Unable to open ports on Archer MR600
Unable to open ports on Archer MR600
Unable to open any incoming ports by configuring a virtual server. PC behind router is Win10-64 v2004. Have contacted the ISP and they claim to only block incoming port 25 - and all others are open. Internet browsing works without issues. There is an SSH server on a PC (192.168.1.100) attached (wired) to the router. The SSH server is configured to use port 222 - incoming and outgoing. The outgoing SSH client functions normally and I can access remote machines via the internet connection. Configuring a virtual server for 192.168.1.100 with both incoming and outgoing ports set to 222 does not result in an open incoming port being visible. Using https://canyouseeme.org/ to check open ports. Setting 192.168.1.100 as a DMZ and rebooting the router does not open any ports - including 222. When pinged from a remote machine, the WAN IP address times out. Dynamic DNS (on the PC with the server) updates properly but the WAN:222 is not visible from the internet. However - enabling 'Remote Management' in router administration opens Port 443 and that port is visible using a port check tool. Disabling closes that port and it is then no longer visible. Help configuring the router would be appreciated.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@Ivaylo The issue has been resolved and was not caused by the MR600 router/configuration or the ISP but by a misconfigured Windows Defender firewall inbound rule.
Evidently, not all TP Link routers deal with these rules in the same fashion. For example, we have an istallation with a TL-WDR3600 and an identical SSH server and there are no issues with the associated Windows Defender firewall rule. That same rule shut down the port to the MR600 router.
If anyone should have this sort of problem arise in the future, it would be a worthwhile 'first step' to temporarily turn off the Windows Defender firewall and verify if that is not the source of the problem. Appreciate all of the assistance provided in helping to resolve the problem.
- Copy Link
- Report Inappropriate Content
Check that your public IP address is what you're using to access your SSH server from outside your network: https://www.whatismyip.com
Ping <yourname.dyndns> domain and compare the IP address responding, with the previous result - they should be the same.
Configuration on your router:
Finally try to access your SSH server from your internal network to be sure it's working on TCP port 222.
- Copy Link
- Report Inappropriate Content
@Ivaylo Thanks for the response Ivaylo. Yes - I am connecting to the proper IP address. That is why the 443 port is visible when Remote Management is enabled. The IP shown by whatismyip.com matches what the router says it is. However, https://www.yougetsignal.com/tools/open-ports/ shows that 222 is closed at that same IP.
The only thing I find odd as when using https://www.yougetsignal.com/tools/open-ports/ - if click 'Check' again (quickly) while the first check is running - it shows the port is open. That might indicate that the ISP has some layer of 'security' that masks the real IP of my SSH server. That behavior can be duplicated.
Virtual server is set up as shown in your post - only the protocol is set to All.The SSH server is accessible locally and can be configured. The client for that server is able to access other (remote) computers via port 222 from the same box as has the SSH server installed.
- Copy Link
- Report Inappropriate Content
Try to move the external port higher - for example TCP port 60222 and see if that helps:
Then try the external access on TCP port 60222.
Any intermediate device between your ISP and your router ? Are you using it as 4G+ or regular router ?
- Copy Link
- Report Inappropriate Content
@Ivaylo The higher port number also times out.
I am using the router as a 4F router. For now, the only wired/attached device is the PC.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@Ivaylo Reconfigured to TCP 80 - shows as closed.
Don't know what to say about the ISP. TELE2 is large and seemingly competent. The tech guy I spoke to on Monday was pretty clear when speaking about not blocking ports other that 25.
Also - 443 is a common port, yet it can be opened and closed using the router's administration capability. Works the same way for port 8080 - the port opens and you can ping the public IP and get a response.
But Virtual Server config does not work and neither does DMZ.
- Copy Link
- Report Inappropriate Content
So, if you enable administrative access to the device (either 443 or 8080) you are able to ping your public IP ?
Have you tried to configure virtual server or DMZ, while you have enabled administrative access ?
- Copy Link
- Report Inappropriate Content
@Ivaylo If I enable remote access via port 8080 I can remotely access the router configuration from another machine and another ISP. Everything works as you would expect it to. You can ping 8080 or 443. If you try to grant administrative access with DMZ enabled, it throws a conflict error . It's either one or the other. As I mentioned earlier, placing the PC's internal IP in the DMZ gave no result, so I disabled DMZ.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 5389
Replies: 12
Voters 0
No one has voted for it yet.