ER8411- NAT - Virtual server - large range of ports translation not working - both SDN/SA modes
Hello,
I have replace the TL-ER6120 v3 with a ER8411 1.0.2.
I'm now facing front of big issue with range ports forwarding needed by my server.
In controller mode (OC300 5.7.6) :
First bug when I tried to add UDP ports range forward from 9000 till 10999, the controller replied that the start port must be lower to the end port, and I was forced to use 2 separates rules to add all those ports, 9000-9999 then add 10000-10999.
But even this bug forms turn around, the tests to check the reals ports mappings failed with showing shuffle externals ports opened (ex. 9000 IN->>29929 OUT), and I can’t get the right access to the server if behind the ER8411.
In Standalone mode:
I didn’t met the bug of non acceptance port entry 9000-10999, but the mapping ports issue is the same than in controller mode, wrong ports opened EXTERNALY..
Temporary, I have now reconnect the TL-ER6120 in front of/before the ER8411 to make the server again online, as I don’t have any issue with his ports mapping settings, and I have connect the ER8411 behind/after the ER6120. (using 2 NAT is in despite a temporary solution)
I can confirm that ER8411 can correctly manage/translate/forward ONE port mapping, but in my case it can’t be a solution to setting hundreds ports opening one by one.
Maybe I'm missing out something here with my settings ?
ISP directly connected to Wan/Lan4 port ER8411 and got dynamic IP
Server directly connected to Wan/Lan8
DHCP running from ER8411 -- IP reserved for the server 192.168.10.50
NAT-Port Forwarding rules:
Does anyone got some issue with large range ports forwarding with the SDN5.6.7 and ER8411 1.0.2 ?
Best Regards,
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hello @shberge
not yet,
I will do the update this weekend and then next week go on place to test again with the V1.0.3.
I don't have any real support from TP-Link...this is really bad as I had provided all the reports and tests results request.
This is unbelievable that they don't care so much about issue with brand new enterprise router.
I don't want to go to another solution but they do all in that sens.
does this version 1.0.3 have something to do with firewall or NAT port forwarding functionalities ?
I read the tch.note and there is nothing about this.
Also how may have a real follow/support from TP-Link with my issue ?
Thank you.
- Copy Link
- Report Inappropriate Content
I have also tried to contact support about different ER8411 bugs but have given up, the latest firmware has fixed something, site to site vpn is much faster and cpu has slowed down a lot, there are still problems with OpenVPN, SSL VPN I haven't bothered to test yet,
I also use port NAT but not so many ports so it works for me.
- Copy Link
- Report Inappropriate Content
Hello @Pascal
Pascal wrote
does this version 1.0.3 have something to do with firewall or NAT port forwarding functionalities ?
I read the tch.note and there is nothing about this.
Also how may have a real follow/support from TP-Link with my issue ?
I don't think 1.0.3 firmware has fixed NAT related issue. And its release note didn't mention it either.
Sorry to hear that you don't get real support perviously. To better assist you, I've created a support ticket via your registered email address, and escalated it to our support engineer to look into the issue. The ticket ID is TKID230335159, please check your email box and ensure the support email is well received. Thanks!
- Copy Link
- Report Inappropriate Content
Hi All,
I'd like to summarize the issues reported in this thread. Here are the main issue description:
Pascal wrote
In controller mode (OC300 5.7.6) :
First bug when I tried to add UDP ports range forward from 9000 till 10999, the controller replied that the start port must be lower to the end port, and I was forced to use 2 separates rules to add all those ports, 9000-9999 then add 10000-10999.
But even this bug forms turn around, the tests to check the reals ports mappings failed with showing shuffle externals ports opened (ex. 9000 IN->>29929 OUT), and I can’t get the right access to the server if behind the ER8411.
In Standalone mode:
I didn’t met the bug of non acceptance port entry 9000-10999, but the mapping ports issue is the same than in controller mode, wrong ports opened EXTERNALY..
The first bug mentioned in the initial post is the front-end issue of the Controller, which has been fixed in Omada SDN Controller 5.9.31.
And the subsequent firmware update of OC200/OC300 will fix the issue as well.
The second issue about the wrong mapping ports has been reported to the engineer for further investigation. I'll try to provide an update when there's progress.
- Copy Link
- Report Inappropriate Content
Thank you @Fae for the ticket support, with your intervention It's now a much better approach from TP-Link to handle my issue.
About the small bug to enter 1 nat rule for ports range 9000-10999, I see that the SDN V5.9.31 is actually not available for OC200/300
We will need to wait a little to test it with hardware controllers.
About the issue with wrong ports int. mapping,
The R&D have located some problem and sent me a Beta Firmware 1.0.2_20230309 to test it.
I don't know if test a 1.0.2 Beta is the best way, as the 1.0.3 is now in final/public release, but I will play the game and hope
this will help R&D to catch my issue and maybe some others UPNP or NAT bugs seen on others discussions. Hope this will give a jump to the V 1.0.4.
By the way, I don't have any issue with OPENVPN, this one work very well with V1.0.2public release
Will keep you in touch about my test beta firmware, this will be done today.
Best Regards,
- Copy Link
- Report Inappropriate Content
Hello @Pascal
Thank you for sharing the progress. Glad to hear that the R&D team has located the issue and provided you with a Beta Firmware to test. Hope the issue be resolved soon! I look forward to your further update about the beta firmware.
- Copy Link
- Report Inappropriate Content
Hello @Fae
Got a good news
The beta firmware resolve completely the issue
I got now a FULL CONE NAT ports mapping and got some better internet speed response and latency compare to the TL-ER6120.
here is the successful test made yesterday, and so far so ggod all is running fine during now 24h00.
I will reply to my email ticket support with this happy feedback.
Does the fix from this Beta Firmware will be integrate into the next public-official firmware release, in our case maybe the 1.0.4 ?
Cheers,
- Copy Link
- Report Inappropriate Content
Hi everyone,
Router: ER8411 V1.0
Firmware Version: 1.0.3
SDN Version: 5.9.31
have the same issue that my new ER8411 cant map the ports correctly to my 3CX PBX Server. Mapping is all over the place.
Since Version 1.0.3 doesnt fix this problem it is possible that I can receive the BETA Firmware where this problem is solved ????
Greeting
WALTER
- Copy Link
- Report Inappropriate Content
Hi @WallyRT
Hi,
Here is the link for the Beta Firmware.
Always be careful with Beta in production environment :
TP-LINK_ER8411_UN_1.0.3_20230411_BETA firmware Fix 3CX and FULL CONE NAT issue & NAT Type on the Xbox or Playstation 5 is still detected as STRICT NAT or TYPE 3
Officially posted here: "Solution to ER8411 NAT - Virtual Server or UPnP Not Working Issues"
- Copy Link
- Report Inappropriate Content
Hi @Pascal
TPLink Support was so kind and provided me with the Beta Firmware. Now NAT Mapping seems to work correctly.
Unfortunately I have to say that I find it a bit shameful for TPLINK that in a business router something as simple as port forwarding does not work correcly.
I hope that TPLINK will fix the problem in the next final firmware version.
Greetings
WALTER
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 4222
Replies: 26