NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Port forwarding on R7000 stopped working
I have a nighthawk R7000 with firmware version V1.0.9.88_10.2.88. I have multiple ports setup for forwarding and it was working just fine until a few days ago. Suddenly I couldn't access anyhting inside the network from outside the network. This includes things like ssh, http, https, and various ports setup for various game servers (minecraft, terraria, etc...). I have attempted multiple reboots and even reflashed my firmware once or twice. Has anyone else experienced this issue or know where I can go to find a solution? I attempted to call the netgear help number but they either didn't understand what I was asking or didn't want to answer as affter 2 hours of tech support I was told to hang up and call back another day. Let me know if there is additional information I need to supply.
As clarifying, there are multiple machines within the network I am trying to reach so it is unlikely it is the machine's firewall blocking the connections.
> [...] The WAN listed in the router and my public IP are not identical.
> [...]That would do it. (It's "1" on the list for a reason.) Plug that
address into the form at "https://whois.arin.net/", and get discouraged.> [...] I did notice that the IP for my public IP changed recently [...]
Apparently your ISP moved you onto a CGN router.
> [...] cannot reach the inside of my network using my new public IP.
With another NAT router in the way, that's not amazing.
You could try asking your ISP if you can get (back to having) a
public address (again). They might charge extra for that, if they'll do
it at all. Some ISPs dislike servers for residential customers.
15 Replies
> [...] firmware version V1.0.9.88_10.2.88. [...]
Had it been working with that firmware version? V1.0.9.88 is not
universally beloved. If the firmware is suspect, then V1.0.9.42 might
be worth a try.> [...] Suddenly I couldn't access anyhting inside the network from
> outside the network. [...]Sounds as if something changed. What kind of "couldn't access"?
Actual error messages?> [port assignments.png]
Ok. Are the servers at the target LAN IP addresses in those rules?
Are you using Address Reservation, or static addresses, or what?The usual problems with this stuff are:
1. Wrong external IP address (different from the port-forwarding
router's WAN/Internet IP address). (An intermediate NAT router, for
example, could cause this. Or an ISP using carrier-grade NAT to
conserve IPv4 addresses.)How are you specifying the router address "from outside the network"?
IP address? DDNS name? Other? Does the IP address of the WAN/Internet
interface on the router (still?) agree with that outside-world address?2. Bad port-forwarding rule (wrong port(s), wrong target address --
including a wandering target).Yours look good to me, if the servers are at those addresses.
3. Server not listening on the port-forwarding target system.
I assume that you can contact the servers, from a system on your LAN,
at their LAN IP addresses. Can you also contact the servers, from a
system on your LAN, at the router's WAN/Internet IP address? That test
relies on "NAT loopback" (on the router) working, which it should be.4. External influences: ISP blocking, other firewalls, ...
Unlikely, especially with a sudden-onset problem.
If you ever do get this stuff working, then, regarding External Port
22: It makes much sense to configure SSH on your local server(s) to use
the default SSH port, 22. However, unless you're looking for a
bombardment of SSH break-in attempts, it makes almost no sense to use
port 22 on your WAN/Internet interface. A rule like the following will,
I claim, save you considerable annoyance:Ports
Protocol External Internal Server IP Address
TCP/UDP 2022 22 192.168.1.9
This does mean that you'd need to add "-p <port>" to all your
outside-world SSH commands, but it's a small price to pay. (Pick any
memorable port which is not needed for some other purpose.)Thank you for the informative reply,
I will try going down a firmware version. I had originally been on a version actually higher than my current one and went down a version to test although I can't remember what version that was and I can't locate it on the website. (Was 1.0.10.something).I usually get something akin to "site took too long to respond." or "ERR_CONNECTION_TIMED_OUT" for my webpage.
I assigned the IPs in the router itself so they're reserved for those machines at all times.
I specify which IP by using either my domain (which uses my public IP) or my public IP found when I google "What's my IP"
I can access any of these services from within the network and using the WAN IP.
Thanks for the tip for the external to internal port change to strengthen the network some.
**Edit** Went down to that version and still no dice> I will try going down a firmware version. [...]
Or three.
> [...] (Was 1.0.10.something).
V1.0.10.90_10.2.90 apparently was posted and then pulled within a day
or so. Must have been exceptionally bad. (And normally bad is bad
enough to dissatisfy almost everyone.)
- After installing bitguard trial security, my router is dropping connection every couple days. Firmware is up to date.
How do I remove bitguard?
How do I get nighthawk support to solve this issue? I need to unplug to get connection back.