some reason, if you are running out of nvram space, port forwards seem to be the first thing to go.

 

[lodester]

@RMerlin , thanks for your reply. CTF was disabled, so that's no help but a good thought. I did apply the 4850 update and cold restarted the router afterwards - no help there either, unfortunately.
@john9527 , thank you as well. I think you may be referring to a UI element in a custom ROM for the router, because I do not know where to check nvram space in the native router firmware.

I would really love it if someone here surprised me and figured out my problem. I'll even load a custom rom if you'd think that would help

 

[john9527]

because I do not know where to check nvram space in the native router firmware.

I thought that page was in the OEM firmware, but could be mistaken. Another way is to telnet/ssh to the router and enter

nvram show | grep aaaaa (where aaaaa is any nonsense string)

You'll get a response back like...
size: 53649 bytes (11887 left)

 

[lodester]

Ah, i probably could have figured that out for myself, anyway, doesn't look like nvram is exhausted:

size: 43242 bytes (22294 left)

 

[john9527]

Don't give up yet.....if your environment is such that a lot of different clients connect, it can substantially grow over time (the router remembers and adds data for every client that has connected). I'd keep an eye on it periodically just to make sure.

 

[RMerlin]

@RMerlin , thanks for your reply. CTF was disabled, so that's no help but a good thought. I did apply the 4850 update and cold restarted the router afterwards - no help there either, unfortunately.
@john9527 , thank you as well. I think you may be referring to a UI element in a custom ROM for the router, because I do not know where to check nvram space in the native router firmware.

I would really love it if someone here surprised me and figured out my problem. I'll even load a custom rom if you'd think that would help

How are you testing the port forward? If it's within your LAN, Asus's NAT loopback has a history of randomly breaking down now and then under various situations.

Monitor the number of packets hitting your port forward rule while testing it:

iptables -t nat -L VSERVER -v

If the packet count does increase on the forward rule you are testing, check on your server's end.

 

[lodester]

@john9527 , this is for a very flat SOHO environment, few active clients, about a dozen or so servers that don't typically move a lot of data

@RMerlin ,
Thanks for that, I didn't do any testing this go-around because I've seen this twice before and just sort of wrote it off, but I believe iptables was how I looked at this before. As for my access method I set up both a web service on 4040 and an ftp server on 7777 *pasv 29500-29600.
I verify these services are responding properly on the LAN, I test from my phone (4G) and a remote server far across the internet that I know is unrestricted.

Neither rule changes packet count (zero) when I look at iptables after testing.
The return status code for the web service is 502 which is active rejection of the request, so routing is fine but nothing is answering on 4040.

 

[RMerlin]

@john9527 , this is for a very flat SOHO environment, few active clients, about a dozen or so servers that don't typically move a lot of data

@RMerlin ,
Thanks for that, I didn't do any testing this go-around because I've seen this twice before and just sort of wrote it off, but I believe iptables was how I looked at this before. As for my access method I set up both a web service on 4040 and an ftp server on 7777 *pasv 29500-29600.
I verify these services are responding properly on the LAN, I test from my phone (4G) and a remote server far across the internet that I know is unrestricted.

Neither rule changes packet count (zero) when I look at iptables after testing.
The return status code for the web service is 502 which is active rejection of the request, so routing is fine but nothing is answering on 4040.

When you get the chance, test while monitoring iptables. If the traffic count increases, I would suspect that a firewall/IPS/access rule on the server is blocking connections. I've seen a few users in the past whose problem was caused by the firewall running on their server - they reject the connection because the source IP is not a LAN IP. It might be blacklisting IPs after a certain number of attempts, which would explain why it stops working only after a certain period of time.

EDIT: if the iptables counter does not increase, then it means the packet is probably being blocked somewhere upstream.

For FTP, make sure you specify the port range in the start:end format (i.e. 29500:29600).

 

[lodester]

As I said, perhaps poorly, the packet count does not increase. Also yes, I did use the correct syntax for the FTP server. These services were working, this has all happened before.
These ports are not being blocked, I promise you the moment I hardware-reset the router and put the exact same rules back in, it will start working again. I'm in the process of verifying the settings on my backup router so I can put it in place and do just that.
So i get port forwarding isn't click-click-stupid easy like everyone wants, but it's not exactly rocket science even in the retail hell these devices come from; this is pretty bread and butter stuff and it's very poorly supported on this router and it has been a regular disappointment. Maybe mine is a fringe case, but there is no shortage of folks out there complaining about the hit-and-miss nature of this feature on this router.

I don't want to make this network needlessly complicated but I think the real answer is to get a proper device for this task and put a firewall appliance in front of this, and demote the AC66U to a simple wifi AP and maybe DHCP server. Pity to lose all that functionality, but I'm tired of this piece of crap ruining a coupe of my days every year when I have to factory reset it. This shirt is inexcusable in this day and age, especially at this price.

 

[lodester]

Turns out I have a USG20 still sitting around as I was going to return because it's a bit on the small side, but it works great. Got it configured and I can access my services now after the first attempt at setting up the forwarding rules. I'm just going to throw the AC66U in to AP mode and be done with it. Much more robust tools in the Zyxel box anyway, if a little overbuilt for my needs (better too much than too little!)

Thanks for the help all the same, guys. Cheers

 

[Ezra]

I signed up only for a problem I am currently having with port forwarding and stumbled upon this thread.
I am on firmware 3.0.0.4.378.6065 and using ASUS RT-AC87U.
The application I am using is HFS (http://www.rejetto.com/hfs/). I use it for sharing files with friends to upload and download off my machine and only activate it when needed.
I have done port forwarding with a range like 59642:59650, selected my machine's IP and entered the local IP, protocol TCP.
I launched the HFS app and can successfully access it via local LAN via localhost:54962, <LocalIP>:54962 and from another machine locally as well. But am unable to access it via internet.
I have read this thread but am wondering if there is solution to this. I was using different routers before and had no issues with port forwarding. In the thread there are things we can try like the following but am lost as to where to enter them:
iptables -t nat -L VSERVER -v

I am not a network techie but work with desktops and administer some servers on a surface level. But I am not familiar with the above command and it does not seem to work on my Windows 7 Pro. laptop.

I have also done the LAN > Switch Control> NAT Acceleration > Disable
But that does not seem to help either.

Would there be a firmware fix coming out soon or could someone guide me further, please?

Thank you.

 

[Jaguar]

Update: It turned out to be a configuration issue with AT&T u-verse gateway. As soon as I allowed for IP passthrough to my router, port forwarding starting working as expected. Sorry for the false alarm...

I started having the exact same issue recently. I even tried upgrading to the latest stable firmware, but the problem persists. Port forwarding has completely stopped and I just can't get it to work. I am going to try deleting all the entries, backing up the config file and factory reset the router. I hope this will fix the issue.