Port forwarding malfuction?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Port forwarding malfuction?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Port forwarding malfuction?
Port forwarding malfuction?
2023-03-06 13:20:46 - last edited 2023-03-07 19:51:00
Model: ER8411  
Hardware Version: V2
Firmware Version:

Hello dear forum,
I am desperate and hope that your swarm knowledge can help me.

 

The topic is NAT type and problems with port forwarding.

 

The following physical setup:
I have Vodafone as my ISP (Cable tariff Red Internet & Phone 1000) and they have provided me with a Vodafone station. This is running in bridge mode and after some initial difficulties seems to be running as expected. More about this later.
Behind it on LAN/WAN 11 is my Omada gateway (ER8411v1.0 firmware 1.0.2). Via SFP+ LAN/WAN1 I now connect to my Omada switch (TL-SG3210XHP-M2 v2.0 firmware 2.0.0) on SFP+ port 9. From there I go via SFP+ port 10 as downlink to the second switch (TL-SG3428X v1.0 firmware 1.0.10) on the uplink port SFP+ port 25. My Omada controller OC200 v2.0 firmware 5.7.6 terminates on switch 1.
 

About the logical network:
I have created the following LAN Networks:
Management 172.16.99.0/24 VLAN 99
Server 172.16.10.0/24 VLAN 10
Client 172.16.20.0/24 VLAN 20
IOT 192.168.71.0/24 VLAN 71
Guests 192.168.171.0/24 VLAN 171
Default 192.168.10.0/24 VLAN 1
I have changed the factory default LAN to the management LAN so that my routers/switches are in this VLAN.
All VLANS are encapsulated via the Network Security Switch ACL so that no traffic can take place between the VLANS. For my Admin PC, which has the following problem, there is an ACL rule that the IP Group (IP address of my Admin PC) is allowed to access all networks. This rule is for testing purposes and applies bidirectionally.

 

So now to my problem:
I am having connection problems with various online games. After research I found out that I get a NAT type strict with the client.
As a result, I have set up the following things:
 

Port Forwarding:
Rules for all ports colocated on the internet for Steam and the games forwarded to my PC- without success.
Rule for my PC as DMZ - without success.

 

For testing purposes:

Gateway ACL:
Direction LAN  WAN and [WLAN/LAN11] IN
Policy: Permit
Protocols: All
Source and Destinantion Type : IP_Group_ANY - without success

 

Backward Test

I connected my computer directly to the Vodafone station and the NAT type immediately changed to open.

 

Do you have any ideas what I can do. I would say that the port forwarding settings are not working at all on the gateway.

 

Thanks in advance

Kind Regards

Thorsten

  0      
  0      
#1
Options
10 Reply
Re:Port forwarding malfuction?
2023-03-06 14:35:09

  @TReimann 

Hi !

do you translate one port at once for the pc or do you translate a range of ports ?

  0  
  0  
#2
Options
Re:Port forwarding malfuction?
2023-03-06 15:15:34 - last edited 2023-03-06 15:18:23

  @Pascal 

I entered both in my Port forwarding list, please see below:

List of Port Forwarding

 

  0  
  0  
#3
Options
Re:Port forwarding malfuction?
2023-03-06 15:23:48

  @TReimann 

 

I am not a gamer, but have had a look through this?

 

steamcommunity*com/sharedfiles/filedetails/?id=561836866

<< Paying it forward, one juicy problem at a time... >>
  0  
  0  
#4
Options
Re:Port forwarding malfuction?
2023-03-06 20:02:12 - last edited 2023-03-07 19:52:07

  @d0ugmac1 

 

Hi ,

 

thanks for this hint, but it doesn't help. I worked through the guide, the only thing which worked for me is the section "Direct Connection".

So that means to me that there is either an miss configuration of my site or a malfunction of the router. My PC is the same without changing anything. When iI connect directly into the Vodafone Station it works fine (Nat type open), and when I connect back to the ER8411, I get NAT Type strict.

 

Regrads

Thorsten

  0  
  0  
#5
Options
Re:Port forwarding malfuction?
2023-03-06 20:30:21

  @TReimann 

seems you got the same issue than me,

apparently ER8411 is not ready to correctly manage Ports adresses translations.

I opened a ticket support with TP-Link, but once they seen I posted on the community they replied that an engineer take care my request now on the community forum.

Problem is the latest replies from both

as the enginner on the forum told they will fix this issue with the next BETA firmware.of the CONTROLLER.

I already insist to the fact that the router show same issue in Stand Alone mode and I doubt a update of the controller can resolve an issue append in Stand Alone mode....

NO REPLY from the engineer about this constatation.

This sound not good and I'm not really happy to spend money for a router ENTREPRISE level that's is clearly not working as expected with BASIC fonctions like ports forwarding.

  0  
  0  
#6
Options
Re:Port forwarding malfuction?
2023-03-06 21:39:25

  @TReimann 

 

So just to confirm:

 

1. if you remove ALL user port forwards, enable uPNP and power cycle the router it doesn't work?

2. if you remove ALL user port forwards, enable DMZ pointed at your PC address and power cycle the router it doesn't work?

 

(you can take a controller backup if you don't want to re-enter them all manually after testing).

 

The power cycle seems to be important with TPLink routers, I've experienced a few situations where a controller induced change didn't really take cleanly.

<< Paying it forward, one juicy problem at a time... >>
  0  
  0  
#7
Options
Re:Port forwarding malfuction?
2023-03-07 05:16:39

Hi  @TReimann 

 

What is the WAN IP address of your ER8411? Is that a public IP, or just a private IP?

 

This issue could be a result of double NAT. 

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#8
Options
Re:Port forwarding malfuction?
2023-03-07 10:41:48

  @Hank21 

Hi Hank,

 

it is a public IP.

Public IP

 

  0  
  0  
#9
Options
Re:Port forwarding malfuction?
2023-03-07 11:10:38

d0ugmac1 wrote

  @TReimann 

 

So just to confirm:

 

1. if you remove ALL user port forwards, enable uPNP and power cycle the router it doesn't work?

2. if you remove ALL user port forwards, enable DMZ pointed at your PC address and power cycle the router it doesn't work?

 

(you can take a controller backup if you don't want to re-enter them all manually after testing).

 

The power cycle seems to be important with TPLink routers, I've experienced a few situations where a controller induced change didn't really take cleanly.

  @d0ugmac1 Will try it in the afternoon and give feedback then.

Thanks

Thorsten

  0  
  0  
#11
Options
Re:Port forwarding malfuction?
2023-03-07 18:06:39

  @d0ugmac1 

 

Hello,


as promised, here is my test report for your suggestion:

What I have done:

1) Export the seetings of my OC200 controller.

2) Deleting all entries from Port Forwarding

3) Disable UPNP, because it was enabled for ale ntworks

4) Rebooting Router, rebooting OC200

5) Enabled UPNP ()

6) Test failed

7) Powered off my router again, wait one minute and powered on

8) Test again no change

9) Entered my PC under Port Forwarding as DMZ

10) Powered off my router again, wait one minute and powered on

11) Test again no change

 

Kind regards

Thorsten

  0  
  0  
#12
Options