Orbi WiFi 7 RBE973
Reply

Re: Port forwarding on R7000 stopped working

jbuda
Aspirant

Port forwarding on R7000 stopped working

I have a nighthawk R7000 with firmware version V1.0.9.88_10.2.88. I have multiple ports setup for forwarding and it was working just fine until a few days ago. Suddenly I couldn't access anyhting inside the network from outside the network. This includes things like ssh, http, https, and various ports setup for various game servers (minecraft, terraria, etc...). I have attempted multiple reboots and even reflashed my firmware once or twice. Has anyone else experienced this issue or know where I can go to find a solution? I attempted to call the netgear help number but they either didn't understand what I was asking or didn't want to answer as affter 2 hours of tech support I was told to hang up and call back another day. Let me know if there is additional information I need to supply.

As clarifying, there are multiple machines within the network I am trying to reach so it is unlikely it is the machine's firewall blocking the connections.

Model: R7000|AC1900 Smart WIFI Router
Message 1 of 16

Accepted Solutions
antinode
Guru

Re: Port forwarding on R7000 stopped working

> [...] The WAN listed in the router and my public IP are not identical.
> [...]

 

   That would do it.  (It's "1" on the list for a reason.)  Plug that
address into the form at "https://whois.arin.net/", and get discouraged.

 

> [...] I did notice that the IP for my public IP changed recently [...]

 

   Apparently your ISP moved you onto a CGN router.

 

> [...] cannot reach the inside of my network using my new public IP.

 

   With another NAT router in the way, that's not amazing.

 

   You could try asking your ISP if you can get (back to having) a
public address (again).  They might charge extra for that, if they'll do
it at all.  Some ISPs dislike servers for residential customers.

View solution in original post

Message 10 of 16

All Replies
jbuda
Aspirant

Re: Port forwarding on R7000 stopped working

 
Message 2 of 16
antinode
Guru

Re: Port forwarding on R7000 stopped working

> [...] firmware version V1.0.9.88_10.2.88. [...]

 

   Had it been working with that firmware version?  V1.0.9.88 is not
universally beloved.  If the firmware is suspect, then V1.0.9.42 might
be worth a try.

 

> [...] Suddenly I couldn't access anyhting inside the network from
> outside the network. [...]

 

   Sounds as if something changed.  What kind of "couldn't access"?
Actual error messages?

 

> [port assignments.png]

 

   Ok.  Are the servers at the target LAN IP addresses in those rules?
Are you using Address Reservation, or static addresses, or what?

 

   The usual problems with this stuff are:


   1. Wrong external IP address (different from the port-forwarding
router's WAN/Internet IP address).  (An intermediate NAT router, for
example, could cause this.  Or an ISP using carrier-grade NAT to
conserve IPv4 addresses.)

 

   How are you specifying the router address "from outside the network"?
IP address?  DDNS name?  Other?  Does the IP address of the WAN/Internet
interface on the router (still?) agree with that outside-world address?

 

   2. Bad port-forwarding rule (wrong port(s), wrong target address --
including a wandering target).

 

   Yours look good to me, if the servers are at those addresses.

 

   3. Server not listening on the port-forwarding target system.

 

   I assume that you can contact the servers, from a system on your LAN,
at their LAN IP addresses.  Can you also contact the servers, from a
system on your LAN, at the router's WAN/Internet IP address?  That test
relies on "NAT loopback" (on the router) working, which it should be.

 

   4. External influences: ISP blocking, other firewalls, ...

 

   Unlikely, especially with a sudden-onset problem.


   If you ever do get this stuff working, then, regarding External Port
22: It makes much sense to configure SSH on your local server(s) to use
the default SSH port, 22.  However, unless you're looking for a
bombardment of SSH break-in attempts, it makes almost no sense to use
port 22 on your WAN/Internet interface.  A rule like the following will,
I claim, save you considerable annoyance:

 

                      Ports
    Protocol   External   Internal   Server IP Address
    TCP/UDP      2022         22     192.168.1.9

   This does mean that you'd need to add "-p <port>" to all your
outside-world SSH commands, but it's a small price to pay.  (Pick any
memorable port which is not needed for some other purpose.)

Message 3 of 16
jbuda
Aspirant

Re: Port forwarding on R7000 stopped working

Thank you for the informative reply,
I will try going down a firmware version. I had originally been on a version actually higher than my current one and went down a version to test although I can't remember what version that was and I can't locate it on the website. (Was 1.0.10.something).

I usually get something akin to "site took too long to respond." or "ERR_CONNECTION_TIMED_OUT" for my webpage.
I assigned the IPs in the router itself so they're reserved for those machines at all times.
I specify which IP by using either my domain (which uses my public IP) or my public IP found when I google "What's my IP"
I can access any of these services from within the network and using the WAN IP.

Thanks for the tip for the external to internal port change to strengthen the network some.

**Edit** Went down to that version and still no dice

Message 4 of 16
antinode
Guru

Re: Port forwarding on R7000 stopped working

> I will try going down a firmware version. [...]

 

   Or three.

 

> [...] (Was 1.0.10.something).

 

   V1.0.10.90_10.2.90 apparently was posted and then pulled within a day
or so. Must have been exceptionally bad.  (And normally bad is bad
enough to dissatisfy almost everyone.)

 

      https://community.netgear.com/t5/x/x/m-p/1834217

Message 5 of 16
jbuda
Aspirant

Re: Port forwarding on R7000 stopped working

Tried going down in versions and it's rejecting some of the older firmware versions. Pretty much anything past v1.0.9.42 and it ain't having it. Gives "error code -2". 

Also it appears the thing that changed was I accidentally left on the auto update function and it went to whatever the most up to date firmware was and killed a bunch of settings. Can't seem to undo the damage it did though. Going to try a factory reset now that I'm on 1.0.9.42.

Message 6 of 16
antinode
Guru

Re: Port forwarding on R7000 stopped working

> [...] Going to try a factory reset now that I'm on 1.0.9.42.

 

   I'd try that settings reset.  Just don't try to restore saved
settings from a newer version.  I'd expect ".42" to be old enough to
work.

 

> [...] Does the IP address of the WAN/Internet interface on the router
> (still?) agree with that outside-world address?

 

>    I assume that you can contact the servers, from a system on your LAN,
> at their LAN IP addresses.  Can you also contact the servers, from a
> system on your LAN, at the router's WAN/Internet IP address?  That test
> relies on "NAT loopback" (on the router) working, which it should be.

 

   Don't get fixated on the firmware without checking the other
possibilities.

Message 7 of 16
jbuda
Aspirant

Re: Port forwarding on R7000 stopped working

Still no dice. I can access the services from my WAN IP. The WAN listed in the router and my public IP are not identical. It's odd that this suddenly became an issue as I was able to host things up until recently. I did notice that the IP for my public IP changed recently too but I updated my DNS accordingly and also cannot reach the inside of my network using my new public IP.

Message 8 of 16
jbuda
Aspirant

Re: Port forwarding on R7000 stopped working

I now see why it can be an issue if my WAN IP is not the same as my public IP. It appears my ISP is using carrier grade NAT. Calling in the morning to see if they'll let me have a static IP in my apartment. Thanks for all the suggestions!

Message 9 of 16
antinode
Guru

Re: Port forwarding on R7000 stopped working

> [...] The WAN listed in the router and my public IP are not identical.
> [...]

 

   That would do it.  (It's "1" on the list for a reason.)  Plug that
address into the form at "https://whois.arin.net/", and get discouraged.

 

> [...] I did notice that the IP for my public IP changed recently [...]

 

   Apparently your ISP moved you onto a CGN router.

 

> [...] cannot reach the inside of my network using my new public IP.

 

   With another NAT router in the way, that's not amazing.

 

   You could try asking your ISP if you can get (back to having) a
public address (again).  They might charge extra for that, if they'll do
it at all.  Some ISPs dislike servers for residential customers.

Message 10 of 16
jbuda
Aspirant

Re: Port forwarding on R7000 stopped working

Yep that'll do it. I'm going to call their offices in the morning when they open but being in an apartment complex (even though I have an individual line) and not owning the account might make things hairy. Thanks for all the help and I'll see to getting this resolved through my ISP!

Message 11 of 16
antinode
Guru

Re: Port forwarding on R7000 stopped working

> [...] see if they'll let me have a static IP [...]

 

   What you really need is "public", not "static", although both
"public" and "static" would let you get a real domain instead of using
DDNS.

Message 12 of 16
Hanssimon
Aspirant

Re: Port forwarding on R7000 stopped working

After installing bitguard trial security, my router is dropping connection every couple days. Firmware is up to date.
How do I remove bitguard?
How do I get nighthawk support to solve this issue? I need to unplug to get connection back.
Message 13 of 16
daheed
Aspirant

Re: Port forwarding on R7000 stopped working

I'm curious how your ISP responded.  This started happening to me yesterday at Comcast.  I will check for the WAN IP mismatch when I get home, but everything sounds similar.  Was a private IP an option?  

Thanks everybody on the thread.

Message 14 of 16
jbuda
Aspirant

Re: Port forwarding on R7000 stopped working

I did end up being able to get a public IP address. Comcast uses some weird routing/Carrier Grade NAT and it can get difficult to get a public IP from them from what I understand. I jumped that ship and went to a local Fiber ISP ASAP.

Message 15 of 16
daheed
Aspirant

Re: Port forwarding on R7000 stopped working

Ah, well good for you. No Fiber where I am. I wonder if that issue will disappear with IPv6 or if they are going to NAT those as well.

Message 16 of 16
Top Contributors
Discussion stats
  • 15 replies
  • 3521 views
  • 1 kudo
  • 4 in conversation
Announcements

Orbi WiFi 7