1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

port forwarding on WRT54GL and Tomato v1.19

Discussion in 'Tomato Firmware' started by c_martini, Aug 5, 2008.

  1. c_martini

    c_martini Addicted to LI Member

    The only way to successfully port forward on this model router using tomato v1.19 is using the upnp setting with a upnp enabled app (torrent client with upnp forwarded port). Normal port forwarding does not work properly as the ports remain closed despite proper setup/disabling firewalls etc. This function does work properly with stock Linksys firmware.

    I usually access my home pc from my office using vnc tunnelled through ssh. This worked fine previously (forwarding port 2222 for ssh and 5901 for vnc to the pc). It was when I began using the tomato firmware that it stopped working even though I use the exact same port forward settings. I also tried accessing the vnc port directly with no luck. It seems others have had this issue without resolution.

    I think it could be a bug in the firmware as port forward settings are pretty straightforward.

    Does anyone know if this issue could have been resolved in a later release, such as v1.20 or v1.21?

    :confused:
     
  2. bripab007

    bripab007 Network Guru Member

    For what it's worth, I've been doing SSH-tunnel-to-VNC via port forwarding on Tomato 1.19, 1.20 and now 1.21 on my WRT54G with no problems.

    I understand the WRT54GL is slightly different than my model, but they use the same firmware build. Since you're also new to Tomato, are you quite sure you've configured everything correctly?

    Perhaps you could post screens of your router web config.
     
  3. c_martini

    c_martini Addicted to LI Member

    Sure. I am new to Tomato so its entirely possible I could have got something wrong in the settings. Screenshot attached:

    [​IMG]
     
  4. bripab007

    bripab007 Network Guru Member

    If you're using an SSH tunnel, you shouldn't have to also port forward your VNC port (5901) to the outside, as you're already on the inside of the network.

    So after you make your SSH connection at "external address:2222" (which is then port-forwarded to 192.168.1.2:2222), do you then VNC to 127.0.0.1:5901 ? If so, then you can just turn off that 5901 port foward for 192.168.1.2.

    But I don't think that would cause a problem, necessarily.

    So when are you actually getting an error or running into a problem? At which point in the connection process?
     
  5. c_martini

    c_martini Addicted to LI Member

    Yes. I just added the 5901 port forward to test as I was having no luck with ssh.

    Yes. I vnc to 127.0.0.1:5901

    Any kind of connection to the inside of my home network from outside is blocked, from any port. SSh, VNC.. anything. Using a couple of those online port scanners shows the forwarded ports as being closed except those that are opened by a upnp enabled app.

    Since I am accessing my home pc from my office, the machine i access my home network through runs Windows Vista using putty for the ssh connection. It fails with the error: "Network error: Connection timed out"
     
  6. bripab007

    bripab007 Network Guru Member

    Let me ask this: did you just upgrade to Tomato? Did you do an NVRAM erase before and after the firmware upgrade?

    I ran 1.19 for a long time, and it was incredibly stable. V. 1.21 seems to be the next good one to move to. If I were you, I'd do an NVRAM erase on your current version, upgrade to 1.21, do another NVRAM erase, and try port forwarding again.

    I've put Tomato on quite a few routers so far, and I've never seen a broken port fowarding service.
     
  7. c_martini

    c_martini Addicted to LI Member

    Hmm. Good suggestion. Actually, I just upgraded to tomato and rebooted the router, doing an nvram erase after rebooting it. Its been running like that for over a month.

    I can try backing up my config settings, then doing an nvram erase, upgrading to version 1.21 and then another nvram erase and see if that helps...
     
  8. bripab007

    bripab007 Network Guru Member

    Yes, but I would not restore those backed up config settings to 1.21. I'm not sure if that's what you were suggesting, but most folks recommend against doing that even when there are no major changes between versions, let alone when making a larger jump like this.

    Good luck, and let us know how it goes!
     
  9. c_martini

    c_martini Addicted to LI Member

    Oh ok. Hmm, so I guess I will have to make screenshots of the settings pages :frown: oh well.. Will see how it goes.
     
  10. bripab007

    bripab007 Network Guru Member

    Yes, you know what makes it a bunch easier? Try out this add-on for Firefox called Scrapbook: https://addons.mozilla.org/en-US/firefox/addon/427

    It makes it really easy to save webpages on the fly, exactly as they are. Then you can pull up both the new firmware's web GUI and have the old one up in another tab via Scrapbook, and just switch back-and-forth, copy-and-pasting all your settings over. Really makes fairly quick work of it, and it's worth knowing you entered the settings correctly for a fresh start.
     
  11. c_martini

    c_martini Addicted to LI Member

    ok, I have now erased nvram, upgraded to v1.21, erased nvram once more. Unfortunately still no joy on those ports. Again, upnp port forwarding working fine but manually forwarded ports remain closed :confused:
     
  12. bripab007

    bripab007 Network Guru Member

    Wow, that's pretty wild. I cannot imagine what could possibly be the problem. There are plenty of folks running Tomato on WRT54GLs, too, so if it were a widespread problem, you'd think we'd have heard of it.

    Why don't you try to set up the necessary ports in the Port Triggering section to see if that makes a difference?
     
  13. c_martini

    c_martini Addicted to LI Member

    I don't think port triggering will solve my problem. ssh only listens on a port that is already open. As far as I know, there isn't a way to have it trigger an outgoing port to open the incoming one. I obviously cannot trigger the port to open from the outside. That would pose a security issue. Anyhow, that is not the same as normal port forwarding which should keep a port(s) open regardless of the activity on either side of it. Even using upnp would not solve the problem. It was just that the torrent client I use both in Windows and in Linux both have upnp forwarding options which I enabled and discovered that they work in opening the port necessary.

    So am still at a loss as to why this still doesn't work :confused:
     
  14. lanbell

    lanbell Guest

    isp problem?

    traceroute your ip
     
  15. c_martini

    c_martini Addicted to LI Member

    I have previously ruled this out as the port forwarding worked right up until loading the tomato firmware into the router a few weeks back
     
  16. blackflare

    blackflare Guest

    Im having the exact same problem as c martini, actually found this in google searching for forwarding problems with tomato. I keep resetting it and testing the ports and they wont open. The only ports that work are upnp triggered ports for some reason.
     
  17. KarmaKalls

    KarmaKalls Guest

    I had a similar problem after I bought and "Tomato'd" a brand new WRT54GL yesterday. I ended reinstalling the latest Linksys firmware and still had the problem. Hmmm...

    After a bit of tinkering, it turned out to be that the Default Gateway on my inside server was incorrect! Should have been 192.168.1.2 (and was set at 192.168.1.3). Once I fixed this, port forwarding worked perfectly.

    Best of luck!

    ---

    orlando:~ # route -n
    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    0.0.0.0 192.168.1.3 0.0.0.0 UG 0 0 0 eth0

    orlando:~ # route del default gw 192.168.1.3

    orlando:~ # route add default gw 192.168.1.2
     
  18. zorkmta

    zorkmta LI Guru Member

    Where can i make this change the gateway on the router?
     
  19. c_martini

    c_martini Addicted to LI Member

    Its now been over a month and there is still no luck with a fix or working solution for this. I fear I will have to go back to using the factory firmware. So now its weighing the pros and cons of either having port forwarding or the extra features the tomato firmware provides...
     
  20. baldrickturnip

    baldrickturnip LI Guru Member

    port forwarding , Gateways and WAN :D

    I have a couple of IP network cameras on my network which I can access via the internet - my main 54GL running tomato has ports forwarded to their webserver ports.

    Now I wanted to give access to a couple of the cams to someone else in the Building , so I bought another 54GL , configured the LAN to fit into my network , linked it to the LAN of my main 54GL and then set the WAN port on the new router to static and gave it an IP to fit into the new network. I then forwarded the ports for the cam webservers and thought it would all be fine - but.

    I can point the browser from outside across the forwarded port to the cam but as the gateway on the cam is set to the main 54GL I get no reply to the machine sitting waiting patiently outside on the secondary WAN port. If I change the gateway on the IP cam to the secondary router it works fine , but then I cannot connect to the cam from the internet.

    is there a way I can make it reply to the WAN port that has made the request ?

    explanations or directions to reading material are appreciated
    :D
     
  21. baldrickturnip

    baldrickturnip LI Guru Member

    I have been doing a bit of googling and reading and have some more questions :)

    do I need to add a persistant route to the main router to tell it that any packets destined for the 192.168.1.x network need to go to the new secondary router ? do I need to add some rules also to the secondary router so it will pass the packets to the WAN port and onwards ? where does all this info go in the tomato GUI ?

    thanks
     
  22. baldrickturnip

    baldrickturnip LI Guru Member

    :)

    in the end it has proven to be quite easy

    at the main gateway router which the cameras have set as their gateway I went to Advanced , Routing and added a static route to the static routing table.

    Destination 192.168.1.0 < the new network I was connecting to my network via the WAN port on the new WRT54 >
    Gateway 192.168.222.12 < the LAN address of the new WRT54 >
    subnet mask 255.255.255.0
    metric 0 <automatic route>
    interface LAN

    so now I can connect to the cameras from the internet via the port forwarding on the main gateway router and people on the other network (192.168.1.x) can access the cameras via their browser with 192.168.1.12:<port number> and the ports are forwarded to the camera IP's
     
  23. ThinkHarder

    ThinkHarder Network Guru Member

    I'm having an issue with port forwarding too. It simply will not work, DMZ doesn't either. Seems UPnP does though. Using Version 1.22. There has to be something going on here?
     
  24. bripab007

    bripab007 Network Guru Member

    Man, c_martini's problem was still in the back of my mind. There are so many Tomato users out there, I can't imagine why more people wouldn't have come across this problem if it actually exists. It must be related to a very specific version of the hardware, would be my guess.

    Which router are you using with Tomato, and did you do the NVRAM reset both before and after flashing to 1.22?
     
  25. ThinkHarder

    ThinkHarder Network Guru Member

    WRT54GL 1.1, yes I did the NVRAM, both via the settings and also by the reset button. Strangely it doesn't work in any firmware either. Could it be a hardware issue with the router?
     
  26. Craigus

    Craigus Guest

    It looks like I can confirm this here as well. Have just commssioned an WRT54GL running Tomato 1.22 to replace my Monowall router and manual port forwarding does not work. Upnp is fine.

    Edit: Or not. After a couple more router reboots, it now works.
     
  27. chigo58

    chigo58 Addicted to LI Member

    I can confirm something similar too on x2 WRTGL's 1.1, both now on v1.23 - main one was upgraded from DDWRT, secondary one was upgraded from Linksys FW - (forgot to clear the NVRAM on main one - will do that later today) - also only rebooted once but apart from this issue, everything works lovely.

    (Routers are connected via WDS+AES - worked flawlessly in 5 min flat)
     
  28. bripab007

    bripab007 Network Guru Member

    I would recommend an NVRAM reset from the software, then from the hardware (reset button on the back of the router).
     
  29. chigo58

    chigo58 Addicted to LI Member

    Indeed - unf I'll have redo all my custom settings :( Will post back the outcome.

    Update: Due to a MS update last night my PC decided to (conveniently :mad: ) reboot on its own closing my linux instance which was listening. Fired it up again and port forwarding works! Didn't even have to reset the NVRAM.. :thumbup:
     

Share This Page