Hi guys, I’m very stuck on this issue so I hope someone can offer some helpful insight. I’ve also been talking to netgear support for a few weeks and haven’t gotten anywhere close to a fix.
I’ve been trying to set up port forwarding on my netgear R7000 for a few VM’s I’m running and no matter what I try in the router GUI, when I check the ports with a tool like portchecker.co they always show up as closed, despite being properly forwarded in the router. One interesting observation is that by setting up remote management on the router, the port you choose is opened. However, when setting up a VPN service the port you choose is not opened.
As a bit of context, before my old router died these same ports were forwarded just fine so it’s probably not an issue with my ISP and I’ve moved the server connection from a network switch directly to the router to rule that out. It’s not just an issue with FreeNAS because I can’t forward ports for any device on my network. I’ve also rolled back to several earlier firmware versions as well as tried the current firmware and even a beta firmware version I was provided by netgear.
I’ve not had this trouble before; could it be a hardware issue or a problem with my specific configuration? Everything else on the router works fine. I’m on the verge of flashing it with DD WRT.
The VM’s are running on my FreeNAS box and the problem persists on my windows 7, 8 and 10 PCs as well as my android devices.
Ive had that router for years with no probs. The thing with port forwarding, you have to have the machine youre running the server on set up to receive a static ip. Personally its just much easier to port trigger.
Couple questions, are you setting this up as a vpn server? as in you would like to be able to VPN into your network?
if you setup a VPN on the machine you are testing with, you are no longer testing your own router unless you are specifying the external IP provided by your ISP.
For example if i connect machine A to a VPN and then test to see if port 21 is open, unless my VPN has forwarded that port to my IP that they provided me you will see it as closed. however if i specify "external IP Provided by ISP":21 if i have forwarded that port on my router i will see it as open.
Also keep in mind there are some ports on ISP provided gate ways that will not respond regardless of if you forward the port on your internal router, you will not have external access on some ports and this is varied by ISP.
Yeah, I've read some forum posts saying that and have set up all my connections with a static IP without any luck. That being said, I did this by reserving each individual IP for each VM. Is there a different way to do this?
I haven't tried port triggering before, I'll look into it.
No, the VPN server is just a service the router offers for which it forwards a port automatically. The remote management is a similar service, however it forwards ports correctly whereas the VPN service doesn't. It's just an example of the problem I'm having.
What I'm trying to do is forward a port for all my VMs as well as the peer listening port for my torrent server.
That is incorrect, a VPN service is a Virtual Private Network. It is a means of creating a point to point encrypted tunnel. It does no port forwarding of any kind. Also the R7000 can only host, it is incapable of connecting to a service as a client. So all you are doing is setting up a local encrypted tunnel but not protecting the traffic once it leaves your network. Unless you are doing peer to peer file syncing and need the traffic encrypted from others in the house you're not protecting yourself. You need to connect to the VPN host via the VM manually, such as connecting to a service like hide my ass or PIA. PIA offers port forwarding while using their VPN service so you can set up external access for remote management.
If you are trying to gain remote access to your network while abroad, as in you want to VPN into your network to manage your torrents. Your idea of hosting VPN Server via the R7000 is correct, this will allow you to gain access to your local IP address range of 192.168.x.x and whatever IP you have bound to the VM.
Keep in mind if you have set up static IP addresses for your virtual machines and bound them to network adapters, you will not be able to forward the same port to multiple addresses. Also keep in mind if you use a service like PIA on a VM that VM is no longer accessible by the ports you forward on the R7000, they would be accessible via the external IP assigned by the VPN service and the port that you chose to forward from them.
My ISP has a nasty habit of traffic shaping torrents, or flat out blocking their more popular ports. It is quite possible you will need to try a different port for your server.
Okay so with port triggering, the ports would only open when the internal port is listening on that port.
For example, port 25565 (minecraft) would be closed. Unless you had a VM listening on that port, in which case the port would then open and forward to the vm which is listening. Using this method you do not have to have static ip addressing internally, but you will be limited by: vms cannot listen on the same port. (You cannot have a miencraft server on one vm, and another mc server on another vm). This would cause packets to not be delivered properly.
Sorry, that's my bad. I don't think I explained myself properly there. I know what a VPN is and the R7000 supports the creation of one. The thing is, to do this it forwards a port for inbound and outbound traffic to pass through when in use. What I meant to say is that by creating a VPN on the router and connecting to it, it wont allow any inbound traffic through because the port it was supposed to forward during the setup process wasn't correctly forwarded, it shows up as closed when in use. I'm just using the VPN as an example of the way that even when the router tries to forward a port itself it doesn't necessarily show up as open.
As for the ISP, mine are pretty cool guys. I had all these same ports opened on my old router until it died so unless they blocked the ports in the hour between that and getting the new router, I don't think they're the problem.
Thanks for the help on port triggering. At first it didn't work, but I've been able to fix it. I was just playing around with freenas and I added DHCP interface profiles for each of the four Ethernet ports. I also set all my jails to DHCP and then reserved those IPs within my router. I then restarted the server and somewhere within all that, it worked! So it wasn't an issue with the router after all. As for my desktop, I suspect it was a problem with AVG because I restarted that to finish an AVG update and now it's working too. Went through three weeks of tech support when I should have just watched an episode of The IT Crowd.