Archer VR900 v3 Port Forwarding Problem

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Archer VR900 v3 Port Forwarding Problem

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Archer VR900 v3 Port Forwarding Problem
Archer VR900 v3 Port Forwarding Problem
2019-10-04 19:36:06 - last edited 2019-10-11 10:09:17
Model: Archer VR900  
Hardware Version: V3
Firmware Version: 0.2.0 0.9.1

Hello, 

I received my new archer vr900 v3 today and wanted to configure port forwarding however I'm having a big trouble. 

 

It's partially ignoring my NAT Forwarding, which makes no sense. I'll explain. 

 

My network setup is like that:

 

VR900 --->  (192.168.1.5)pfsense(10.1.1.0/24) -----> (10.1.1.10) webserver 

This setup is working fine for couple of years. I used to have an archer vr900 v2, which died recently. I also have a BTHome Hub 6. Both worked fine. But with new v3 it doesn't port forward. Here's the nmap result when I scan internally:

PORT     STATE  SERVICE
22/tcp   open   ssh
53/tcp   open   domain
80/tcp   open   http
139/tcp  open   netbios-ssn
443/tcp  open   https
445/tcp  open   microsoft-ds
3306/tcp closed mysql
5432/tcp open   postgresql
8181/tcp open   intermapper
8443/tcp open   https-alt
 

As you can see it listens various ports including 80 and 443, which are most important. I can access all the services within the LAN. Following that I have port 80 and 443 added in NAT Forwarding -> Virtual servers, enabled. Nothing happens. I tried DMZ, still same. 

Most weird part is, if I add 8443, then it works. Also I can port forward DNS but I can't do it for 80 or 443. 

Any ideas?
Thanks!

 

  0      
  0      
#1
Options
1 Accepted Solution
Re:Archer VR900 v3 Port Forwarding Problem-Solution
2019-10-11 10:08:58 - last edited 2019-10-11 10:09:17

@Kevin_Z 

Thank you for your reply. 

 

VR900 is listening 80 on LAN side however unless you have a NAT configured (or remote management enabled) doesn't listen 80 or 443 on the WAN side. On the LAN side I don't need any NAT since I'm hitting the webserver directly, therefore not required to change local management port. 

I was in contact with TPLink support, we agreed on there's an (potential) incompatibility between VR900 and vmware/pfsense. Meantime, I had to remove internal pfsense and had to attach webserver directly VR900 LAN as a workaround. I will wait until TPLink engineers figure out what change in VR900 v3 causing the issue.

Kind Regards
 

Recommended Solution
  0  
  0  
#5
Options
5 Reply
Re:Archer VR900 v3 Port Forwarding Problem
2019-10-08 08:39:06 - last edited 2019-10-08 08:39:31

@Rootifera 

 

What is the current network diagram? How do you connect these devices together? 

 

What is the internet IP address of the Archer VR900? 

 

The port 80 and 443 should be opened by default, why do you want to open the 2 ports? 

 

What is the current network request as well? Please provide more information. 

 

Good day. 

 

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router EasyMesh Is Available When Wi-Fi Routers Work in AP Mode as A Controller. Archer AX90 New Firmware Added Support for EasyMesh and Ethernet Backhaul If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
  0  
  0  
#2
Options
Re:Archer VR900 v3 Port Forwarding Problem
2019-10-08 09:35:10

@Kevin_Z 

Hello Kevin, 

Thank you for your reply. 

Current setup is like that:


VR900 ----> VMware ESXi ---> pfsense ---> webserver (TCP80/443)

 

IP address is dynamic, it changes regularly. Even then I'm not sure if it's a good idea to put it here. 

I don't understand what you mean by "The port 80 and 443 should be opened by default, why do you want to open the 2 ports?" Without any mapping how could 443 and 80 be open? Open to what/where? If you are talking about VR900's remote management feature it's disabled.

 

I need both ports open because I'm running a webserver at home. 

 

Thanks

  0  
  0  
#3
Options
Re:Archer VR900 v3 Port Forwarding Problem
2019-10-11 06:47:31

@Rootifera 

 

Thanks for your reply.

 

The Archer VR900 uses port 80 as the local access; while 443 is used for https usually. If you want to open port 80 for the server, you can change the port number of local management under advanced-system tools-administration-local management page. 

 

If the internet IP is dynamic, to open the port for the web server, it is suggested to use DDNS function to do that. 

 

Besides, please disable the anti-virus software and firewall existed on the same local network. 

 

If possible, you can connect the web server to the Archer VR900 directly to give it a shot.

 

May it help and have a nice day. 

 

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router EasyMesh Is Available When Wi-Fi Routers Work in AP Mode as A Controller. Archer AX90 New Firmware Added Support for EasyMesh and Ethernet Backhaul If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
  0  
  0  
#4
Options
Re:Archer VR900 v3 Port Forwarding Problem-Solution
2019-10-11 10:08:58 - last edited 2019-10-11 10:09:17

@Kevin_Z 

Thank you for your reply. 

 

VR900 is listening 80 on LAN side however unless you have a NAT configured (or remote management enabled) doesn't listen 80 or 443 on the WAN side. On the LAN side I don't need any NAT since I'm hitting the webserver directly, therefore not required to change local management port. 

I was in contact with TPLink support, we agreed on there's an (potential) incompatibility between VR900 and vmware/pfsense. Meantime, I had to remove internal pfsense and had to attach webserver directly VR900 LAN as a workaround. I will wait until TPLink engineers figure out what change in VR900 v3 causing the issue.

Kind Regards
 

Recommended Solution
  0  
  0  
#5
Options
Re:Archer VR900 v3 Port Forwarding Problem
2019-10-12 01:50:56

@Rootifera 

 

Okay, thanks for your reply. 

 

You can wait for the updates. And connect the web server to the VR900 directly as workaround now. 

 

If need more help in the future, please let us know.

 

Best regards. 

 

 

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router EasyMesh Is Available When Wi-Fi Routers Work in AP Mode as A Controller. Archer AX90 New Firmware Added Support for EasyMesh and Ethernet Backhaul If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
  0  
  0  
#6
Options