Port forwarding problem

Discussion in 'Tomato Firmware' started by xgosselin, May 22, 2009.

  1. xgosselin

    xgosselin Addicted to LI Member

    I just flashed my WRT54GL with Tomato. Before (with Linksys 4.3 firmware) I was able to forward my P2P ports without any hassle.

    Now, I just can't. I've tried pretty much everything (setting a static IP, changing ports, Static WAN, etc.) and I'm just not connectable (canyouseeme says there's either a refused connection or a timeout). I'd really like some help on this one, as I've even tried going back to the Linksys firmware, where everything worked except the previously-functionning forwarded ports.

    So now I'm back with Tomato, trying to figure out what the heck I'm supposed to change in order to get my ports open again.

    I've checked out the forums, but there has not been any definitive answer and this seems a common problem. Oh, and UPnP does not work either, and I'd prefer not using it if possible (just like before I flashed).

    Thanks in advance!
  2. Kiwi8

    Kiwi8 LI Guru Member

    Just to be sure, did u do a thorough NVRAM reset after flashing Tomato and manually inputting the settings?
  3. bripab007

    bripab007 Network Guru Member

    Actually, it's not common at all. I think you're the 2nd or 3rd person I've seen who's experienced this phenomenon. Tomato wouldn't have gained the popularity it has if it was breaking people's port forwards that often.

    I'd suggest doing a 30-30-30 reset and re-flashing, perhaps using TFTP instead of web GUI.
  4. xgosselin

    xgosselin Addicted to LI Member

    I have done a 30-30-30 reset, set everything back manually (I don't seem to be able to use TFTP, I'm on OS X and not using a buffalo router), and it still does not work. I'm not happy at all about this, as port forwarding with the Linksys firmware was easy as pie. Now, not only can I not do it on Tomato, but even if I go back to the Linksys firmware I still can't forward ports!

    Here are pictures of my setup, in case it could help:

    It's on the 6881 and 50000 ports that I can't forward, the others I don't care about.

    Thanks for any help!
  5. bripab007

    bripab007 Network Guru Member

    Have you tested a common port forward like FTP (21) or VNC (5900)?
  6. msb113

    msb113 Addicted to LI Member

    I had the same problem when I set up my Asus wl-500gp v2... kept banging my head why port 5900 and 5502 would not forward but others would... then I remembered to enable "Respond to ICMP" under "Firewall" and all s good :)
  7. xgosselin

    xgosselin Addicted to LI Member

    Weird, port 5900 works if I put it in, (basic port forwarding) but not 21. Did the exact same thing, and canyouseeme.org can only see 5900.

    And checking "Respond to ICMP ping" in the firewall settings doesn't change anything for me. Anything else I could try?

    Edit: Ok, when I uncheck that ICMP setting, port 5900 works but not port 21. It's one or the other, depending on that setting. ???. But my other ports (6881, 50000) don't work on either setting.
  8. pixelman

    pixelman LI Guru Member

    Could it be your ISP? Don't some ISP's block certain ports?
  9. xgosselin

    xgosselin Addicted to LI Member

    No, I can't forward any "random" port. I've tried everything and I'm starting to get desperate...
  10. micko_escalade

    micko_escalade Network Guru Member

    Why do you want to port forward two ports, why not just 50000 ?
    Are you sure your mac has correct IP ?
    I had random failure of port forward with DD-WRT, we're talking weeks sometimes months and that's why I switched to Tomato. I hope I won't have same issues.
  11. fyellin

    fyellin LI Guru Member

    Any chance that your torrent client is trying to use uPnP to open the connections it wants? I'm not sure how well port forwarding and upnp work together.

    Try getting rid of the forwarding and let the torrent open the ports on its own.
  12. Toastman

    Toastman Super Moderator Staff Member Member

    Are you using uPnP? That's usually quite trouble free.

    I have had similar problems reported when using "canyouseeme". The moot point is, that you have the problem even when using the linksys firmware, so something has broken, since the last time you had it working correctly. It's unlikely to be Tomato or the router. So going back to the problem, "canyouseeme" cannot check portforwarding per se. It only knows if it gets a response from a server running on the other side of the firewall. One explanation is therefore that your P2P application does not respond, takes too long to do so, or it is not the expected response. Likewise other apps. In my case, for example, a forward to a web server did not work. However, the cause was a problem in my O/S. Also, I use uTorrent a lot. Much of the time, "canyouseeme" reports a problem, but the green indicator remains illuminated and the torrent speed is normal.

    Can't think of anything else to suggest, so good luck.
  13. apinunt

    apinunt LI Guru Member

    I sometimes have a problem with port forwarding too, and the only way I've been able to get the port to forward is to change the port I'm forwarding to a new one, save the change in tomato, change it back to the original port, saving it in tomato, and to keep doing that until the port will finally test as open once again using 'grc.com'. I'm using tomato 1.25 now and had the same problem using 1.23, but now it seems to be a little worse than before.
    If anyone else has this problem and eventually finds a solution, I would greatly appreciate learning what it is. This was not a problem several updates ago, as I used to be able to pick any port at random and forward it successfully with just one try. Now I have 3 ports forwarded, one for each computer, and occasionally one of them will cease to forward causing me to go through the process I mentioned until it will forward again, and I've even tried opening up large ranges of ports checking to see which will test open and none will on the first try. My ISP tells me they don't block any ports at all.
  14. Toastman

    Toastman Super Moderator Staff Member Member

    Hmm. I tried grc.com on a router know to have correctly forwarded ports, and was politely informed that my ports were not open. Seems to be a somewhat useless website.

    FYI I forward a port for each AP's remote access, web servers, mail, and ftp servers at several different sites. Total 30+ forwards. Manual forwards always worked perfectly, and so has the UPnP - and we have several hundred users online whose machines generally have no problems. I've never had to keep changing as you describe. I can't help thinking that the torrent client is not working properly, and that your port is being forwarded but the application does not respond. (I assume it has a default route set back to the gateway?)

    Does MSN Windows Live Messenger open ports successfully? That would be a good indicator.
  15. apinunt

    apinunt LI Guru Member

    Until about 2, perhaps 3 Tomato updates ago I had no problems at all with port forwarding. I usually use grc.com to test but tried canyouseeme with the same results. When the router was working properly, I could forward any port at all without starting any application that would use the port and test it as open successfully. Using Basic Port Forwarding in Tomato 1.25 no longer works except occasionally, and then for an uncertain duration of time. No matter what I use to test the port I get the same results showing it open or closed, and when showing closed it is accurate as I usually get an email from my tracker telling me my port appears to be closed, and my speed suffers greatly, as well as uTorrent displaying a red icon at the bottom. UPnP gets around the problem, but I feel I should be able to use either method of forwarding ports successfully.
    I've not yet tried clearing NVRAM to see if that might have something to do with the problem as I have to wait for an opportune time to gain full access to the router. Should that prove to eliminate the problem I will post stating so. Thanks to all who have responded.
  16. bripab007

    bripab007 Network Guru Member

    Do you normally clear the NVRAM when performing version upgrades?
  17. apinunt

    apinunt LI Guru Member

    "Do you normally clear the NVRAM when performing version upgrades?"

    No, and I've never noticed one that suggested I do so.
  18. Toastman

    Toastman Super Moderator Staff Member Member

    Well, if you did not clear the NVRAM as recommended, anything could happen. Hopefully, that will fix it. What you are experiencing is not normal. Good luck !
  19. bripab007

    bripab007 Network Guru Member

    "Well there's yer problem right thayer!" :biggrin:

    Yes, it's generally been recommended to do an NVRAM before AND after flashing to a new Tomato firmware.
  20. apinunt

    apinunt LI Guru Member

    Thanks to all for the suggestions, and once I get to a point where the router can be taken out of service I'll verify if clearing the NVRAM is the solution and post the results. In the meantime UPnP is allowing the ports that are also forwarded under Basic Port Forward to be opened when the application using them is active, and the port closes when the application is stopped ignoring the Basic Port Forwarding which should not depend on the application being active to open the port.
