Reply

Attempt to release incorrect UDP nat port from SELF

race
Aspirant

Attempt to release incorrect UDP nat port from SELF

Two months ago, my Netgear router logs began to include intermittent entries that said, "Attempt to release incorrect UDP nat port from SELF."

 

More and more of these entries began to show up. Currently, the log containts mostly these entries.

 

There are other anomaly entries as well, such as,

  • "DNS lookup failed, force renew!"
  • "Invalid sequence number received with Reset, dropping packet Src 80 Dst 52115 from WAN"
  • "Unable to free TCP NAT port for a000008:52000 from LAN"

Does anyone know what they mean or what causes them?

 

The routern is ProSafe FVS 318.

Message 1 of 27
JohnRo
NETGEAR Employee Retired

Re: Attempt to release incorrect UDP nat port from SELF

Hi race, 

 

Welcome to the community! 

 

I see you are having some issues with the FVS318, let me see if I can help you out. The first entry is an event log, this is I would say common. For the other entries, it appears like the router seemed to be dropping traffic (valid or invalid). I would like to know what firmware version you have loaded on the firewall. What are the changes you made on the network before experiencing these logs? 

 

We'll look forward to your response. 

 

Thanks, 

JohnRo
NETGEAR® Community Team
Message 2 of 27
race
Aspirant

Re: Attempt to release incorrect UDP nat port from SELF

Hi, JohnRo!

 

Thank you for helping me.

 

The firmware is v3.0_22.

 

I made no changes. It just started happening. The logs from six months ago had none of these entries.

 

Race

  
Message 3 of 27
JohnRo
NETGEAR Employee Retired

Re: Attempt to release incorrect UDP nat port from SELF

Hello race, 

 

My suggestion is to update your firmware to the latest, we have to make sure that the errors you are getting are not coming from the bugs on older firmware versions. You can donwload the firmwares on this link, you are 5 (five) firmwares behind you need to upload incrementally. 

 

Hope it helps. 

 

Thanks, 

JohnRo
NETGEAR® Community Team
Message 4 of 27
SamirD
Prodigy

Re: Attempt to release incorrect UDP nat port from SELF

This is BAD advice.  Do NOT upgrade your firmware as a solution.

 

Since nothing has changed on the netgear, what else may have changed?  Is your isp doing upgrades, speed increases, backbone changes?  Did they change the modem they provide you?  Any other network configuraiton changes?

Message 5 of 27
race
Aspirant

Re: Attempt to release incorrect UDP nat port from SELF

Okay, I'll wait to do the firmware upgrades.

 

The ISP (Comcast) has apparently been doing numerous network upgrades in the area of many kinds over the past year. That is according to a Comcast tech.

 

Is it clear to anyone specifically what these error messages mean? When I look at the router diagnostics page (or LAN setup page, I don't remember exactly which at the moment), it look like the WAN address is 10.0.0.1, which seems to be wrong.

 

Race

Message 6 of 27
SamirD
Prodigy

Re: Attempt to release incorrect UDP nat port from SELF

The Comcast changes sounds like they could have a hand in it.  I remember when Knology changed to the Arris c4 on their carrier side, my Cisco rv016 thought it was under attack from the nearly 100 packets per second of the c4 checking to see if my router was up.  Knology or Cisco never resolved the issue even though it actually was causing the router to lock up and reboot every few minutes.

 

This class of devices have numerous bugs (in almost all manufacturers products) that will cause issues like this, and if you try to trace back every single one of them you'll end up doing more design work on the product than the manufacturer originally did.

 

Are the entries affecting anything?  In other words, are you having any problems with the router?  If not, I wouldn't worry about it.  

 

 

Message 7 of 27
race
Aspirant

Re: Attempt to release incorrect UDP nat port from SELF

Thank you for your insights!

 

The biggest problem at the moment is that I can't access my calendar and FileMaker servers remotely.

 

The LAN functions just fine.

 

Incidentally, some days the problem goes away. The problem persists even with different modems.

 

The modem's LAN address is 10.0.0.1, which is what the router is saying, mistakenly, is the WAN address for the network.

 

So is the problem likely a result of something on Comcast's side?

 

Race

Message 8 of 27
SamirD
Prodigy

Re: Attempt to release incorrect UDP nat port from SELF

Were to able to access these before the error messages in the log?

 

It sounds like there's a router built into the comcast router.  While that may not be the cause of the error messages, it can definitely explain why you might not be able to access the servers.

 

See if you can get comcast to disable the router in the modem or give you just a plain modem.  It might also save you a few dollars a month as some isps charge extra for these routermodems.

Message 9 of 27
race
Aspirant

Re: Attempt to release incorrect UDP nat port from SELF

Good points.

 

This all started with the old modem, though, which had no router built in. I have also disabled the router function of the Comcast modem, and the problem persists.

 

Occassionally, I can access FileMaker and the calendar servers with the Comcast modem and the modem's built-in router enabeld. And as I say, the prior set up (a non-Comcast modem with no rounter built in) had the same problem from time to time. So it seems not to have to do with the router or the modem.

 

Is it therefore on Comcast's side?

 

Can anyone please tell us what the message "Attempt to release incorrect UDP nat port from SELF" means? It seems important that we really know what this is saying so that we can determine the true cause of this problem.

 

Anyone?

Message 10 of 27
SamirD
Prodigy

Re: Attempt to release incorrect UDP nat port from SELF

Hmmm...I'm thinking the error message doesn't directly have anything to do with the filemaker issue, but might be distantly related.  Unfortunately, with all the goofy error messages and no documentation, the chances of finding out exactly what that message means is slim and none.  Instead, let's work on the problem and see if we can't fix that--and when we do, let's see if the errors stop. 

 

So a couple of questions:

- How are you accessing your calendar and FileMaker servers?

- What client are you using to access them or do they have a built-in remote access client?

- What port do the servers use?

- What entries to you have in the netgear and/or comcast to make this work (when it does)

Message 11 of 27
race
Aspirant

Re: Attempt to release incorrect UDP nat port from SELF

I hope this inquiry will be fruitful.

 

- I access FileMaker through built-in remote access via a web browser.

- I access the calendar through a calendar client.

- One of them uses port 4000. I don't remember what port the other uses but could find out if it seems relevant.

- The remote access works when I see entires in the router log like, "Mon, 2014-08-04 00:05:41 - UDP packet - Source: 92.249.162.144 - Destination: xx.xx.xx.xx - [Access Policy not found, dropping packet Src 53 Dst 43380 from WAN]"

- When remote access doesn't work, I get the errror, "server is not responding." If I access the servers through the LAN, they communicate properly, so I know the problem isn't the servers themselves. As I say, remote access is the problem.
- There are in the last few days NO log entries like the one above. Only the "SELF" entries, as I've mentioned.

- This coincides with the router log entry saying the DNS lookup failed, and then the router requests a new lease. It looks like the router is not able to communicate properly with the WAN, for some reason.

- All of this has worked perfectly well for many years. Only lately is this not working. 

it looks like the error message of "Attempt to release incorrect UDP nat port from SELF" may refer to the router is not able to get the WAN address requests to be propertly translated as WAN and not LAN requests, somehow, and involving the translation port. Or something. It's like the router is "holding onto" the SELF designations of the requests, even when they are WAN requests. This might explain the DNS lookup failures.

 

Is there any way to get a tech from Netgear to chime in? I see that the "SELF" errors occur in other routers' logs, and it seems a tech could tell us what they mean. Netgear phone support won't help because the router is "legacy" router.

 

Race

 

Message 12 of 27
SamirD
Prodigy

Re: Attempt to release incorrect UDP nat port from SELF

Okay, so there's a couple of things to check.

 

Do you have 'dns proxy' enabled on the lan?  If so, disable it.  Also, if you can statically put in the dns entries, do that.  This should fix any dns lookup issues, which can be an issue on these units.

 

Second, what rules/services do you have set up so that your filemaker server can be accessed from the outside?  Also, is the netgear getting a public IP address at all times?

 

The answers to these should get us moving in the right direction.

Message 13 of 27
race
Aspirant

Re: Attempt to release incorrect UDP nat port from SELF

Thank you for your ideas.

 

As I may have mentioned, I didn't change any settings when the problems started happening. There is no proxy. Fixed DNS lookup has always been the case. The FileMaker and calendar rules have been set up the same way for years and worked perfectly until just recently.

 

I've been trying to focus our attention on the IP address. The router says its WAN port address is 10.0.0.8. This is not the same WAN IP address assigned by Comcast as reported by the modem. 10.0.0.8 is a private LAN address and should not be reported by the router as the WAN IP address.  This seems to be the problem, right?

Message 14 of 27
SamirD
Prodigy

Re: Attempt to release incorrect UDP nat port from SELF

Yep, I agree that this should be the problem because that indicates that there's another router in between, and I'm sure that router doesn't have the services or port forwards set up.  I'd talk to comcast about getting your router to get the public IP.  If not, tell them you want to swap what you have for a plain, regular cable modem.

Message 15 of 27
race
Aspirant

Re: Attempt to release incorrect UDP nat port from SELF

I don't think the modem itself is part of the problem. I had the same issues with a simple modem-only modem a few weeks ago. I replaced the modem because Comcast thought it was the problem, but the problem persists. There is no "other router" in the line, only the Netgear router, then the Comcast modem.

 

Can't we please get someone to tell us more exactly what this error message means? Does no one out there know? It feels unproductive to keep guessing.

Message 16 of 27
SamirD
Prodigy

Re: Attempt to release incorrect UDP nat port from SELF

If the modem you're using doesn't have a built-in router, then what is happening is your modem is losing it's cable sync and issuing a private dhcp address (which it will do if it loses sync).  This address is usually 192.168.1.100 on arris models, but the 10.x.x.x address pool is also private so I could see them using that as well.  It sounds like there's an actual issue with your service.

 

A good way to diagnose your service is just ping something on the outside for a day or so and then check for any packets loss.  It should be 0% lost.  Anything more than that and you have something going on.

 

It's futile to look for an explanation for the error message.  Only the guy in China that wrote it in would know and there's probably no way to reach him.

Message 17 of 27
race
Aspirant

Re: Attempt to release incorrect UDP nat port from SELF

A modem with or without a router makes no difference. Please see my prior posts.

 

The Netgear error messages are based on standard terminology, and I expect a Netgear tech would likely understand them.

 

Thank you for your help. I'll ask others for their views now.

Message 18 of 27
SamirD
Prodigy

Re: Attempt to release incorrect UDP nat port from SELF

If you want to diagnose your issue by going from the message backwards, you're beating a dead horse and likely will not find a solution.  These units absolutely DO NOT like their wan connection turned on and off or the IP address to disappear and reappear.  That in itself can cause log messages as well as other issues.

 

The root cause of your problem is with your Internet provider.  For some reason, their external IP address 'goes away' and the netgear gets some other address.  And when this happens your inward-bound traffic is not making it to the netgear.  The 'not found' errors prove this to be the case.

 

If you fix the issue with your isp, the log errors will probably go away too.  Going about it the other way around is likely to be futile and end with no resolution.

Message 19 of 27
race
Aspirant

Re: Attempt to release incorrect UDP nat port from SELF

I don't have any specific problem to present to Comcast that indicates the issue lies on their end. There is no specific information I can give to Comcast that will demonstrate this -- no log entries, no router parameter numbers, nothing.

 

Upgrading the router firmware to its most current version did nothing to address this problem.

 

I don't feel I am any closer to a solution than when I first posted to this site.

Message 20 of 27
SamirD
Prodigy

Re: Attempt to release incorrect UDP nat port from SELF

Your router having a non-public IP address is the problem I would report to comcast.  If their cable modem is in modem-only mode, there's no reason you should be getting that 10.10.10.x address.  I'd start there.  It's in intermittant problem so they probably won't find it immediately.  My guess is that they'll find that the modem is losing sync when your wan IP changes, which will be a line issue that they can fix.

Message 21 of 27
race
Aspirant

Re: Attempt to release incorrect UDP nat port from SELF

Right. But the modem reports the correct IP address. I can receive email, and web pages load properly. The only place the 10.0.0.x address shows up is on the router's "WAN Port IP Address," which is correct, right? -- the router status report doesn't show the WAN IP address, only the WAN Port IP Address. So I don't see what I would show Comcast that there is a problem.

Message 22 of 27
SamirD
Prodigy

Re: Attempt to release incorrect UDP nat port from SELF

That's the problem.  The wan port IP address should be your public IP if the comcast equipment was just a modem.

Message 23 of 27
race
Aspirant

Re: Attempt to release incorrect UDP nat port from SELF

The type of modem hasn't made a difference.

Message 24 of 27
race
Aspirant

Re: Attempt to release incorrect UDP nat port from SELF

I'm going to do a port test to see if this will provide proof to Comcast of a problem. What port should always be open on any computer? 80?

Message 25 of 27
Top Contributors
Discussion stats
  • 26 replies
  • 4475 views
  • 0 kudos
  • 3 in conversation
Announcements