Port forwarding not working correctly with new Archer GE800
I run a reverse proxy on my network that points to home assistant.
I got a new Archer GE800 and installed/configured it but the port forwarding is not working.
I am forwarding port 80 and port 443 but I cannot connect to my site. If I add the server IP as the DMZ the connection works fine, so I know it isn't an issue with my reverse proxy or DNS. The services are accessible through their ip:port on my local network so I know theyre working as well.
I looked through all of the settings and I dont see anything obvious as to why this isnt working. This setup was working fine with my previous router.
Can anyone help? To me it seems like ports aren't forwarding.
canyouseeme.org reports that ports 80 and 443 are indeed open, but I still cant reach my services. What is going on here? This really doesn't make sense.
I would say this is a problem with my setup but since putting the server in the DMZ makes it all work it has to be an issue with the router.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
The TPLink engineers told me this is expected behavior. They claim the DMZ takes priority over manually forwarded ports. I don't know if that's per IEEE spec or not but I'm just going to accept it. Either this router or my old Netgear cax80 had incorrect behavior.
They told me to leave my manual forwards and instead of using DMZ forward every other port to my Nintendo Switch. I tried that but my Nintendo Switch still reports Nat Type B instead of A.
All a bit frustrating but I use my Nintendo Switch infrequently so not a huge deal for me.
- Copy Link
- Report Inappropriate Content
Well I fixed this but it doesnt make sense.
I had the DMZ server turned on and set to the IP of my Nintendo Switch so it doesn't get NAT restrictions.
For some reason turning off the DMZ server fixes my port forwarding issue.
Makes no sense maybe someone from TP Link could chime in?
- Copy Link
- Report Inappropriate Content
Thank you for posting in the community.
Could you please confirm whether you're enabling the DMZ for the proxy server or the Nintendo Switch? After disabling the DMZ, is port forwarding now functioning properly?
I'm not sure why this issue occurred, but it seems there may have been a conflicting setting. If you're unsure which settings caused the conflict, I recommend resetting the GE800 to factory defaults. After that, set up port forwarding for the proxy server to see if you can access it externally.
If you can access it, that means port forwarding is working. You can then reintroduce other settings one by one to identify any that may cause issues.
- Copy Link
- Report Inappropriate Content
Thanks for the reply.
The port forwarding is for the proxy server. The DMZ is for the Nintendo Switch.
Here are my exact setup steps:
1. Configure and turn on port forwarding for three ports on my server at 192.168.0.28.
At this point port forwarding is working correctly
- canyouseeme.org says the ports are open
- The services using those three ports are accessible from inside and outside my network
- Doing tracert shows that the domain is resolved in a single hop, which is expected and correct.
2. Turn on the DMZ and point it to my Nintendo Switch at 192.168.0.14
At this point port forwarding is not working correctly
- canyouseeme.org says the ports are open
- The services using those three ports are NOT accessible from inside or outside my network
- Doing tracert shows that the domain is not resolved. The first hop is exactly the same and is correct, but then it attempts a second hop which times out.
- This behavior happens with any DMZ Host IP.
I'd rather not reset the GE800 if I don't have to but if that's the only thing to try here I could give it a shot.
I'm almost totally sure this is a bug in the firmware. It seems pretty cut and dry here; when the DMZ is off port forwarding works. When DMZ is on port forwarding doesn't work.
- Copy Link
- Report Inappropriate Content
Thank you very much for the detailed description. It is very clear now.
I agree that there’s no need to reset the GE800 at this moment until we confirm whether there’s an issue with the port forwarding and DMZ settings. I will ask our support engineers to investigate further and will have them contact you once this is confirmed.
They will reach out to you at your registered email address, so please keep an eye on your inbox for their follow-up. Thank you!
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
The TPLink engineers told me this is expected behavior. They claim the DMZ takes priority over manually forwarded ports. I don't know if that's per IEEE spec or not but I'm just going to accept it. Either this router or my old Netgear cax80 had incorrect behavior.
They told me to leave my manual forwards and instead of using DMZ forward every other port to my Nintendo Switch. I tried that but my Nintendo Switch still reports Nat Type B instead of A.
All a bit frustrating but I use my Nintendo Switch infrequently so not a huge deal for me.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 360
Replies: 6
Voters 0
No one has voted for it yet.