NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
R6400 Port Forward issues V1.0.1.12_1.0.11
I just purchased a new NETGEAR R6400 router. I am trying to set up some port forwarding rules that have worked perfectly on other NETGEAR routers. For example, inbound traffic on port 13389 should be fowarded to ip address 1.1.1.10 on port 3389. While inbound traffic on port 23389 should be forwarded to ip address 1.1.1.11 on port 3389. The second rule is rejected as a conflict, however is it certainly not. The only conflict would be if I am trying to repeat the inbound port. Is there a fix for this that does not include reconfiguring my computers?
The Release Notes for V1.0.1.12_1.0.11 indicate that they enhanced port forwarding:
- Improves port forwarding by allowing fixed and range ports to be added to one rule.
If you upgraded from a previous version, then you may want to perform a factory reset to wipe out any incompatible configuration settings left over from the previous version. Then re-enter the port forwarding settings by hand. Do not restore from a backup configuration file because it, too, can be incompatible with the new version.
If this doesn't work, then try downgrading to an older version. You can find firmware here (link). Be sure to perform another factory reset after installation.
7 Replies
The Release Notes for V1.0.1.12_1.0.11 indicate that they enhanced port forwarding:
- Improves port forwarding by allowing fixed and range ports to be added to one rule.
If you upgraded from a previous version, then you may want to perform a factory reset to wipe out any incompatible configuration settings left over from the previous version. Then re-enter the port forwarding settings by hand. Do not restore from a backup configuration file because it, too, can be incompatible with the new version.
If this doesn't work, then try downgrading to an older version. You can find firmware here (link). Be sure to perform another factory reset after installation.
Perfect! Backing up to v1.0.1.6_1.0.4 worked! The interface is not as clean, but whacha gonna do?
I did try a factory reset on the latest firmware, which did not work.
I had the same problem with an R6400 I just purchased. It caused me a great deal of lost time and frustration since I use port forwarding extensively. To find the problem I used an Ethernet sniffer (wireshark) and discovered that the R6400 did not implement port forwarding correctly, as specified by RFC 1631 and its successors. The R6400 does not bind the gateway IP address as the source of the forwarded message and instead forwards the message with the originating host's public IP address! Of course that address is invalid inside the private network and so is discarded by the intended host target. I ended up putting the new Netgear router on the shelf and bought a Linksys router until this is fixed. I'll try reverting to a previous firmware load and see if it works.
I hope someone from Netgear reads this and verifies the problem so it can be fixed.
gkcambr wrote:I had the same problem with an R6400 I just purchased. It caused me a great deal of lost time and frustration since I use port forwarding extensively. To find the problem I used an Ethernet sniffer (wireshark) and discovered that the R6400 did not implement port forwarding correctly, as specified by RFC 1631 and its successors. The R6400 does not bind the gateway IP address as the source of the forwarded message and instead forwards the message with the originating host's public IP address! Of course that address is invalid inside the private network and so is discarded by the intended host target. I ended up putting the new Netgear router on the shelf and bought a Linksys router until this is fixed. I'll try reverting to a previous firmware load and see if it works.
I hope someone from Netgear reads this and verifies the problem so it can be fixed.Can you clarify the incorrect behavior? Public source IP addresses are perfectly valid inside a private network. Was the R6400, perhaps, not translating the public destination IP address into a private address?
In my application external (public) hosts use websockets within their browser to set up TCP connections to a private host within my LAN. Using an Ethernet sniffer (wireshark) I saw the external hosts TCP request properly translated at the NAPT to the internal private destination address and port. However the incoming PDU's source IP address and port were public (not translated). My host did not accept that packet. To resolve the problem I took the advice given to others and loaded the previous firmware load V1.0.1.6_1.0.4. Once loaded I reset the router and re-configured it exactly as I had done the V1.0.1.12_1.0.11 load. The older load worked.
I read RFC 2663 and believe the safest implementation for a NAPT is Twice NAT (section 4.3). That implementation binds the WAN public address in the public domain the LAN gateway address in the private domain. Both source and destination addresses are translated as PDUs cross the LAN/WAN boundary in both directions. I don't know if this is the problem, but you can verify if the bindings are different in the .4 and .11 loads.