NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

San2022's avatar
San2022
Aspirant
Mar 01, 2022
Solved

Port forwarding on R7000 not working (fiber & VLAN)

Hi all,    Last weeks I have been puzzling with port forwarding on a R7000. I hope someone can help me out here.    Setup: Fiber (1 Gbit) connected to Optical Network Terminal (ONT) little white...
  • San2022's avatar
    San2022
    Mar 09, 2022

    Hi all, 

     

    Thanks for helping out. I found the solution. The problem was on my NAS (the DNS server on BOND 1 was false). After giving the NAS a static DHCP and on the NAS set this on ' automatic' the connection was resolved. 

     

    After all it was a rookie mistake. However, the learning is that if your port scan gives a state FILTERED or STEALTH, the port is actually open, but the application on the internal LAN is not correctly configured. 

     

    Cheers

FURRYe38's avatar
FURRYe38
Guru - Experienced User
Mar 01, 2022

Be sure your disabling uPnP if your setting up any PF rules. 

 

Might be something to check with the NAS Mfr for help and support regarding there product. 

 

 

San2022's avatar
San2022
Aspirant
Mar 01, 2022

Hi FURRYe38 ,

 

Thanks, I disabled the UPnP function, but that did not have the desired effect. Whu do you think the problem could be with the Synology NAS? The router setup on synology cannot be completed, because the ports cannot be opened. 

 

 

  • FURRYe38's avatar
    FURRYe38
    Guru - Experienced User
    Mar 01, 2022

    Are you trying to access the NAS from outside the LAN? Really is not recommended to put NAS accessible from the WAN side for security reasons. 

     

    I'd review some info here and see if it helps:

    https://kb.netgear.com/20917/What-is-port-forwarding?article=20917

    https://kb.netgear.com/24297/How-do-I-enable-port-triggering-on-my-Nighthawk-router

    https://kb.netgear.com/65/How-to-setup-Port-Triggering?article=65

     

    Possible that your ISP VLAN maybe a factor as well. 

     

     

    • San2022's avatar
      San2022
      Aspirant
      Mar 02, 2022

      Port forwarding is a security risk indeed, but the port forwards the route to the IP address on the LAN network. And there a synology NAS with a fine firewall has its own security on the ports used by the NAS. So there is no specific additional risk (assuming the security of Synology is of the same quality than the Netgear security) 

       

      I agree it could be the VLAN, but how? 

      • San2022's avatar
        San2022
        Aspirant
        Mar 02, 2022

        The R7000 gives the following logs when I am trying to setup the DDNS service on the NAS. So it's knocking at the door, but no answer. 

         

        [WLAN access rejected: incorrect security] from MAC 00:05:CD:AA:24:0A, Wednesday, Mar 02,2022 11:30:37
        [WLAN access rejected: incorrect security] from MAC 00:05:CD:AA:24:0A, Wednesday, Mar 02,2022 11:29:22
        [WLAN access rejected: incorrect security] from MAC 00:05:CD:AA:24:0A, Wednesday, Mar 02,2022 11:28:07
        [WLAN access rejected: incorrect security] from MAC 00:05:CD:AA:24:0A, Wednesday, Mar 02,2022 11:26:53
        [WLAN access rejected: incorrect security] from MAC 00:05:CD:AA:24:0A, Wednesday, Mar 02,2022 11:25:38
        [WLAN access rejected: incorrect security] from MAC 00:05:CD:AA:24:0A, Wednesday, Mar 02,2022 11:23:19

         

        This reaction makes sense, as the port still has the "filtered" state. 

         

        So why can it not be opened...