EXCellR8

Diamond Member
Sep 1, 2010
3,979
839
136
this is something i run into at least a few times per year... i have a private game server configured and running but whenever I test my router ports everything is reported closed; even if I enable DMZ on the server's IP. doesn't make any sense unless it's just my ISP blocking all of the ports that I would typically want to leave open.

i feel like the only time forwarding ever worked was with my older DD-WRT upgraded routers but those are long gone. now I have the Technicolor 8305c which allows forwarding and DMZ, but even after restarting it nothing appears to actually do anything... but internet connection is great.
 

Rifter

Lifer
Oct 9, 1999
11,522
751
126
I agree, get a better router. Never had an issue doing this with either a tomato based router or my current pfsense router..
 

EXCellR8

Diamond Member
Sep 1, 2010
3,979
839
136
i would totally set up another tomato router i liked that fw a lot--perhaps even more than vanilla DDWRT

i believe i have an ASUS router somewhere but iirc it was having power issues. i'll just have to figure something out.

thx
 

EXCellR8

Diamond Member
Sep 1, 2010
3,979
839
136
router is easy enough to use and nav but seems nothing ever really takes effect.

found the ASUS router... but it won't power up. looks like i already tried multiple power supplies, bummer...
 

EXCellR8

Diamond Member
Sep 1, 2010
3,979
839
136
UPDATE 5/8:

okay so i found a replacement router but still failed to make any headway. what should have been a 15 min implementation turned into nearly a 2 hour sh**show with super intermittent connectivity. basically, I had enabled Bridge mode on the modem/router and pre-configured the ASUS unit. Once the router was between the modem and firewall, though, nothing wanted to work and I couldn't log into the modem at all, just the router.

at one point it seemed like the router was all set and the link was live, but none of my computers would connect to the internet. eventually, i undid what i did and disabled bridge mode on the xfinity modem/router. i'm certainly a bit rusty but iirc am I supposed to clone the MAC of the ASUS router before I can actually connect everything client side to the internet?

here's how i wanted it set up:

internet => modem (bridged) => asus router => firewall => switch => many computers and a few access points

actually, should I place the firewall before the router and disable the router's firewall?
 

PliotronX

Diamond Member
Oct 17, 1999
8,883
107
106
What is the 'firewall' behind the Asus? Or do you mean the rules within the Asus? Verified UDP and TCP types? I have to agree it doesn't get any easier than DD-WRT but everything I've gotten my hands on has been able to do it somehow (special cases in very old Netgears not able to translate ports so I had to use portproxy on the Windows interfaces).
 

EXCellR8

Diamond Member
Sep 1, 2010
3,979
839
136
sorry the firewall is an ITX PC with untangle, a linux-based firewall OS. i tried pfsense awhile back but I could never get it to work. Untangle has been great, but I haven't even implemented it yet with the new router.
 

Fardringle

Diamond Member
Oct 23, 2000
9,184
753
126
You might be running into issues with double (or triple) NAT. If you want to keep using the Untangle router/firewall PC, I would connect that box directly to the ISP's modem/router and use it as your router/DHCP server/etc., then disable all routing and DHCP functions on the Asus, connect a LAN port on the ASUS to the internal LAN port on the Untangle and just use the Asus as a wireless access point. Then connect your internal switch(es) to additional LAN port(s) on the ASUS to provide wired connectivity to the other devices. Or connect a switch directly to the Untangle and connect the ASUS to one of the switch ports. Either way will work as long as DHCP is disabled on the Asus box.

That way you only have to deal with forwarding ports through the Untangle box and not through the Asus router AND the Untangle box.

Edit: Found a typo.
 
Last edited:

PliotronX

Diamond Member
Oct 17, 1999
8,883
107
106
That's exactly what I was thinking, is untangle in bridging or NAT? The former would definitely be a culprit while the latter could still be an issue if untangle is as aggressive as pfsense or sophos utm by default. Untangle is going to have a lot more potent security features so that should be the gateway/router alone.
 
  • Like
Reactions: EXCellR8

EXCellR8

Diamond Member
Sep 1, 2010
3,979
839
136
ok, thanks guys... having untangle manage DHCP, routing and port forwarding sounds good to me. pretty sure it's set to translation but it's been working flawlessly for the last year or so, so I rarely log into it. i will also flip flop the order of the router/firewall since that makes more sense because now I'm not even sure how I left it.
 

EXCellR8

Diamond Member
Sep 1, 2010
3,979
839
136
ughhhh im so dumb. according to the Untangle manual i printed out months ago the way I have it set up means it's bridging. having it after a switch is fine but if I want routing I need to have it right after the modem.

can we delete this thread and pretend it never happened?
 

EXCellR8

Diamond Member
Sep 1, 2010
3,979
839
136
couldn't get it to work anyway... modem becomes flaky as hell once bridge mode is enabled and the Untangle box cannot connect to the internet--yet the computers behind the firewall and switch were able to do so. at about 1am i was beat and i called it but yea it was a mega fail.