weird WRT54G stopped forwarding port 80 and 443

I have a WRT54G. Everythig was working fine until today.

I had ports 80 (http), 443 (https) and ports 20-22 (ftp and ssh)
forwarded to a internal static IP (192.168.1.140) server. I also had
port 8082 forawarded to internet camera with the static IP 192.168.1.151.

Today I bought a new internet camera to replace one that failed. I set
it up as another static IP 192.168.1.150 on port 8081 and set the WRT54G
to forward to it.

Now for some inexplicable reason, everything works except for ports 80
and 443. In other words ssh, ftp and internet cams are accessible from
outside. However, when I try to access the the webserver, I can see that
the forwarding is not working. The browser responds asking for a WRT54G
login/password. If I try to access the webserver directly at
192.168.1.140 it works fine. So clearly the WRT54G is picking on ports
80 for some reason. It is not my ISP blocking the port as I can see the
login/password prompt indicating it is my WRT54G domain.

On Mon, 30 May 2011 20:21:28 -0400, Philip <(E-Mail Removed)> wrote:

> Now for some inexplicable reason, everything works except for ports 80
> and 443. In other words ssh, ftp and internet cams are accessible from
> outside. However, when I try to access the the webserver, I can see that
> the forwarding is not working. The browser responds asking for a WRT54G
> login/password. If I try to access the webserver directly at
> 192.168.1.140 it works fine. So clearly the WRT54G is picking on ports
> 80 for some reason. It is not my ISP blocking the port as I can see the

Check the system page of the router setup. Sounds like remote management
has been turned on (it's off by default), and the port changed from the
default of 8080 to 80.

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

David W. Hodgins wrote:
> On Mon, 30 May 2011 20:21:28 -0400, Philip <(E-Mail Removed)> wrote:
>
>> Now for some inexplicable reason, everything works except for ports 80
>> and 443. In other words ssh, ftp and internet cams are accessible from
>> outside. However, when I try to access the the webserver, I can see that
>> the forwarding is not working. The browser responds asking for a WRT54G
>> login/password. If I try to access the webserver directly at
>> 192.168.1.140 it works fine. So clearly the WRT54G is picking on ports
>> 80 for some reason. It is not my ISP blocking the port as I can see the
>
> Check the system page of the router setup. Sounds like remote management
> has been turned on (it's off by default), and the port changed from the
> default of 8080 to 80.
>

Thanks for the idea.

However, I checked and the remote mangement is still disabled. The "Web
Access" is set to http. It seems to be what is was before these problems
started.

On Tuesday 31 May 2011 02:21 in comp.os.linux.networking, somebody
identifying as Philip wrote...

> I have a WRT54G. Everythig was working fine until today.
>
> I had ports 80 (http), 443 (https) and ports 20-22 (ftp and ssh)
> forwarded to a internal static IP (192.168.1.140) server. I also had
> port 8082 forawarded to internet camera with the static IP
> 192.168.1.151.
>
> Today I bought a new internet camera to replace one that failed. I set
> it up as another static IP 192.168.1.150 on port 8081 and set the
> WRT54G to forward to it.

So, judging by what you are saying here, I take it that you have *two*
cameras, and that your layout is something like...

INTERNET
|
router
|_ port 20______
|_ port 22______|
|_ port 80___server 192.168.1.140
|_ port 443______|
|
|_ port 8081__ camera 192.168.1.150
|_ port 8082__ camera 192.168.1.151

Would that be correct, or are there any other machines still on your LAN
(and if so, how many)?

> Now for some inexplicable reason, everything works except for ports 80
> and 443. In other words ssh, ftp and internet cams are accessible from
> outside. However, when I try to access the the webserver, I can see
> that the forwarding is not working. The browser responds asking for a
> WRT54G login/password. If I try to access the webserver directly at
> 192.168.1.140 it works fine. So clearly the WRT54G is picking on ports
> 80 for some reason. It is not my ISP blocking the port as I can see
> the login/password prompt indicating it is my WRT54G domain.

If you have more machines or appliances on your LAN than what you've
mentioned here, then chances are that you'll be using a switch to
uplink to your router - I myself have a WRT54GL[*] and it has only 4
ethernet ports for LAN. As such, it is quite possible that you've
created a conflict by swapping ethernet cables around.

You will need to check on IP address/MAC address mismatches. If you're
using an external switch to connect to your router, try resetting the
switch by unplugging it from the power outlet for a few seconds and
then plugging it in again. Also make sure that everything is still set
up in the router's configuration utility as it is supposed to be. You
may also need to reset the router, depending on what the actual problem
is.

Sorry - best educated guess I can make at this point. Only _you_ know
what you've done. ;-)

[*] I believe your router is an earlier model, so I'm not familiar with
its firmware. (Mine runs Linux "out of the box".)

--
*Aragorn*
(registered GNU/Linux user #223157)

Aragorn wrote:
> On Tuesday 31 May 2011 02:21 in comp.os.linux.networking, somebody
> identifying as Philip wrote...
>
>> I have a WRT54G. Everythig was working fine until today.
>>
>> I had ports 80 (http), 443 (https) and ports 20-22 (ftp and ssh)
>> forwarded to a internal static IP (192.168.1.140) server. I also had
>> port 8082 forawarded to internet camera with the static IP
>> 192.168.1.151.
>>
>> Today I bought a new internet camera to replace one that failed. I set
>> it up as another static IP 192.168.1.150 on port 8081 and set the
>> WRT54G to forward to it.
>
> So, judging by what you are saying here, I take it that you have *two*
> cameras, and that your layout is something like...
>
> Would that be correct, or are there any other machines still on your LAN
> (and if so, how many)?

Using your nomenclature, my local network looks like this

INTERNET
|
________WRT54G router
| | |
| | bridge (office)
| | |
| wireless |
| | |_ port 20______
| | |_ port 22______|
| | |_ port 80___server 192.168.1.140 Fedora12 webserver
| | |_ port 443______|
| | |
| | |_ 192.168.1.nnn (dhcp) WindowsXP
| |
| |_ port 8081__ camera1 192.168.1.150
| |_ port 8082__ camera2 192.168.1.151
|
|___________________ 192.168.1.nnn (dhcp) Fedora14 misc
|
DLink DHP-301 powerline adapters
|
bridge (media console)
|_ port 8000 192.168.1.101 (dhcp) Fedora14 mpd music player
|_ 192.168.1.nnn (dhcp) media box Fedora14
|_ 192.168.1.nnn (dhcp) BD-Player Sony BDP-S370

>
>> Now for some inexplicable reason, everything works except for ports 80
>> and 443. In other words ssh, ftp and internet cams are accessible from
>> outside. However, when I try to access the the webserver, I can see
>> that the forwarding is not working. The browser responds asking for a
>> WRT54G login/password. If I try to access the webserver directly at
>> 192.168.1.140 it works fine. So clearly the WRT54G is picking on ports
>> 80 for some reason. It is not my ISP blocking the port as I can see
>> the login/password prompt indicating it is my WRT54G domain.
>
> If you have more machines or appliances on your LAN than what you've
> mentioned here, then chances are that you'll be using a switch to
> uplink to your router - I myself have a WRT54GL[*] and it has only 4
> ethernet ports for LAN. As such, it is quite possible that you've
> created a conflict by swapping ethernet cables around.

Yes I have a couple of bridges as I noted in the layout above.

Here is a table of what is working and what is not:
Application Start End Protocol IP Address Enable Working?
http 80 80 Both 192.168.1.140 yes NO
ssh 22 22 Both 192.168.1.140 yes YES
ftp 20 21 Both 192.168.1.140 yes YES
cam1 8081 8081 Both 192.168.1.150 yes YES
torrent 6881 6999 Both 192.168.1.103 no
cam2 8082 8082 Both 192.168.1.151 yes YES
https 443 443 Both 192.168.1.140 yes NO
mpd 8000 8000 Both 192.168.1.101 yes NO



> You will need to check on IP address/MAC address mismatches. If you're
> using an external switch to connect to your router, try resetting the
> switch by unplugging it from the power outlet for a few seconds and
> then plugging it in again. Also make sure that everything is still set
> up in the router's configuration utility as it is supposed to be. You
> may also need to reset the router, depending on what the actual problem
> is.

I reset every bridge and rest every computer. After some
experimentation, I believe that the router is in a bad state. I did hard
reset it before posting here the first time, but I reloaded a previously
saved configuration (which may be corrupted?). I am going to hard reset
it back to factory defaults and manually reconfigure it. I'll have to do
that later as it would disrupt some work I need to complete first.

Why do I think the router is in a bad state? Well I tried disabling all
the forwarded ports, but the router continued to forward to the working
servers. When I access from the internet side, the Router's http server
is clearly grabbing all the http packets and not forwarding them.

>
> Sorry - best educated guess I can make at this point. Only _you_ know
> what you've done. ;-)

Very true. I do appreciate the time you spent on thoughtfully looking at
my problem.

>[*] I believe your router is an earlier model, so I'm not familiar with
> its firmware. (Mine runs Linux "out of the box".)

Yes, this is a non-linux model, v3-something, I think. I'd have to
wrestle it out of a closet to read the specific model version label.

On Tuesday 31 May 2011 17:43 in comp.os.linux.networking, somebody
identifying as Philip wrote...

> Aragorn wrote:
>
>> On Tuesday 31 May 2011 02:21 in comp.os.linux.networking, somebody
>> identifying as Philip wrote...
>>
>>> I have a WRT54G. Everythig was working fine until today.
>>>
>>> I had ports 80 (http), 443 (https) and ports 20-22 (ftp and ssh)
>>> forwarded to a internal static IP (192.168.1.140) server. I also had
>>> port 8082 forawarded to internet camera with the static IP
>>> 192.168.1.151.
>>>
>>> Today I bought a new internet camera to replace one that failed. I
>>> set it up as another static IP 192.168.1.150 on port 8081 and set
>>> the WRT54G to forward to it.
>>
>> So, judging by what you are saying here, I take it that you have
>> *two* cameras, and that your layout is something like...
>>
>> Would that be correct, or are there any other machines still on your
>> LAN (and if so, how many)?
>
> Using your nomenclature, my local network looks like this
>
> INTERNET
> |
> ________WRT54G router
> | | |
> | | bridge (office)
> | | |
> | wireless |
> | | |_ port 20______
> | | |_ port 22______|
> | | |_ port 80___server 192.168.1.140 Fedora12 webserver
> | | |_ port 443______|
> | | |
> | | |_ 192.168.1.nnn (dhcp) WindowsXP
> | |
> | |_ port 8081__ camera1 192.168.1.150
> | |_ port 8082__ camera2 192.168.1.151
> |
> |___________________ 192.168.1.nnn (dhcp) Fedora14 misc
> |
> DLink DHP-301 powerline adapters
> |
> bridge (media console)
> |_ port 8000 192.168.1.101 (dhcp) Fedora14 mpd music
> |player
> |_ 192.168.1.nnn (dhcp) media box Fedora14
> |_ 192.168.1.nnn (dhcp) BD-Player Sony BDP-S370
>
>>> Now for some inexplicable reason, everything works except for ports
>>> 80 and 443. In other words ssh, ftp and internet cams are accessible
>>> from outside. However, when I try to access the the webserver, I can
>>> see that the forwarding is not working. The browser responds asking
>>> for a WRT54G login/password. If I try to access the webserver
>>> directly at 192.168.1.140 it works fine. So clearly the WRT54G is
>>> picking on ports 80 for some reason. It is not my ISP blocking the
>>> port as I can see the login/password prompt indicating it is my
>>> WRT54G domain.
>>
>> If you have more machines or appliances on your LAN than what you've
>> mentioned here, then chances are that you'll be using a switch to
>> uplink to your router - I myself have a WRT54GL[*] and it has only 4
>> ethernet ports for LAN. As such, it is quite possible that you've
>> created a conflict by swapping ethernet cables around.
>
> Yes I have a couple of bridges as I noted in the layout above.

By "bridges", I take it you mean "switches"?

> Here is a table of what is working and what is not:
> Application Start End Protocol IP Address Enable
> Working?
> http 80 80 Both 192.168.1.140 yes NO
> ssh 22 22 Both 192.168.1.140 yes YES
> ftp 20 21 Both 192.168.1.140 yes YES
> cam1 8081 8081 Both 192.168.1.150 yes YES
> torrent 6881 6999 Both 192.168.1.103 no
> cam2 8082 8082 Both 192.168.1.151 yes YES
> https 443 443 Both 192.168.1.140 yes NO
> mpd 8000 8000 Both 192.168.1.101 yes NO
>
>> You will need to check on IP address/MAC address mismatches. If
>> you're using an external switch to connect to your router, try
>> resetting the switch by unplugging it from the power outlet for a few
>> seconds and then plugging it in again. Also make sure that
>> everything is still set up in the router's configuration utility as
>> it is supposed to be. You may also need to reset the router,
>> depending on what the actual problem is.
>
> I reset every bridge and rest every computer. After some
> experimentation, I believe that the router is in a bad state. I did
> hard reset it before posting here the first time, but I reloaded a
> previously saved configuration (which may be corrupted?).

Such corruption *is* possible...

> I am going to hard reset it back to factory defaults and manually
> reconfigure it. I'll have to do that later as it would disrupt some
> work I need to complete first.

Okay... Well, I hope that'll work.

> Why do I think the router is in a bad state? Well I tried disabling
> all the forwarded ports, but the router continued to forward to the
> working servers. When I access from the internet side, the Router's
> http server is clearly grabbing all the http packets and not
> forwarding them.

That does indeed suggest corruption, and since you've reset the machine,
the corruption must be in a saved state, i.e. in the configuration file
on the router.

>> Sorry - best educated guess I can make at this point. Only _you_
>> know what you've done. ;-)
>
> Very true. I do appreciate the time you spent on thoughtfully looking
> at my problem.

Considering that I'm not a network/router specialist, it was the best I
could do. :-)

>>[*] I believe your router is an earlier model, so I'm not familiar
>> with its firmware. (Mine runs Linux "out of the box".)
>
> Yes, this is a non-linux model, v3-something, I think. I'd have to
> wrestle it out of a closet to read the specific model version label.

Perhaps it would be best if you keep us posted on your progress. That
way, people experiencing similar problems can find this thread again
and more correctly diagnose the problem on their end.

Also, I don't know whether your router supports this, but it might be
worth your time investigating an upgrade of the firmware, or replacing
it with DD-WRT or something of the likes (if that is possible).

Good luck! ;-)

--
*Aragorn*
(registered GNU/Linux user #223157)

Aragorn wrote:
> On Tuesday 31 May 2011 17:43 in comp.os.linux.networking, somebody
> identifying as Philip wrote...
>
>> Aragorn wrote:
>>
>>> On Tuesday 31 May 2011 02:21 in comp.os.linux.networking, somebody
>>> identifying as Philip wrote...
>>>
>>>> I have a WRT54G. Everythig was working fine until today.
>>>>
>>>> I had ports 80 (http), 443 (https) and ports 20-22 (ftp and ssh)
>>>> forwarded to a internal static IP (192.168.1.140) server. I also had
>>>> port 8082 forawarded to internet camera with the static IP
>>>> 192.168.1.151.
>>>>
>>>> Today I bought a new internet camera to replace one that failed. I
>>>> set it up as another static IP 192.168.1.150 on port 8081 and set
>>>> the WRT54G to forward to it.
>>>
>>> So, judging by what you are saying here, I take it that you have
>>> *two* cameras, and that your layout is something like...
>>>
>>> Would that be correct, or are there any other machines still on your
>>> LAN (and if so, how many)?
>>
>> Using your nomenclature, my local network looks like this
>>
>> INTERNET
>> |
>> ________WRT54G router
>> | | |
>> | | bridge (office)
>> | | |
>> | wireless |
>> | | |_ port 20______
>> | | |_ port 22______|
>> | | |_ port 80___server 192.168.1.140 Fedora12 webserver
>> | | |_ port 443______|
>> | | |
>> | | |_ 192.168.1.nnn (dhcp) WindowsXP
>> | |
>> | |_ port 8081__ camera1 192.168.1.150
>> | |_ port 8082__ camera2 192.168.1.151
>> |
>> |___________________ 192.168.1.nnn (dhcp) Fedora14 misc
>> |
>> DLink DHP-301 powerline adapters
>> |
>> bridge (media console)
>> |_ port 8000 192.168.1.101 (dhcp) Fedora14 mpd music
>> |player
>> |_ 192.168.1.nnn (dhcp) media box Fedora14
>> |_ 192.168.1.nnn (dhcp) BD-Player Sony BDP-S370
>>
>>>> Now for some inexplicable reason, everything works except for ports
>>>> 80 and 443. In other words ssh, ftp and internet cams are accessible
>>>> from outside. However, when I try to access the the webserver, I can
>>>> see that the forwarding is not working. The browser responds asking
>>>> for a WRT54G login/password. If I try to access the webserver
>>>> directly at 192.168.1.140 it works fine. So clearly the WRT54G is
>>>> picking on ports 80 for some reason. It is not my ISP blocking the
>>>> port as I can see the login/password prompt indicating it is my
>>>> WRT54G domain.
>>>
>>> If you have more machines or appliances on your LAN than what you've
>>> mentioned here, then chances are that you'll be using a switch to
>>> uplink to your router - I myself have a WRT54GL[*] and it has only 4
>>> ethernet ports for LAN. As such, it is quite possible that you've
>>> created a conflict by swapping ethernet cables around.
>>
>> Yes I have a couple of bridges as I noted in the layout above.
>
> By "bridges", I take it you mean "switches"?
>
>> Here is a table of what is working and what is not:
>> Application Start End Protocol IP Address Enable
>> Working?
>> http 80 80 Both 192.168.1.140 yes NO
>> ssh 22 22 Both 192.168.1.140 yes YES
>> ftp 20 21 Both 192.168.1.140 yes YES
>> cam1 8081 8081 Both 192.168.1.150 yes YES
>> torrent 6881 6999 Both 192.168.1.103 no
>> cam2 8082 8082 Both 192.168.1.151 yes YES
>> https 443 443 Both 192.168.1.140 yes NO
>> mpd 8000 8000 Both 192.168.1.101 yes NO
>>
>>> You will need to check on IP address/MAC address mismatches. If
>>> you're using an external switch to connect to your router, try
>>> resetting the switch by unplugging it from the power outlet for a few
>>> seconds and then plugging it in again. Also make sure that
>>> everything is still set up in the router's configuration utility as
>>> it is supposed to be. You may also need to reset the router,
>>> depending on what the actual problem is.
>>
>> I reset every bridge and rest every computer. After some
>> experimentation, I believe that the router is in a bad state. I did
>> hard reset it before posting here the first time, but I reloaded a
>> previously saved configuration (which may be corrupted?).
>
> Such corruption *is* possible...
>
>> I am going to hard reset it back to factory defaults and manually
>> reconfigure it. I'll have to do that later as it would disrupt some
>> work I need to complete first.
>
> Okay... Well, I hope that'll work.
>
>> Why do I think the router is in a bad state? Well I tried disabling
>> all the forwarded ports, but the router continued to forward to the
>> working servers. When I access from the internet side, the Router's
>> http server is clearly grabbing all the http packets and not
>> forwarding them.
>
> That does indeed suggest corruption, and since you've reset the machine,
> the corruption must be in a saved state, i.e. in the configuration file
> on the router.
>
>>> Sorry - best educated guess I can make at this point. Only _you_
>>> know what you've done. ;-)
>>
>> Very true. I do appreciate the time you spent on thoughtfully looking
>> at my problem.
>
> Considering that I'm not a network/router specialist, it was the best I
> could do. :-)
>
>>>[*] I believe your router is an earlier model, so I'm not familiar
>>> with its firmware. (Mine runs Linux "out of the box".)
>>
>> Yes, this is a non-linux model, v3-something, I think. I'd have to
>> wrestle it out of a closet to read the specific model version label.
>
> Perhaps it would be best if you keep us posted on your progress. That
> way, people experiencing similar problems can find this thread again
> and more correctly diagnose the problem on their end.
>
> Also, I don't know whether your router supports this, but it might be
> worth your time investigating an upgrade of the firmware, or replacing
> it with DD-WRT or something of the likes (if that is possible).
>
> Good luck! ;-)

I solved the problem.

To make a long story short, I reset the router to factory defaults
several times, but everytime as I enabled wireless and brought up the
wireless cameras, the port forwarding would go bonkers and route
directly to the new camera.

Again to make the story short, I eventually determined that the new
camera had UPnP capability and UpNP forwarding on by default. The WRT54G
also has UPnP enabled on by default. The WRT54 also seems to have the
wierd feature of totally ignoring its forwarding table as soon as the
first UPnP device with forwarding shows up.

This totally explains why my router seemed to go nuts as soon as the new
camera was hooked up. Definitely an undocumented feature in the WRT54G.
I guess they decide you either used all UPnP based automatic forwarding
configuration or the router's forwarding table; no mash up up the two.

Turing off the UPnP on the new camera restored sanity to my network. Now
all is well and I can access my web server again.

Thanks to all with the hints. It helped me pinpoint the issue.

On Thursday 02 June 2011 06:21 in comp.os.linux.networking, somebody
identifying as Philip wrote...

> [...]
> I solved the problem.
>
> To make a long story short, I reset the router to factory defaults
> several times, but everytime as I enabled wireless and brought up the
> wireless cameras, the port forwarding would go bonkers and route
> directly to the new camera.
>
> Again to make the story short, I eventually determined that the new
> camera had UPnP capability and UpNP forwarding on by default. The
> WRT54G also has UPnP enabled on by default. The WRT54 also seems to
> have the wierd feature of totally ignoring its forwarding table as
> soon as the first UPnP device with forwarding shows up.
>
> This totally explains why my router seemed to go nuts as soon as the
> new camera was hooked up. Definitely an undocumented feature in the
> WRT54G. I guess they decide you either used all UPnP based automatic
> forwarding configuration or the router's forwarding table; no mash up
> up the two.
>
> Turing off the UPnP on the new camera restored sanity to my network.
> Now all is well and I can access my web server again.
>
> Thanks to all with the hints. It helped me pinpoint the issue.

Thank you for reporting back with the results of the diagnosis. ;-)
Google archives Usenet[*], and as such the problem and the solution
are saved for posterity. ;-)

[*] Sadly enough, it also allows people to post to Usenet by way of
Google, but that's another issue. ;-)

--
*Aragorn*
(registered GNU/Linux user #223157)