Reply

Re: Port Forwarding, firmware V1.4.1.50_1.3.10

SyberWizard
Aspirant

Port Forwarding, firmware V1.4.1.50_1.3.10

Attempting two forward two ports, 3389 for RDP and 9000 for accessing a security DVR. Was working through previous routers, verified still working internally. From the router, Advanced->Setup->LAN Setup has both servers with static IPs added to Address Reservations. Advanced->Advanced Setup->Port Forwarding /Port Triggering has both servers added for TCP/UDP Service Type. No response from public access, tests by PortCheckers.com reports "closed" on both ports.

 

I have three chats so far with support, all three ended when they had me make a change that required the router to restart and the chat dropped off before the router came back up. One request was for me to flash the currently available hotfix firmware, which I unsuccessfully have tried multiple times. The router goes through the motions, restarts, but reports the same old firmware. I'm not sure if that indicates a bad firmware upgrade or a bad router. The other oddity was that when I mentioned my public IP address is 162.251.175.158, the tech had me change the router's DNS servers from the carier's assigned address. That broke Internet access for my laptop, but strangely everything else (including my wife's laptop sitting beside me) had access. But still no port forwarding, I checked. So I changed the DNS back, and my laptop came back to life.

 

There are only a handful of settings affecting IP port forwarding, I'm at a loss on what to try next. Everything else on the router does seem to be working properly - at least that I have checked on.

 

Model: R8000P|Nighthawk X6S AC4000 Tri Band WiFi Router
Message 1 of 6

Accepted Solutions
SyberWizard
Aspirant

Re: Port Forwarding, firmware V1.4.1.50_1.3.10

End result: Lightband (my new ISP) uses a double-NAT for residential accounts, with no provisions for forwarding port requests through. I know it can be done (I've done it), but that would be a lot of grief for them to manage. I guess the upside is for all of those poorly protected home systems, this does make for a major headache for the script-kiddies out there.

End solution for me, my account was moved over to the commercial side. Everything IMMEDIATLY started working correctly. As I was not aware of the new ISP (or any other provider) doing a double-NAT, it never occurred to me. When I set up a second router that I know worked properly but would not forward the ports, something else was going on.

What's that line about ASS U ME? Dat be me, today!

View solution in original post

Message 5 of 6

All Replies
antinode
Guru

Re: Port Forwarding, firmware V1.4.1.50_1.3.10

> Model: R8000P|Nighthawk X6S AC4000 Tri Band WiFi Router

 

   Is that accurate?  Connected to what?

 

> [...] Was working through previous routers, [...]

 

   Not a very detailed description of those devices.  Was that in your
current environment (ISP, modem, ...), or some different environment?

 

> [...] verified still working internally. [...]

 

   "verified" what, exactly, how, exactly?  Using the server's LAN IP
address?  The routers WAN/Internet IP address?  Some DNS name?

 

> {...] both servers with static IPs added to Address Reservations.
> [...]

 

   Terminology: A "static" address is configured on the device itself.
What you configure on a (DHCP server on a) router is a reserved dynamic
address, not a static address.  But either should fix the server's LAN
IP address, which is what you need.


> [...] Advanced->Advanced Setup->Port Forwarding /Port Triggering has
> both servers added for TCP/UDP Service Type. [...]

 

   It'd be nice to see the actual port-forwarding rules.  Copy+paste is
your friend.

 

> [...] my public IP address is [...]

 

   You might not want to publish that, but it is, at least, a "public IP
address".  The remaining question is whether it's also the IP address of
the WAN/Internet interface of your router.

 

   For the usual problems with this stuff, see:

 

      https://community.netgear.com/t5/x/x/m-p/1859106

 

   Also, I would not advise using a well-known port like 3389
externally, unless you _want_ to be attacked from every malware-infested
PC on the planet.  For a more discreet configuration, see, for example:


https://community.netgear.com/t5/x/x/m-p/1825881

 


> [...] flash the currently available hotfix firmware, which I
> unsuccessfully have tried multiple times. [...]

 

   A more detailed description of what you did there might help, too.  A
Web/forum search for your model number and the actual firmware version
involved might find things.

 

> [...] the tech had me change the router's DNS servers from the
> carier's assigned address. [...]

 

   I can't imagine how that would matter.  Especially if you're using
your "my public IP address" rather than any DNS name.

Message 2 of 6
SyberWizard
Aspirant

Re: Port Forwarding, firmware V1.4.1.50_1.3.10

>> Model: R8000P|Nighthawk X6S AC4000 Tri Band WiFi Router

Yes, that is accurate. It is connected to a new installation of Clarksville Department of Electricity Lightband fiber optic via a CAT5 cable from their box on the side of the house.

 

>> [...] Was working through previous routers, [...]

That was two different AT&T-provided routers through AT&T, and a Linksys WRT160N V2 that was connected via Lightband when I previously used their service. And now I'm back again.

 

>> [...] verified still working internally. [...]

I can connect to my server using my laptop while on the LAN via Remote Desktop Connection using the server's IP address, 192.168.1.2. I can connect to my DVR from two laptops while on the LAN with NetViewer and with two phones while on the LAN with ClearVue, accessing 192.168.1.10:9000. Those devices and those ports are working and no changes were made to either of them when switching providers.

 

>> {...] both servers with static IPs added to Address Reservations.

I know what a static address is. The server is set to 192.168.1.2 and the DVR is set to 192.168.1.10. They were not set by DHCP from the router. I modified the router to start address assignments from 192.168.1.11 and up. The second Netgear tech is the one that requested that I add those addresses to Address Reservations.

 

>> [...] Advanced->Advanced Setup->Port Forwarding /Port Triggering has both servers added for TCP/UDP Service Type. [...]

I have seen no selections that will provide me a command line prompt so that I could list what is saved. Let's see if the attachment shows up.

 

>> [...] my public IP address is [...]

>You might not want to publish that, but it is, at least, a "public IP
>address". The remaining question is whether it's also the IP address of
>the WAN/Internet interface of your router.

 

True, but then again, it is child's play to determine what blocks of IP addresses a local ISP has. And just as easy for a sniffer to look for targets. I'm afraid they are going to be really disappointed to learn there is literally nothing on it, as I use it as a training platform to try things out. Once I have port forwarding actually forwarding, it's super-easy to simply pick another port for the public side. Right now, I'm trying to keep things as simple as I can so I have less to troubleshoot.

 

>> [...] flash the currently available hotfix firmware, which I unsuccessfully have tried multiple times. [...]

Pretty straight forward. After downloading the file I was told to download, I extract the files. Then from the router, select Advanced->Administration->Router Update. Browse to and select the file R8000P-V1.4.1.56_1.3.14.chk, click upload. Click through the warning that all connections will be terminated. The router tells me to wait two minutes, not to reset it or do anything stupid to kill the router. BUT it takes about twice as long as normal, leading me to think that it tries to post the new firmware, fails, and then rolls back.

BUT my stupid self decided to try just one more time, because I'm sure it will work on the forth attempt! So THIS time, the router is providing Internet service, but is unaccessable. Oh yay, yet another factory reset and hope that it comes back up. I'm just a half a step from boxing this puppy up. See what I get after the factory reset...

 

Message 3 of 6
SyberWizard
Aspirant

Re: Port Forwarding, firmware V1.4.1.50_1.3.10

Ah, the plot thickens! While my ISP does not block any ports, they DO use a "doublel-NAT" configuration for residential accounts. Stay tuned ... same bat-time ... same bat-channel!

 

Yes, I am THAT old.

Message 4 of 6
SyberWizard
Aspirant

Re: Port Forwarding, firmware V1.4.1.50_1.3.10

End result: Lightband (my new ISP) uses a double-NAT for residential accounts, with no provisions for forwarding port requests through. I know it can be done (I've done it), but that would be a lot of grief for them to manage. I guess the upside is for all of those poorly protected home systems, this does make for a major headache for the script-kiddies out there.

End solution for me, my account was moved over to the commercial side. Everything IMMEDIATLY started working correctly. As I was not aware of the new ISP (or any other provider) doing a double-NAT, it never occurred to me. When I set up a second router that I know worked properly but would not forward the ports, something else was going on.

What's that line about ASS U ME? Dat be me, today!

Message 5 of 6
antinode
Guru

Re: Port Forwarding, firmware V1.4.1.50_1.3.10

> End result: Lightband (my new ISP) uses a double-NAT for residential
> accounts, [...]

 

      https://en.wikipedia.org/wiki/Carrier-grade_NAT

 

   That's why it's "1" in the list of "the usual problems with this
stuff".

Message 6 of 6
Top Contributors
Discussion stats
  • 5 replies
  • 1410 views
  • 0 kudos
  • 2 in conversation
Announcements

Orbi WiFi 6E