Hardware NAT seem broken port forwarding

Issue #142 resolved

dateno1 created an issue 2021-08-06

I was used Asus AC68U (2021.03(lastest)/ARM)

‌

Recently i was changed internet speed to 100Mbps to 500Mbps

‌

but speedtest result is 180~200Mbps is maximum

‌

Today i found ‘Advanced - Miscellaneous - CTF (Cut-Through Forwarding) and HW acceleration’ option

‌

It boost speed to 480~485Mbps but create another problem

‌

I was operate Web and IRC server (All of them use TLS 1.2/1.3 only) and connect on Lan port (using port forwarding)

‌

but It break Server connection (sorry i hasn’t any plain text server ~~and not tested~~)

‌

I can’t connect my server from Local by domain address (try web address on firefox and irc address on KVIrc)

‌

It seem break ~~TLS or~~ Port forwarding

‌

I can recover connection by disable CTF but it create speed problem

‌

Comments (8)

dateno1 reporter
- changed title to Hardware NAT seem broken TLS or port forwarding
- edited description
- 2021-08-06T17:08:17+00:00
dateno1 reporter
I was Tested with temporary server

‌

It seem CTF break Port Forwarding

‌

Can you seperate CTF and Hardware Flow Accelerator?
- 2021-08-06T17:19:51+00:00
dateno1 reporter
- changed title to Hardware NAT seem broken port forwarding
- marked as major
- edited description
- 2021-08-06T17:21:23+00:00
rs232
Since it can be many different things, can you try this on the relevant port/s first?

https://canyouseeme.org/

Is that’s broken please post the output of this command:
```
iptables -t nat -nvL WANPREROUTING
```
‌
- 2021-08-07T11:40:22+00:00
M_ars
For port forwarding to work, that traffic has to be marked to bypass CTF (currently not done at the firewall code) → that traffic will not be accelerated

→ you can use a custom rule for now

ask google or look at the tomato forum, you will find it

for example

https://www.linksysinfo.org/index.php?threads/cut-through-forwarding-port-forwarding-on-asus-routers.76217/

https://www.linksysinfo.org/index.php?threads/2021-2-enabling-ctf-breaks-port-forwarding.76527/#post-326328

…

‌
- 2021-08-07T18:08:22+00:00
edrikk
You mention this but Im not sure it was intentional or not.

I believe port forwarding works with CTF, but not while you’re on the LAN. Try it on your phone with WIFI turned off.

I believe it is actually NAT Loopback that is incompatible with CTF. My reading led me to find that although convenient it’s probably best to disable NAT Loopback, and put the host names in manually when needed (eg DNSMasq custom box or static DHCP name).
- 2021-08-07T21:03:00+00:00
dateno1 reporter
For port forwarding to work, that traffic has to be marked to bypass CTF (currently not done at the firewall code) → that traffic will not be accelerated

→ you can use a custom rule for now

ask google or look at the tomato forum, you will find it

for example

https://www.linksysinfo.org/index.php?threads/cut-through-forwarding-port-forwarding-on-asus-routers.76217/

https://www.linksysinfo.org/index.php?threads/2021-2-enabling-ctf-breaks-port-forwarding.76527/#post-326328

Thanks for help

‌

It seem work with client’s port forwarding

‌

I found new problem

‌

This method not work with Router’s ‘Internal VPN Server’

‌
- 2021-08-08T00:34:48+00:00
pedro repo owner
- changed status to resolved
fixed: https://bitbucket.org/pedro311/freshtomato-arm/commits/c494d5d110448fe08ede05036cff433763f3bc64
- 2021-08-10T16:28:44+00:00
Log in to comment

Assignee: –

Type: bug

Priority: major

Status: resolved

Votes: 0

Watchers: 1