Port-Forwarding - External-to-Internal port forward not working

Discussion in 'Tomato Firmware' started by occamsrazor, Jan 5, 2011.

  1. occamsrazor

    occamsrazor Network Guru Member

    I have a managed switch with admin web interface at and it's not possible to change the interface port 80. I'd like to be able to remote-administer it, but am already using Port 80 for something else on another device.
    So I figured I'd set up a port-forward using External port 8083 that gets redirected to Internal port 80 at

    On TCP ExtPort=8083 IntPort=80 IntAddress=

    ....but it doesn't work. When I access on the LAN it works fine, but when I access http://xxxxx.dyndns.org:8083 it doesn't.

    Any ideas what I am doing wrong? Thanks...
  2. rs232

    rs232 Network Guru Member

    I guess you're testing this from the very same LAN where the managed switch is located.

    If this is the case make sure to have
    nat loopback set to "all"
    set under advanced/firewall

  3. occamsrazor

    occamsrazor Network Guru Member

    Thanks. I was testing on same LAN and had NAT Loopback Forwarded-Only. However I then tried it from a remote system, and it still didn't work. Now I've tried with NAT Loopback=All on the remote system, and also doesn't work.
    If I connect with OpenVPN, thus getting a LAN IP address, I can connect on Port 80, but without VPN still can't connect remotely via 8083.
    I've checked the switch to see if I could find any kind of authentication or access-control that might be preventing access even when the port was forwarded but can't see anything.
    If it helps, it's a Netgear GS108Tv2.
  4. rs232

    rs232 Network Guru Member

    It should work with "loopback all" set. Have you rebooted the router after you made the change? It might help...
  5. occamsrazor

    occamsrazor Network Guru Member

    Just rebooted, still no luck...

    I then tried doing an External to Internal port-forward for my VOIP box with External 8085 to Internal 8081 (the normal admin port I use for that box) and it worked fine.

    Then I thought it was maybe a problem unique to Port 80 so I changed the VOIP box to use admin port 80, and did an 8085-to-80 port forward and it also worked fine.

    So it would appear the External to Internal port forwarding is working fine, and it must be something unique to how the Netgear switch is set up. There must be something preventing it from answering requests from outside the LAN. I'll try to look into this further....
  6. Toastman

    Toastman Super Moderator Staff Member Member

    Mmmm - as you can see below, I have run an FTP server on my RT-N16 for some time, and an HTTP server on a LAN machine. NAT loopback is set to forwarded only, external port 21 is forwarded to the router IP Port 80 is forwarded to the LAN machine. Both work from WAN or LAN.

    Your problem could be the way you are trying to use ddns. Does your ddns service allow you to add a port number on the end, or must this be specified as the http port on their server?
  7. occamsrazor

    occamsrazor Network Guru Member

    I've had no problems port-forwarding with ddns before, and have lots set up. E.g. I can access my VOIP box via:


    That said this is the 1st time I've tried having different internal and external ports. But as you'll see from my test above, it worked fine when accessing the VOIP box using different internal and external ports, even when the internal port was 80, so the only conclusion I can come to is that it's something to do with the switch.
  8. TT76

    TT76 Networkin' Nut Member

    check out your switch configuration,see if it restricts remote access.
  9. Toastman

    Toastman Super Moderator Staff Member Member

    I have just forwarded port 8083 to the same webserver. See if you can access it with http://toastman.dyndns.org:8083 .

    It doesn't work from here inside my LAN. Either loopback set to all or forwarded only.

    I used to use this to access AP's from the WAN, but it isn't working now. Interesting.
  10. occamsrazor

    occamsrazor Network Guru Member

    That's not working for me.
  11. Toastman

    Toastman Super Moderator Staff Member Member

    Yes. Something has changed, but what? I have several remote sites set up with dyndns.org where I could previously access each AP on e.g. port 8001 for AP1 etc ... but just tried them, no longer working. Odd.

    Just trying a setup which uses freedns.afraid.org - that also isn't working in this manner.

    These sites have been untouched for months, nothing has changed on their config, something external has changed. mm maybe web browsers ... ?
  12. TT76

    TT76 Networkin' Nut Member

    try to set authentication type to NONE in management security in the switch
  13. Toastman

    Toastman Super Moderator Staff Member Member

    Tried several versions of firmware going back several months. Nope. Only able to forward to the same port here. Much headscratching ...

    Aha --- Scratch that.

    I rebooted the entire system here (all AP's, switches, and routers) and when it came up everything is working properly. Why I don't know because the router of course has rebooted when the firmware was changed. But I think you'll see this is working now http://toastman.dyndns.org:8083/

    These are not managed switches ... but ...

    Evil spirits...

    Addit ... just phoned one site and got the staff to switch off UPS and back on again. AP's are now reachable. This is interesting, no? Probably not much use to you though!
  14. occamsrazor

    occamsrazor Network Guru Member

    This seems the most plausible explanation. I'll try a full exorcism when I get home, followed by a reboot....
  15. occamsrazor

    occamsrazor Network Guru Member

    Now it's working, clearly it was evil spirits as you suggested.
    But seriously still strange, because I'd done a couple of router reboots (using the "reboot" option in Tomato) without it working, and seems you experienced the same.
    This time I pulled the power plug on the router, switch, and adsl modem.... and it worked.
    Anyway thanks a lot for your testing...
  16. Toastman

    Toastman Super Moderator Staff Member Member

    I'm glad it seemed to work for you too, but I'm rather surprised I never noticed this before. I've since managed to restart the other locations and they too are now working and I can access the AP's via portforwarding. I have no explanationfor this, other than the evil spirits:biggrin: It's embarrassing when this kind of thing happens, I thought I was delirious or something!
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice