- changed title to Hardware NAT seem broken TLS or port forwarding
- edited description
Hardware NAT seem broken port forwarding
I was used Asus AC68U (2021.03(lastest)/ARM)
Recently i was changed internet speed to 100Mbps to 500Mbps
but speedtest result is 180~200Mbps is maximum
Today i found ‘Advanced - Miscellaneous - CTF (Cut-Through Forwarding) and HW acceleration’ option
It boost speed to 480~485Mbps but create another problem
I was operate Web and IRC server (All of them use TLS 1.2/1.3 only) and connect on Lan port (using port forwarding)
but It break Server connection (sorry i hasn’t any plain text server and not tested)
I can’t connect my server from Local by domain address (try web address on firefox and irc address on KVIrc)
It seem break TLS or Port forwarding
I can recover connection by disable CTF but it create speed problem
Comments (8)
-
reporter -
reporter I was Tested with temporary server
It seem CTF break Port Forwarding
Can you seperate CTF and Hardware Flow Accelerator?
-
reporter - changed title to Hardware NAT seem broken port forwarding
- marked as major
- edited description
-
Since it can be many different things, can you try this on the relevant port/s first?
Is that’s broken please post the output of this command:
iptables -t nat -nvL WANPREROUTING
-
For port forwarding to work, that traffic has to be marked to bypass CTF (currently not done at the firewall code) → that traffic will not be accelerated
→ you can use a custom rule for now
ask google or look at the tomato forum, you will find it
for example
…
-
You mention this but Im not sure it was intentional or not.
I believe port forwarding works with CTF, but not while you’re on the LAN. Try it on your phone with WIFI turned off.
I believe it is actually NAT Loopback that is incompatible with CTF. My reading led me to find that although convenient it’s probably best to disable NAT Loopback, and put the host names in manually when needed (eg DNSMasq custom box or static DHCP name).
-
reporter For port forwarding to work, that traffic has to be marked to bypass CTF (currently not done at the firewall code) → that traffic will not be accelerated
→ you can use a custom rule for now
ask google or look at the tomato forum, you will find it
for example
Thanks for help
It seem work with client’s port forwarding
I found new problem
This method not work with Router’s ‘Internal VPN Server’
-
repo owner - changed status to resolved
- Log in to comment