[RT-N16] Port Forward wont work (3.0.0.4.374.33)

[NickDP]

Hello

Yesterday my portforward stopped working, for some strange reason.

Today i've tried "anything", to get it back to work, re-flashing, erasing nvram etc etc.

But nothing seems to be working, so i realy hope some of you great minds can help me out here.

Im not sure what kind of info i would need to give you but here is the log file, when i try to open a port this is what i get:

My system log when i try to open a port: View attachment log.txt

and under the port it says:

Destination     Proto. Port range  Redirect to     Local port
ALL             TCP    20          192.168.1.120   21         
ALL             TCP    21          192.168.1.120   21         
ALL             TCP    2021        192.168.1.1     21

The firmware is Asuswrt-Merlin (3.0.0.4.374.33)
The router is a Asus RT-N16

Hope you can help me out here :/

Best regards
Nick

 

[RMerlin]

The most likely cause for port forwarding to stop working overnight if you didn't change anything is that your DDNS isn't properly updating, so your DNS entry is no longer resolving to the correct IP.

 

[NickDP]

The most likely cause for port forwarding to stop working overnight if you didn't change anything is that your DDNS isn't properly updating, so your DNS entry is no longer resolving to the correct IP.

The ip is correct im afraid, and works inside "lan"

 

[NickDP]

iptables --table nat --list -v -n

Give out the following:

Chain PREROUTING (policy ACCEPT 1477 packets, 94670 bytes)
pkts bytes target prot opt in out source destination
0 0 VSERVER all -- * * 0.0.0.0/0 100.81.226.216

Chain POSTROUTING (policy ACCEPT 150 packets, 9739 bytes)
pkts bytes target prot opt in out source destination
555 40651 MASQUERADE all -- * eth0 !100.81.226.216 0.0.0.0/0
0 0 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0xd001

Chain OUTPUT (policy ACCEPT 150 packets, 9739 bytes)
pkts bytes target prot opt in out source destination

Chain LOCALSRV (0 references)
pkts bytes target prot opt in out source destination

Chain VSERVER (1 references)
pkts bytes target prot opt in out source destination
0 0 VUPNP all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 to:192.168.1.120:21
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 to:192.168.1.120:21
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2021 to:192.168.1.1:21

Chain VUPNP (1 references)
pkts bytes target prot opt in out source destination

Chain YADNS (0 references)
pkts bytes target prot opt in out source destination

Im not sure if its usefull or not :/, i cant see anything wrong

 

[RMerlin]

What are you trying to forward, and to what? How are you testing it?

 

[NickDP]

What are you trying to forward, and to what? How are you testing it?

Right now im trying to forward port 21, to my server(192.168.1.120), and im testing it with http://www.yougetsignal.com/tools/open-ports/ and i have a friend who tries to log on from the outside.

 

[RMerlin]

Right now im trying to forward port 21, to my server(192.168.1.120), and im testing it with http://www.yougetsignal.com/tools/open-ports/ and i have a friend who tries to log on from the outside.

Try using a different port such as 2222 just to make sure it's not that port 21 is blocked by something else. Also check on the FTP server that its firewall isn't blocking accesses.

 

[NickDP]

Try using a different port such as 2222 just to make sure it's not that port 21 is blocked by something else. Also check on the FTP server that its firewall isn't blocking accesses.

I tried 2021, same thing, and everything is disabled on the server :/

 

[RMerlin]

I tried 2021, same thing, and everything is disabled on the server :/

Try something really different like the port I suggested. 2021 is the default port Asus uses to forward to its own internal FTP server.

 

[NickDP]

Try something really different like the port I suggested. 2021 is the default port Asus uses to forward to its own internal FTP server.

Tried 2222, same thing :/

 

[RMerlin]

Since your DNAT entries do show and it stopped working overnight, then something must have been changed at some point, either in your environment, or in your modem's configuration. I would take a closer look at the modem itself, in case your ISP remotely pushed configuration changes to it.

I assume you already ensured that your dyndns IP was really your public IP and not an internal one?

 

[ebalsumgo]

I am actually having a similar problem. My port forwards work... kinda. Most, actually all but 2, forwarding works, however, anything that involves 5900 and 5901 seems to end up in the void.
This is what my VSERVER chain looks like:
Chain VSERVER (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 to:192.168.1.1:80
5 320 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8443 to:192.168.1.1:8443
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5000 to:192.168.1.11:5000
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5000 to:192.168.1.11:5000
2049 131K DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5001 to:192.168.1.11:5001
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5001 to:192.168.1.11:5001
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1337 to:192.168.1.11:1337
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1337 to:192.168.1.11:1337
3 184 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:32400 to:192.168.1.11:32400
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:32400 to:192.168.1.11:32400
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8081 to:192.168.1.11:8081
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:8081 to:192.168.1.11:8081
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8082 to:192.168.1.11:80
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:8082 to:192.168.1.11:80
1 64 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:224 to:192.168.1.11:22
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:224 to:192.168.1.11:22
840 48876 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:51413 to:192.168.1.11:51413
64 4142 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:51413 to:192.168.1.11:51413
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:51414 to:192.168.1.11:51414
13 720 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5900 to:192.168.1.4:5900
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5900 to:192.168.1.4:5900
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:222 to:192.168.1.4:22
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:222 to:192.168.1.4:22
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:51412 to:192.168.1.4:51412
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:51412 to:192.168.1.4:51412
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:223 to:192.168.1.6:22
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:223 to:192.168.1.6:22
1 64 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5901 to:192.168.1.6:5900
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5901 to:192.168.1.6:5900

 

[RMerlin]

I am actually having a similar problem. My port forwards work... kinda. Most, actually all but 2, forwarding works, however, anything that involves 5900 and 5901 seems to end up in the void.
This is what my VSERVER chain looks like:
Chain VSERVER (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 to:192.168.1.1:80
5 320 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8443 to:192.168.1.1:8443
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5000 to:192.168.1.11:5000
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5000 to:192.168.1.11:5000
2049 131K DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5001 to:192.168.1.11:5001
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5001 to:192.168.1.11:5001
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1337 to:192.168.1.11:1337
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1337 to:192.168.1.11:1337
3 184 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:32400 to:192.168.1.11:32400
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:32400 to:192.168.1.11:32400
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8081 to:192.168.1.11:8081
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:8081 to:192.168.1.11:8081
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8082 to:192.168.1.11:80
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:8082 to:192.168.1.11:80
1 64 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:224 to:192.168.1.11:22
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:224 to:192.168.1.11:22
840 48876 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:51413 to:192.168.1.11:51413
64 4142 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:51413 to:192.168.1.11:51413
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:51414 to:192.168.1.11:51414
13 720 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5900 to:192.168.1.4:5900
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5900 to:192.168.1.4:5900
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:222 to:192.168.1.4:22
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:222 to:192.168.1.4:22
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:51412 to:192.168.1.4:51412
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:51412 to:192.168.1.4:51412
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:223 to:192.168.1.6:22
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:223 to:192.168.1.6:22
1 64 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5901 to:192.168.1.6:5900
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5901 to:192.168.1.6:5900

The port forwards on 5901 are working normally. See the first column, it does show that a packet hit the port, and was forwarded. Double-check your client at 192.168.1.6.

 

[ebalsumgo]

hmmmm... both clients 192.168.1.4 and 1.6 are running and are on two different platforms (one is a mac the other is a win box). I guess it is something with my servers.