Unable to open ports on Archer MR600

Unable to open ports on Archer MR600
Unable to open ports on Archer MR600
2020-11-24 08:04:46 - last edited 2020-11-25 08:11:48
Hardware Version: V1
Firmware Version: 1.2.0.0.9.1 v0001.0 Build 200511 Rel.44954n

Unable to open any incoming ports by configuring a virtual server. PC behind router is Win10-64 v2004. Have contacted the ISP and they claim to only block incoming port 25 - and all others are open. Internet browsing works without issues. There is an SSH server on a PC (192.168.1.100) attached (wired) to the router. The SSH server is configured to use port 222 - incoming and outgoing. The outgoing SSH client functions normally and I can access remote machines via the internet connection. Configuring a virtual server for 192.168.1.100 with both incoming and outgoing ports set to 222 does not result in an open incoming port being visible. Using https://canyouseeme.org/ to check open ports. Setting 192.168.1.100 as a DMZ and rebooting the router does not open any ports - including 222. When pinged from a remote machine, the WAN IP  address times out. Dynamic DNS (on the PC with the server) updates properly but the WAN:222 is not visible from the internet. However - enabling 'Remote Management' in router administration opens Port 443 and that port is visible using a port check tool. Disabling closes that port and it is then no longer visible. Help configuring the router would be appreciated.

0
0
#1
Options
1 Accepted Solution
Re:Unable to open ports on Archer MR600-Solution
2020-11-24 17:13:50 - last edited 2020-11-25 08:11:48

@Ivaylo The issue has been resolved and was not caused by the MR600 router/configuration or the ISP but by a misconfigured Windows Defender firewall inbound rule.

 

Evidently, not all TP Link routers deal with these rules in the same fashion.  For example, we have an istallation with a TL-WDR3600 and an identical SSH server and there are no issues with the associated Windows Defender firewall rule. That same rule shut down the port to the MR600 router.

 

If anyone should have this sort of problem arise in the future, it would be a worthwhile 'first step' to temporarily turn off the Windows Defender firewall and verify if that is not the source of the problem. Appreciate all of the assistance provided in helping to resolve the problem.

Recommended Solution
3
3
#12
Options
12 Reply
Re:Unable to open ports on Archer MR600
2020-11-24 08:56:18 - last edited 2020-11-24 10:57:42

@Tranas 

 

Check that your public IP address is what you're using to access your SSH server from outside your network: https://www.whatismyip.com

Ping <yourname.dyndns> domain and compare the IP address responding, with the previous result - they should be the same.

 

Configuration on your router:

 

 

Finally try to access your SSH server from your internal network to be sure it's working on TCP port 222.

 

0
0
#2
Options
Re:Unable to open ports on Archer MR600
2020-11-24 10:28:19 - last edited 2020-11-24 10:57:42

@Ivaylo Thanks for the response Ivaylo. Yes - I am connecting to the proper IP address. That is why the 443 port is visible when Remote Management is enabled. The IP shown by whatismyip.com matches what the router says it is. However, https://www.yougetsignal.com/tools/open-ports/ shows that  222 is closed at that same IP.

 

 

The only thing I find odd as when using https://www.yougetsignal.com/tools/open-ports/ - if click 'Check' again (quickly) while the first check is running - it shows the port is open. That might indicate that the ISP has some layer of 'security' that masks the real IP of my SSH server. That behavior can be duplicated.

 

 

Virtual server is set up as shown in your post - only the protocol is set to All.The SSH server is accessible locally and can be configured. The client for that server is able to access other (remote) computers via port 222 from the same box as has the SSH server installed.

0
0
#3
Options
Re:Unable to open ports on Archer MR600
2020-11-24 11:21:11 - last edited 2020-11-24 11:41:30

Try to move the external port higher - for example TCP port 60222 and see if that helps:

 

Then try the external access on TCP port 60222.

Any intermediate device between your ISP and your router ? Are you using it as 4G+ or regular router ?

0
0
#4
Options
Re:Unable to open ports on Archer MR600
2020-11-24 11:44:13

@Ivaylo The higher port number also times out.

I am using the router as a 4F router. For now, the only wired/attached device is the PC.

0
0
#5
Options
Re:Unable to open ports on Archer MR600
2020-11-24 11:52:11
4G router...
0
0
#6
Options
Re:Unable to open ports on Archer MR600
2020-11-24 11:56:03
If you trust your ISP, that they don't filtering any port, but TCP 25 - that's weird. You can try something unusual - try to set the external port to TCP 80 and test again.
0
0
#7
Options
Re:Unable to open ports on Archer MR600
2020-11-24 12:18:56

@Ivaylo Reconfigured to TCP 80 - shows as closed.

 

Don't know what to say about the ISP. TELE2 is large and seemingly competent. The tech guy I spoke to on Monday was pretty clear when speaking about not blocking ports other that 25.

 

Also - 443 is a common port, yet it can be opened and closed using the router's administration capability. Works the same way for port 8080 - the port opens and you can ping the public IP and get a response.

 

But Virtual Server config does not work and neither does DMZ.

0
0
#8
Options
Re:Unable to open ports on Archer MR600
2020-11-24 12:26:01 - last edited 2020-11-24 12:48:40

So, if you enable administrative access to the device (either 443 or 8080) you are able to ping your public IP ?

Have you tried to configure virtual server or DMZ, while you have enabled administrative access ?

0
0
#9
Options
Re:Unable to open ports on Archer MR600
2020-11-24 13:18:28

@Ivaylo If I enable remote access via port 8080 I can remotely access the router configuration from another machine and another ISP. Everything works as you would expect it to. You can ping 8080 or 443.  If you try to grant administrative access with DMZ enabled, it throws a conflict error . It's either one or the other. As I mentioned earlier, placing the PC's internal IP in the DMZ gave no result, so I disabled DMZ.

0
0
#10
Options
Re:Unable to open ports on Archer MR600
2020-11-24 13:49:52

@Tranas 

 

That's pretty unusual behaviour - let's see if @Kevin_Z can give some clue on that.

0
0
#11
Options