Question Asus RT-AX57 is not Port Forwarding ?

[CheeseGrater3457]

I had an old Netgear that I recently upgraded with the Asus RT-AX57, and it works great, except that when I configured the port forwarding settings in the device, I was unable to get it to work. External online port checkers show the ports as closed; none of my internal servers were changed, as I only switched out the router. When I switch back to my old router, the servers become available again. I checked the IP address from the ISP, which is a public address. There is only one active router on my network at a time, so there is no double NAT.

I checked a lot of different post from various websites, and all the option I seem to get is to make sure the router is updated (it is), disable the firewall (what?), or issues with not obtaining a correct WAN address (the provider have only has public addresses). Is there some obscure setting that is interfering with the system? I tried turning off the firewall (temp) to see, but the ports still appeared closed. To clarify, the network is working correctly otherwise. Please let me know if there is something that I might be missing.

Images:

https://imgur.com/a/M4RnvtY

 

[bill001g]

You could try DMZ option first.
Are you trying to use port 80 and 443. It tends to be strongly recommended that you do not use those. Many web servers will have code exploits that you have to constantly be watching for patches. In addition many people running home web servers make errors in the configuration that also make them unsafe.

I don't know if asus does it but I have seen routers that block those particular ports unless you turn on a special option. The recommended method is to use other external ports if there is any way to do it.

Note if you had never gotten this to work I would blame your ISP it is common for ISP to block these ports to try to protect people that don't know what they are doing.

 

[CheeseGrater3457]

You could try DMZ option first.
Are you trying to use port 80 and 443. It tends to be strongly recommended that you do not use those. Many web servers will have code exploits that you have to constantly be watching for patches. In addition many people running home web servers make errors in the configuration that also make them unsafe.

I don't know if asus does it but I have seen routers that block those particular ports unless you turn on a special option. The recommended method is to use other external ports if there is any way to do it.

Note if you had never gotten this to work I would blame your ISP it is common for ISP to block these ports to try to protect people that don't know what they are doing.

Thank you for your suggestion; I tried to use the DMZ option with no luck. The weird thing is once I plug in my Netgear router, I can get my ports to forward again. All internal servers are listening, but when I use Nmap, it says the ports are filtered closed (I am external to my network). Using -sV doesn't help either. I unfortunately can't change the http ports as they are needed for the certbot I use to issue and manage the SSL certs and apparently, you can't change the ports it uses.

 

[bill001g]

So if you look up the manual for the asus router it show the port forwarding screen and it has warnings about using port 80 and also ftp ports.

If you look above the part you posted does it have a warning about port 80 and it conflicting with the web user interface.

Since the router itself uses port 80 and in some cases 443 for its admin you can have issues trying to use your own servers. It is very common to use port 8080 for normal http and still let 443 go through.

 

[CheeseGrater3457]

So if you look up the manual for the asus router it show the port forwarding screen and it has warnings about using port 80 and also ftp ports.

If you look above the part you posted does it have a warning about port 80 and it conflicting with the web user interface.

Since the router itself uses port 80 and in some cases 443 for its admin you can have issues trying to use your own servers. It is very common to use port 8080 for normal http and still let 443 go through.

Yes, port 80 is only used by certbot to issue the challenge and only uses 443. I have other used ports in my list that are also unreachable. Checking these ports with an external port checker shows them all as closed. I only configured the router to use HTTP instead of HTTPS. I cannot use port 8080 as certbot cannot be changed regarding the port number, at least not in any way I can locate.

The servers connect to my reverse proxy with no issue once I switch back to the NetGear. If I can't figure it out soon, I'll return it and try a different company.