asus wrt merlin portforward

[alexander3423478 0]

Hello everyone,

I need some help with a project of mine.

Basically, I’m about to move into a new apartment where the internet is managed by the landlord. To protect my internal network, I purchased an ASUS RT-AX88U Pro so I can run a VPN at the root of my personal network.

The VPN is working flawlessly; however, I’m having trouble with the port forwarding feature.

I’ve installed Asuswrt-Merlin 3004.388.8_4 and followed this documentation to set everything up:



However, even after following the guide step-by-step, none of the ports seem to be open.

Here are the iptables commands I used:

# For port 55730
iptables -I FORWARD -i tun1 -p udp -d 192.168.50.36 --dport 55730 -j ACCEPT
iptables -I FORWARD -i tun1 -p tcp -d 192.168.50.36 --dport 55730 -j ACCEPT
iptables -t nat -I PREROUTING -i tun1 -p tcp --dport 55730 -j DNAT --to-destination 192.168.50.36
iptables -t nat -I PREROUTING -i tun1 -p udp --dport 55730 -j DNAT --to-destination 192.168.50.36

# For port 62980
iptables -I FORWARD -i tun1 -p udp -d 192.168.50.36 --dport 62980 -j ACCEPT
iptables -I FORWARD -i tun1 -p tcp -d 192.168.50.36 --dport 62980 -j ACCEPT
iptables -t nat -I PREROUTING -i tun1 -p tcp --dport 62980 -j DNAT --to-destination 192.168.50.36
iptables -t nat -I PREROUTING -i tun1 -p udp --dport 62980 -j DNAT --to-destination 192.168.50.36

# For port 56241
iptables -I FORWARD -i tun1 -p udp -d 192.168.50.36 --dport 56241 -j ACCEPT
iptables -I FORWARD -i tun1 -p tcp -d 192.168.50.36 --dport 56241 -j ACCEPT
iptables -t nat -I PREROUTING -i tun1 -p tcp --dport 56241 -j DNAT --to-destination 192.168.50.36
iptables -t nat -I PREROUTING -i tun1 -p udp --dport 56241 -j DNAT --to-destination 192.168.50.36

# For port 55798
iptables -I FORWARD -i tun1 -p udp -d 192.168.50.36 --dport 55798 -j ACCEPT
iptables -I FORWARD -i tun1 -p tcp -d 192.168.50.36 --dport 55798 -j ACCEPT
iptables -t nat -I PREROUTING -i tun1 -p tcp --dport 55798 -j DNAT --to-destination 192.168.50.36
iptables -t nat -I PREROUTING -i tun1 -p udp --dport 55798 -j DNAT --to-destination 192.168.50.36

Despite running these commands, none of the ports appear to be open when I test them externally.

however they seems to be open in the router interface ( see screenshot )

thanks you for your help :)

[Staff 10123]

@alexander3423478

Hello!

In various AsusWRT Merlin firmware versions the default name of the tun interface is not tun1. Can you please check? If in doubt just modify your rules by replacing tun1 with tun+ (here + is an iptables wildcard for interfaces). For anything else the rules seem just fine.

Kind regards
 

[alexander3423478 0]

Hello everyone,

I’ve updated the command as suggested, changing tun to tun11 (I also tried tun+), but the port still doesn't seem to be open for some reason.

Maybe I misunderstood something, so please correct me if I’m wrong. What I’m trying to do is open a port through the VPN to allow connections to a Minecraft server and a Jellyfin server. Is that possible? And if not, what would be a good workaround?

Thank you again for your help!

Best regards

[Staff 10123]

@alexander3423478

Hello!

Please make sure that both servers run in the 192.168.50.36 machine, that they listen to the correct ports, and that no firewall (running in that same machine) blocks packets to/from the servers.

Kind regards