port forwarding doesnt work with PR60X router and M4300-48X switch

Hi @caleb87,

Welcome to the NETGEAR Community! 🙂

Did you configure the Port Forwarding as described on the link below?
https://kb.netgear.com/000065728/How-do-I-add-a-custom-port-forwarding-service-on-my-PR60X-router

If you already did and it is still not working, can you verify if you have anything connected to WAN1? Only one WAN can be active at a time and the second WAN is used as a failover. You can select which WAN to use as a primary under WAN - Internet/WAN - Dual WAN - Configuration - Primary WAN.

Have a lovely day,
RennaD
NETGEAR Team

Haven't seen -any- NAT config on these "dual-WAN port router".

No controls for two WAN interfaces, no port forwarding for each of these .... just what the product management thought is essential. Port forwarding does very likely work on the WAN1 only. 

Based on the data sheet and the user manual - there is not much - I would -never- consider an evaluation or even buy one. And no, despite having asked several times: Netgear preferred -not- to provide a test unit.

Appears they had a very limited, simple use case (if anything) in mind.

At the risk this will be my last post here: That's all I can and will say here.

@YeZ @ChristineT 

My custom ports forwarding works fine on my end, though I am only using it for Windows RDP:

Have no issues with the port forward working on both my main (10 gig WAN) internet and backup internet when I had to use failover.

Have you tried doing a factory reset of the router to see if that would help out? That would probably be the last thing I would do.

---

@ShadowMario3 wrote:

Have no issues with the port forward working on both my main (10 gig WAN) internet and backup internet when I had to use failover.

---

One port forwarding active magically on two WAN interfaces?

Would you mind to tell us more about failover - no word of this in the user manual. 

With an eye on community know-how: We're keen to know why and how you have to RDP port forwardings configured. Are these the same RDP ports forwarded from both WAN connections? 

@ShadowMario3 wrote:

Have you tried doing a factory reset of the router to see if that would help out? That would probably be the last thing I would do.

---

Suspect more a problem with ports already in use for the router own local/internal usage, like for the Web UI, when the OP does talk of http and port 80. Not the first Netgear (and other brands) router struggling over these basics. I would try some alternate port forwarding, assuming the router can deal with PAT, e.g on some random port like 80123 for example.

Thank you for the suggestion. I only have one WAN connected, and it's to the WAN2 port because it's 10G and the WAN1 port is not 10G for some reason. 

I still went into Dual WAN setting and set the primary to WAN2, but this has not enabled the port forwarding. I also tried to reboot the router after the changes. I'll also note that my firmware is updated to the most recent (v2.3.0.78).

I appreciate all the suggestions, and if anyone has any ideas at all I appreciate the help. 

Hi Caleb,

I tested that the same port forwarding rule worked for both WAN1 and WAN2, below are steps of my test:

1. Create customized service P10880 for port 10880.
2. Create myhttps for port 443 - I am not sure why pre-defined https for port 443 is not showing up in drop down menu for port forward rule, will file a bug for it.
3. Create port forward from P10880 (Any) to myhttps (Internal_Server).
4. With signal WAN, test port forward https://WAN1_IP:10880/ it worked
5. Now turn on dual WAN, test port forward https://WAN2_IP:10880/ it also worked  

Please let us know what response you got when try to access internal service through port forwarding. Thanks.

@schumaku 

Yeah, from the last time I had a failover occur, I was able to use RDP through the second IP with no issues at all. I can do another test tonight to confirm this.

FWIW, my setup is I have a GoNetspeed (regional fiber company) with a static IP as my main WAN, connected to the WAN2 port. I have Comcast as my backup internet connected to WAN1, which, while dynamic, doesn't use CGNAT. Since OP mentioned that the port forward is working through another router, I assume that they are not behind a CGNAT.

As for how I did the port forwarding on the PR60X, I didn't need to specify which WAN ports it would apply to, I just made sure that External IP Address was set to "Any". First, you need to make a new rule under Service Management that specifies the ports.

Once they are added (or if you want to use one of the pre-defined ones), then you can go to the Port Forwarding page and they will appear in a list of rules when you add a new entry:

I have never used the predefined ones myself, so I was never able to check if port 80 had the issue like you mentioned. 

As for why I have two RDP ports connected to the same internal IP, it's because that device is my Netgear RS700 router, which I have all of my computers hooked up to. I know that I am in a double NAT situation, but I don't mind this setup since I am still able to set up a VLAN through the PR60X so I have the RS700 dedicated for my main network and another router that is used for my Guest and IoT WiFi.

That's what I would expect as well as a port forward is pretty simple. Did you do that with a PR60X router? If not, what model did you use?

Like your example, I just tried to forward a random port to port 80. The rule is setup like:

External Service: Custom (Port 3001)

Internal Service: HTTP (Port 80)

External IP: Any

Internal IP: 192.168.182.100

Enabled: True

If I go to 192.168.182.100:80 it works as expected, but if I go to 192.168.182.100:3001 it does not work.

My guess for problems are:

1) The Netgear M4300-48X switch (default configuration with no modifications; seems unlikely)

2) The router firewall configurations preventing a forward (default originally, but created a rule to allow any and all; also seems unlikely)

3) Something I haven't even considered

Quite: If I go to 192.168.182.100:80 it works as expected, but if I go to 192.168.182.100:3001 it does not work.

Yes, I tested on PR60X.

No, that is not how you should test it, you need to test it

wan_port_ip_or_ddns_domain_name:3001

i.e. you visit external port of external IP, it will be forwarded to internal port of internal IP

I tested it on my WAN IP. I'm trying to forward my WAN IP to a web server. I've done it dozens of times on dozens of other routers with all kinds of services beyond apache. I cannot forward any public WAN IP ports to any local network ports. It's beyond aggravating to struggle on such a trivial problem with no help from netgear themselves (i contacted them separately). I set the router up, and the internet worked. I didn't configure anything beyond the WAN2 static IP (I cant use the WAN1 because it's not 10G). I then tried port forwarding and it hasn't worked. I then started debugging and created the firewall rule to enable all traffic, tried everything I can think of and nothing works.

I really appreciate the community members who are trying to help. I understand that you're all netgear fans since you're here otherwise you wouldn't be here. So far I think netgear is terrible (sorry).

I'm going to abandon this router and never buy netgear products again. I'm setting up several server racks at multiple offices, and the amount of time wasted on this is unacceptable. 

I'm shocked the WAN1 port is only 1G/2.5G and not 10G as well. Netgear was a good "bang for buck" spec sheet, but I see why now. It's unfortunate this office took awhile to get the fiber hooked up, because we bought the unit in December so I cannot even return it. I'll have to ebay it and take the loss.

Hi Caleb,

Sorry that I was not clear that I am NETGEAR employee, I am not posting often on forum so sorry about that.

As you said, the port forward should be as simple as you described. Would you mind enable SDM and let us know SDM port number? 

To enable SDM from Insight:

https://kb.netgear.com/000065829/How-do-I-enable-Secure-Diagnostics-Mode-on-my-device-using-Insight

To enable SDM from GUI:

https://ip_of_pr60x/advanced_debugging.html

Slide Enable SDM to right and let us know 5-digit port number.

Since you already made it work before, I am assuming that you are testing port forwarding from outside of PR60X LAN network. Thanks.

From SDM, we can tell if firewall is setup properly, we will also be able to tell why outside can't reach your internal server.

Quick question: when you try to access 192.168.182.100:80 from internal, is it auto redirecting to https? If so, would you please try port forwarding to port 443 instead of 80. Thanks.

Dear @op3c ... being much to long around consumer and many small business market much to long: How does the PR60X properly handle the wonderful port 80/TCP port-forwarding example from the RT*M (!!!) without being intercepted by some other smart-a-**** ideas often shamelessly specified by carless product managers? 

Needless to say, on a small business class multi WAN NAT router, which should cover virtually any use case, say to operate a https server NAT port forwarded on the industry standard port 443/TCP, or drawing the design a little bit ahead to the VPN implementations covering SSL-VPN -also- using 443/TCP, or for the sake of it the convenient OpenVPN using 1193/UDP without interfering with whatever valid services your customers intend to operate on a NATed port-forwarded say a WireGuard service on port 51820/UDP - without making it impossible to operate such a service on the very same security appliance, similar limitations on IPsec ... this is what a PR60X should be (or become mid term). Isn't all this on the Netgear shareholders plans?

Or can we talk about the complete lack of a proper NAT implementation beyond of the consumer class IPv4 NAT forwarding Netgear does continue to push as the one and only solution on what is supposed to be a fully fledged dual-WAN-router?

Or can we discuss about the (non-existing!) object oriented firewall design? Netgear is decades behind the competition which does have these features in the 4th or 5th iteration already. 

Back to specifications, back to in-depth beta testing with this half-baked, unfinished "product" please. Netgear is still stuck in the late 1990ties!

Netgear is one or two decades behind the competition, many years to late. 

FWIW, I tested out this port by installing an Apache web server on my Raspberry Pi. First, I port forwarded port 80 to my RS700 to verify that worked by logging into the IP as seen from the PR60X's side (192.168.1.10). Then I forwarded the same port as shown below:

I am able to access this the Apache test page on both my main IP address and secondary IP address (when failover occurs).

@CalebSince it's working out for me, there might be an issue with your router itself, so you might want to do a factory reset. As you mentioned, it might have to do with the M4300-48X switch as well.

I setup a 10G Asus home router and port forward worked immediately when using the netgear switch. The netgear switch was factory reset when I got it, and I also tried plugging the Ethernet directly into the router to bypass the switch. I'm using default http port 80 with default apache. I prefer port 80 for testing, because it doesn't require SSL certs and more likely to work for testing. I also tried using alternate services with different ports with the netgear router and it wouldn't work. 

My port forward looks like yours, and they're enabled. The internal IP shows the address, but the WAN public IP will never work with the netgear router. I could factory reset it again, but I'm so busy I'll have to do it another time.

We tested exact same settings without any issues. Please check private message, we would like to work with you to solve this mystery. Thanks.