Re: D6220 Port Forward stopped, wont start again

Retired_Member · ‎2019-03-08

I recently upgraded my fully functional D6220 firmware from V1.0.0.48 to V1.0.0.53. The process happened without a hitch.

However, I discovered a few days later that the port forwarding functions had failed.

This is a critical thing for me to have working.

I read that disabling upnp could help if you can't get it working initially, So I tried that but it still didn't work.

I tried removing the entry's and rebooting, adding, and rebooting. Still nothing.

I tried forwarding to a different internal address/NIC, different ports. Nothing.

I've confirmed with my ISP they are not blocking the ports I'm trying to add (they do block some like 80/SMPT/etc)

I then tried to reset to factory settings via the option in webUI and then set the router up again, but port forwarding still fails.

I factory reset with the push button at the back of the modern with a paper clip, and reset the setup everything yet again but nothing. I noticed that this physical factory reset did not revert back to an older firmware as I thought it would.

So as a last resort I flashed back to firmware V1.0.0.48 which is the last firmware I had that was working with port forwarding. I've set up internet connection again, and my WiFi/ethernet settings, but again port forwarding just refuses to work.

The flash to V1.0.0.53 has killed the router's ability to port forward and I've been unable to recover it. This router was a $200 router but has cost me a lot of time as well and I'm getting quite frustrated with it.

Does anyone have any suggestions? Port forwarding is critical to me so if it is not recoverably I will be foreced to shell out for another router and this one is not even that old. I recon less than 18 months.

Thanks for your help.

Retired_Member · ‎2019-03-09

Resolved.

I did some more probing and found in the advanced tab, under the "internet port" bit it was reporting an internet IP address that was different to the IP address I get when I google 'whats my ip address'.

I then found the following link on my ISP's web site

https://www.aussiebroadband.com.au/support/knowledge-base/nbn/cg-nat/

Basically, the CG bit stands for Carrier Grade NAT. Because of ip4 addresses running out they implemented a NAT across their isp. This ofcourse breaks port forwarding for existing customers and I suspect there will be more people who will experience this issue as time rolls on.

So, with this being the 3rd time I rang my ISP I came armed with the issue. They have "opted me out" of CG-Nat and after a reboot I had an IP to myself. The port forwarding now works. Just so happens they implemented this at the same time I upgraded my router. I will probably flash to the latest firmware tonight once the kids are asleep. They are already giving me a hard time about ABC-Kids dropping out every time I reboot the router.

So, keep this in mind for anyone who visits this post in the future. If port forwarding doesn't work for you not only could it be your ISP blocking ports for you, they may have implemented a NAT policy similar to this.

Thanks for your help antinode. Even though I missinterprited what you were saying it still lead me down the correct path.

Cheers!

View solution in original post

antinode · ‎2019-03-09

> [...] I discovered a few days later that the port forwarding functions
> had failed. [...]

"discovered" how? What are you doing with port forwarding? What are
your actual port-forwarding rules? Copy+paste is your friend.

> [...] port forwarding just refuses to work.

Not a useful problem description. It does not say what you did. It
does not say what happened when you did it. As usual, showing actual
actions with their actual results (error messages, LED indicators, ...)
can be more helpful than vague descriptions or interpretations.

> The flash to V1.0.0.53 has killed the router's ability to port forward
> [...]

Unlikely. But, with no actual information on what you are trying to
do, how you're trying to do it, how you're testing it, and what happens
when you test it, it's tough to guess what might be happening.

The usual problems with this stuff are:

1. Wrong external IP address (different from the port-forwarding
router's WAN/Internet IP address). (An intermediate NAT router, for
example, could cause this.)

2. Bad port-forwarding rule (wrong port(s), wrong target address --
including a wandering target).

3. Server not listening on the port-forwarding target system.

4. External influences: ISP blocking, other firewalls, ...

"port forwarding still fails" provides no useful information on any
of these possibilities.

Retired_Member · ‎2019-03-09

Sorry. Hit reply too early and too hard to edit on my phone. Moving to laptop to reply properly. (Can't delete this)

Retired_Member · ‎2019-03-09

I just posted a massive reply with screen shots and supplimentry data to help resolve this.

It posted fine, I edited it for spelling and grammer which I seen after the post.

Now it is not here.

I really hope it is just pending aproval or something. I wonder if an admin can retrieve it if it was actually posted but something went wrong in an edit and it got trashed?

Retired_Member · ‎2019-03-09

Okay, doesnt look like that post is coming back so I will put a shorter version here. My appologies for the multiple posts.

Once again, thank you antinode for your reply. I am sorry if I was not clear or inclusive enough of information but I appreciate the time you took to reply. I will try and clarify things here for you.

"discovered" how? What are you doing with port forwarding? What are
your actual port-forwarding rules? Copy+paste is your friend.

I use port forwarding to access my CCTV while I work away, sometimes up to 3 weeks at a time. So it is quite important to me and has on at least one occasion allowed me to assist police from my workplace which lead to a offender being caught. About 2 days after the update to the firmware I discovered that accessing my CCTV from the android app while at the shops did not work. It deifnately worked the day before the firmware upgrade. It had worked for over 12 months leading up to that.

I also use it on occasion to access a webUI on a linux box (different internal IP obviously) and when I discovered the CCTV was no longer working I attempted to access the linux box, which also failed

I can verify that both services are running on their respective hosts and are accessable by my windows10 laptop, wifes windows10 PC, her android phone, my android tablet, and also my android phone.

Below is a screen shot of the port forwarding rules I have set up in the router.

> [...] port forwarding just refuses to work.

Not a useful problem description. It does not say what you did. It
does not say what happened when you did it. As usual, showing actual
actions with their actual results (error messages, LED indicators, ...)
can be more helpful than vague descriptions or interpretations.

In both accounts, to access these internal hosts I was using the mynetgear.com DDNS. When I could not access them I did obtain my outward facing IP address by googling "whats my ip address". I then tried to access these services using the IP address as opposed to the mynetgear.com ddns service.

When accessing from my phone or "laptop using my phone as an access point" (so it is going through my telstra 4G connection) the connection just times out. The same happens when attempting to access these services from my LAN but usig the mynetgear.com address or the ISP IP address.

I have also attempted to use various online services to check if your router port is open. I can not remember exactly which ones but I just googled "check port forwarding" which returned numerous services. Of which I can definately say I used at least two different ones. One showed the connection to time out, the other showed it closed. However, I do not know what code they used. It might just say closed when they dont recieve a reply. I have my doubts that they recieved a connection rejection as it is the only time I have had a "closed" connection as opposed to a timed out one.

> The flash to V1.0.0.53 has killed the router's ability to port forward
> [...]

Unlikely. But, with no actual information on what you are trying to
do, how you're trying to do it, how you're testing it, and what happens
when you test it, it's tough to guess what might be happening.

I hope that this post will supply you with supplimentory information, and enought to assist someone to point me in the right direction. The port forwarding was working a couple of days before the upgrade and was not tested until a couple of days after the upgrade, at which point it was obvious that it was not working now.

The usual problems with this stuff are:

1. Wrong external IP address (different from the port-forwarding
router's WAN/Internet IP address). (An intermediate NAT router, for
example, could cause this.)

This might provide useful. I think what you are saying is the ISP assigns an address internal to them, on their own network but it is not what is displayed to the outside world. If this is the case then yes I can see how this could be the problem. I don't think this is the case as it WAS working for a long time and all I did was add the rules in the screen shot above. However, I will definately look into this and report back. Thank you for the lead.

2. Bad port-forwarding rule (wrong port(s), wrong target address --
including a wandering target).

Originally I set a static IP address at the hosts (so they didnt use dhcp). However, during my fault finding I set them back to using DHCPD and reserved the IP addresses to the MAC addresses in the router. I also tried changing the IP addresses at the router, changing the port forwarding to match and rebooting both hosts so they definaely were forced into a different IP address. They still failed and I have since reversed that to the point that both hosts are using DHCP with the original IP addresses reserved against their MAC's. They have rebooted multiple times since then and both have the right IP addresses. Hikvision NVR's use port 8000 by default and that is what the clients are set to when accessing via the wifi connection. When accessing from the outside they are set to madeup.mynetgear.com:39000

The webUI of my bbox uses the same port on the wifi or from the outside (45000), which is manually typed into a web browser each time.

3. Server not listening on the port-forwarding target system.

The tests above show these services are infact running on the hosts.

4. External influences: ISP blocking, other firewalls, ...

https://www.aussiebroadband.com.au/support/knowledge-base/general/port-blocking/

Blocked Ports

Outbound

TCP/25 (Except to our mail servers)

Inbound

TCP/80
TCP/443
TCP/25
UDP/135
UDP/137-139

Also gave them a buzz to see if there is any other reason why they would be bloking inbound traffic on those specific ports which they assured me no, and reffered me to that page again.

"port forwarding still fails" provides no useful information on any
of these possibilities.

I hope this has been a bit more information for you.

Thank you for taking the time to reply and assist.

Cheers!

antinode · ‎2019-03-09

> Below is a screen shot [...]

In-line images in these forums must wait for moderator approval, so I
can't see yours yet. (An attached file incurs no such delay.) Some
little description would be nice, even if the pictures were visible.

> [...] The port forwarding was working a couple of days before the
> upgrade [...]

Ok, but if you reload the old (was-working) firmware, and reset and
reconfigure as before (manually, or by restoring were-working saved
settings), then it's hard to see how the (now purged) newer firmware
could still be causing a problem.

> [...] I think what you are saying is the ISP assigns an address
> internal to them, [...]

Not exactly. Your ISP determines the WAN/Internet (external) address
of your router. Your DDNS system should ensure that the name which it
maintains will track any changes in that address. Your router
(strictly, its DHCP server) typically determines the addresses of
devices on your LAN (but a device can be configured with a static
address, independent of the router and its DHCP server).

One important thing is that your outside-world device is talking to
your router (whether by using that DDNS name, or by using the router's
WAN/Internet address.

At that point, the router's port-forwarding rules determine where an
incoming connection gets directed. So, for example, the actual LAN
address of a camera must agree with the target address in the
corresponding port-forwarding rule. If the camera address changes, then
the port-forwarding rule becomes invalid.

> I can verify that both services are running on their respective hosts
> and are accessable by [devices on your LAN?]

If you can access a service from within your LAN, using the server's
LAN address and internal port number, then you know that the
server/service is good. If a feature on the router called "NAT
loopback" is working (which it should be), then you should also be able
to access a service from your LAN using the router's WAN/Internet
address and the external port number. If not, then either NAT loopback
is broken, or else the port-forwarding rule is bad.

If all that works, then you should be able to get the same result
from the outside world, if you use the router's WAN/Internet address (or
an equivalent DDNS name), and the proper external port, and no one
(like, say, your ISP) is blocking anything.

> Originally I set a static IP address [...]

If the actual address on the server/device is what's in the
port-forwarding rule, then either method should do the job.

Retired_Member · ‎2019-03-09

Resolved.

I did some more probing and found in the advanced tab, under the "internet port" bit it was reporting an internet IP address that was different to the IP address I get when I google 'whats my ip address'.

I then found the following link on my ISP's web site

https://www.aussiebroadband.com.au/support/knowledge-base/nbn/cg-nat/

Basically, the CG bit stands for Carrier Grade NAT. Because of ip4 addresses running out they implemented a NAT across their isp. This ofcourse breaks port forwarding for existing customers and I suspect there will be more people who will experience this issue as time rolls on.

So, with this being the 3rd time I rang my ISP I came armed with the issue. They have "opted me out" of CG-Nat and after a reboot I had an IP to myself. The port forwarding now works. Just so happens they implemented this at the same time I upgraded my router. I will probably flash to the latest firmware tonight once the kids are asleep. They are already giving me a hard time about ABC-Kids dropping out every time I reboot the router.

So, keep this in mind for anyone who visits this post in the future. If port forwarding doesn't work for you not only could it be your ISP blocking ports for you, they may have implemented a NAT policy similar to this.

Thanks for your help antinode. Even though I missinterprited what you were saying it still lead me down the correct path.

Cheers!