I'd just like to thank you for a straight forward explanation and video. No screaming, shouting, over the top facial reactions, comedic clips, no OMGs, bros, dudes.
Thank you so much for this, it helped me get my port-forwarding to work with another network. I thought I needed to go from eth0 to eth2, but in fact, sending to switch0 is the answer. The switch / router do the work from there. Uggh, almost gave up if not for this video - THANK YOU.
Great video! Can I get this working from inside the network as well? Right now if i type my external ip or domain name when I'm on my network it just redirects me to the Edgerouter's UI. It messes a bit with my Nextcloud set up if I have to switch from local ip to external every time.
I believe what you are looking for is called "Hairpin NAT" (which I am currently working on a video for... finally). It's a bit different than port forwarding, but it should solve your issue with being redirected to the GUI from inside your network. Feel free to search how to configure it or if you wait a bit I should have a video coming out soon with how to utilize it.
Good video, but i thinkg you shoud mention the autofirewall for the people new to edgerouters, if its not checkt you have to manually add the firewall rules to allow the traffic.
I can't get port forwarding working even with it checked. If I reinstall the old dumb router the ports are open on canyouseeme. Nothing I do seems to open ports on the edge router. Wan and lan are the same setup. I need to open up specifically ports 63100 & 64000 for a program to work. I'm told it needs both inbound and outbound porch to be open. I used the wan2lan2 wizard. Internet works great. It's just the ports I can't get open even after setting up port forwarding.
Mapping the device as a static IP so that the port forwarding rules dont get messed up if it drops the lease and assigns the server a new IP seems pretty critical?
Very strange. This is a common problem across the Edge user universe. Many people assert they have solved this but nothing works. RDP is a common use for home users and it's interesting no one can get the Edge GUI to support it. Assuming it's not possible? Edge Support told me "this is outside the scope of our support" and directed me to the Edge User Group.
I've never heard of this being a limitation, but I'll walk through a few places to check. First, you have to have your port-forwarding rule setup (sounds like it is already there) Second, make sure 3389 is allowed through the firewall on the WAN_LOCAL ruleset Third, make sure your Windows Firewall or anti-virus isn't blocking the RDP traffic (this is the most common issue when I set this up) Keep in mind that opening up 3389 to the public internet is not recommended. It is a common protocol which is widely used, but you really should have a VPN to your local LAN in order to use it from outside your local network. Also keep in mind that some ISPs may block traffic for 3389 through their network as a security measure (they do this with inbound DNS sometimes as well). If everything else checks out, it could be filtering by your ISP.
No, you can only forward to a single IP. The translation is 1 to 1. The router won't know how to load-balance traffic being forwarded to multiple endpoints with multiple ports. You would need something like NGINX setup to act as a load balancer.
Unfortunately, no it wont. Unless you think its worth it to you - call your ISP and ask to pay extra for a public IP because techmically a CGNAT IP is not public, its kind of a mass set of private IPs that are "psudeo" public IPs. It COULDDDD work if where you are trying to have connections come in are on that same CGNAT, but obviously outside of it - it wont work
Thanks for the guide. I have followed this exactly using different ports and I can't get it to work. trying to reach an RP4 running PiVPN and PiHole. not working on either openvpn or wiregaurd. not sure where I'm going wrong
Same here. I have been pulling my hair out over the last two days. I've tried it with auto firewall rules, without, and etc. I simply cannot get the ports to forward. The eth4 IP matches my public IP... Idk WTF I am doing wrong but I'm about to chuck my ER-X off a bridge.
@@JC-Alan are either of you on IPs from your ISP that are CGNAT IPs? Essentially a CGNAT is a "public" IP thats not actually public. Your true "public" IP address sits in like a super modem at your ISP and what you have is techincally a "private" IP but is given as your "public". Some ISPs do this because weve ran out of IPV4 addresses to lease out and this is their temp solution until IPV6 is fully implemented. Call your ISP and ask if you have a CGNAT IP. You can also google how to find out in command prompt
Great video, thanks a bunch. Having an issue tho and would really appreciate some help, I've opened 25565 as an example, and when using the website port.tools in conjunction with the rules stats, I can see that the port is registering packets, but seemingly is not talking back, on the port tools website it says 'failed we can not see your service on [public IP] port 25565. Any idea why this is occuring?
I want to say there is something wrong with the end-device not responding to the traffic. You may want to make sure there isn't a firewall of sorts or blacklist enabled preventing the machine from responding. I did check some of my ports and a few are giving the same error (I know they are functioning) while the others are registering normally. There may be an issue with how that site tests for open ports.
I don't have a video on this, but I've added it to my list to make one. If the miner is set to use DHCP you should be able to find it in the leases section "Services > DHCP Server > Actions > View Leases". If it doesn't have a lease, it should show up in the ARP table which AFAIK can only be accessed in the CLI. Open the CLI in the top right of the home page, login, and issue "show arp". This will list the IP along with the MAC of all "active" devices the Edgerouter can see. If you know the MAC address of the miner, you can search using "show arp | grep xx:xx"
@@ToastyAnswers Thanks, I found the ip running a diagnostic on the miner but now I can't seem to open port 44158. I follow yours and others instructions to the letter but I still get port closed if I check the port on a variety of sites
@@ToastyAnswers Ok, so using CLI I can see it but shout it be "incomplete" under addrees? My two computers in the network have some long addresses but the miner is incomplete?
I have a Synology NAS and I try this configuration and it didn't work. I follow step by step and still when I try to access it only access to the edge router. a little help here. Thanks😃
Hey, im trying to port forward my Home Assistant server which is currently on a raspberry pi. I've done all your steps and im using Duck DNS, but when I try to use the new domain I just end up on the Edgerouter login page. Any ideas what's going on?
It sounds like port 443 and/or 80 is open on your WAN_LOCAL firewall. Instead of the port being forwarded, the router itself is responding to those requests. Port 443 and 80 need to be blocked on the WAN interface (WAN_LOCAL) to have the requests forwarded to the PC you choose. Also, make sure the IP address of the raspberry pi is configured correctly in the port-forward settings.
I'd just like to thank you for a straight forward explanation and video. No screaming, shouting, over the top facial reactions, comedic clips, no OMGs, bros, dudes.
Thank you so much for this, it helped me get my port-forwarding to work with another network. I thought I needed to go from eth0 to eth2, but in fact, sending to switch0 is the answer. The switch / router do the work from there. Uggh, almost gave up if not for this video - THANK YOU.
Thank you! This was really nice and really helped me a lot :)
Great video!
Can I get this working from inside the network as well? Right now if i type my external ip or domain name when I'm on my network it just redirects me to the Edgerouter's UI. It messes a bit with my Nextcloud set up if I have to switch from local ip to external every time.
I believe what you are looking for is called "Hairpin NAT" (which I am currently working on a video for... finally). It's a bit different than port forwarding, but it should solve your issue with being redirected to the GUI from inside your network. Feel free to search how to configure it or if you wait a bit I should have a video coming out soon with how to utilize it.
Good video, but i thinkg you shoud mention the autofirewall for the people new to edgerouters, if its not checkt you have to manually add the firewall rules to allow the traffic.
I can't get port forwarding working even with it checked. If I reinstall the old dumb router the ports are open on canyouseeme. Nothing I do seems to open ports on the edge router.
Wan and lan are the same setup.
I need to open up specifically ports 63100 & 64000 for a program to work.
I'm told it needs both inbound and outbound porch to be open.
I used the wan2lan2 wizard. Internet works great. It's just the ports I can't get open even after setting up port forwarding.
Many thanks for this!
Mapping the device as a static IP so that the port forwarding rules dont get messed up if it drops the lease and assigns the server a new IP seems pretty critical?
It's definitely not a bad idea. It would be a rare occurrence, but it can happen.
Thank you!
Any idea why 3389 is not allowing me to remote desktop to my home PC? I have the correct local ip, public ip and it ain't workin'.
Very strange. This is a common problem across the Edge user universe. Many people assert they have solved this but nothing works. RDP is a common use for home users and it's interesting no one can get the Edge GUI to support it. Assuming it's not possible? Edge Support told me "this is outside the scope of our support" and directed me to the Edge User Group.
I've never heard of this being a limitation, but I'll walk through a few places to check.
First, you have to have your port-forwarding rule setup (sounds like it is already there)
Second, make sure 3389 is allowed through the firewall on the WAN_LOCAL ruleset
Third, make sure your Windows Firewall or anti-virus isn't blocking the RDP traffic (this is the most common issue when I set this up)
Keep in mind that opening up 3389 to the public internet is not recommended. It is a common protocol which is widely used, but you really should have a VPN to your local LAN in order to use it from outside your local network.
Also keep in mind that some ISPs may block traffic for 3389 through their network as a security measure (they do this with inbound DNS sometimes as well). If everything else checks out, it could be filtering by your ISP.
Great vid thank you
Continue good content
Can you do an IP range and a port range when port forwarding?
No, you can only forward to a single IP. The translation is 1 to 1. The router won't know how to load-balance traffic being forwarded to multiple endpoints with multiple ports. You would need something like NGINX setup to act as a load balancer.
I guess this wont work if your ISP use Carrier-grade NAT?
Unfortunately, no it wont. Unless you think its worth it to you - call your ISP and ask to pay extra for a public IP because techmically a CGNAT IP is not public, its kind of a mass set of private IPs that are "psudeo" public IPs. It COULDDDD work if where you are trying to have connections come in are on that same CGNAT, but obviously outside of it - it wont work
Thanks for the guide. I have followed this exactly using different ports and I can't get it to work. trying to reach an RP4 running PiVPN and PiHole. not working on either openvpn or wiregaurd. not sure where I'm going wrong
Same here. I have been pulling my hair out over the last two days. I've tried it with auto firewall rules, without, and etc. I simply cannot get the ports to forward. The eth4 IP matches my public IP... Idk WTF I am doing wrong but I'm about to chuck my ER-X off a bridge.
@@JC-Alan are either of you on IPs from your ISP that are CGNAT IPs? Essentially a CGNAT is a "public" IP thats not actually public. Your true "public" IP address sits in like a super modem at your ISP and what you have is techincally a "private" IP but is given as your "public". Some ISPs do this because weve ran out of IPV4 addresses to lease out and this is their temp solution until IPV6 is fully implemented. Call your ISP and ask if you have a CGNAT IP. You can also google how to find out in command prompt
Great video, thanks a bunch. Having an issue tho and would really appreciate some help, I've opened 25565 as an example, and when using the website port.tools in conjunction with the rules stats, I can see that the port is registering packets, but seemingly is not talking back, on the port tools website it says 'failed we can not see your service on [public IP] port 25565. Any idea why this is occuring?
I want to say there is something wrong with the end-device not responding to the traffic. You may want to make sure there isn't a firewall of sorts or blacklist enabled preventing the machine from responding.
I did check some of my ports and a few are giving the same error (I know they are functioning) while the others are registering normally. There may be an issue with how that site tests for open ports.
Why is your public IP blurred but not the other one? You said it's for giving to people outside your house and it's got "public" in the name.
what other one? Those are his private IP addresses you are seeing. You can try to connect to those all day long and nothing will happen.
Hi, I'm trying to port forward a helium miner IOT, but I can't find it's IP in the router. Is there a video of yours explaining this?
I don't have a video on this, but I've added it to my list to make one.
If the miner is set to use DHCP you should be able to find it in the leases section "Services > DHCP Server > Actions > View Leases".
If it doesn't have a lease, it should show up in the ARP table which AFAIK can only be accessed in the CLI. Open the CLI in the top right of the home page, login, and issue "show arp". This will list the IP along with the MAC of all "active" devices the Edgerouter can see. If you know the MAC address of the miner, you can search using "show arp | grep xx:xx"
@@ToastyAnswers Thanks, I found the ip running a diagnostic on the miner but now I can't seem to open port 44158. I follow yours and others instructions to the letter but I still get port closed if I check the port on a variety of sites
@@ToastyAnswers Ok, so using CLI I can see it but shout it be "incomplete" under addrees? My two computers in the network have some long addresses but the miner is incomplete?
I have a Synology NAS and I try this configuration and it didn't work. I follow step by step and still when I try to access it only access to the edge router. a little help here. Thanks😃
Hey, im trying to port forward my Home Assistant server which is currently on a raspberry pi. I've done all your steps and im using Duck DNS, but when I try to use the new domain I just end up on the Edgerouter login page. Any ideas what's going on?
It sounds like port 443 and/or 80 is open on your WAN_LOCAL firewall. Instead of the port being forwarded, the router itself is responding to those requests. Port 443 and 80 need to be blocked on the WAN interface (WAN_LOCAL) to have the requests forwarded to the PC you choose.
Also, make sure the IP address of the raspberry pi is configured correctly in the port-forward settings.
If you have a pppoe connection that's probably what you need to use instead of eth0
thanks! helpful video.. do i have to restart router after doing this?
No, there is no need to restart for this configuration. It should take hold immediately.
L♥️
long winded and never talked abt the WAN / LAN interfaces till the end or the options .....