Veteran Member
Posts: 4,919
Registered: ‎09-26-2013
Kudos: 1342
Solutions: 351

Re: USG Firewall Issue - USG ports open, custom ports closed...

That is odd - I've just checked my port forwarding rules and the fifth one (my UniFi controller) works fine.

 

Try SSH'ing into the USG and executing the following command:

 

mca-ctrl -t dump-cfg

 

The output of this will show what forwarding rules are actually in place on the USG (search for "WAN_IN" in the text).

 

Cheers,

Andrew

New Member
Posts: 23
Registered: ‎03-10-2013

Re: USG Firewall Issue - USG ports open, custom ports closed...

It shows the ones that are working, but none of the other rules that clearly show in the web interface.

 

I tried adding them again and used putty to see if anything changed, but nothing is different.  

 

Is there a CLI command that I can use to add the rules instead of the web interface?

Veteran Member
Posts: 4,919
Registered: ‎09-26-2013
Kudos: 1342
Solutions: 351

Re: USG Firewall Issue - USG ports open, custom ports closed...

The UI only shows three at a time - you should see the page forward/backward buttons underneath the third entry like this:

 

2of2.png

Cheers,

Andrew

New Member
Posts: 23
Registered: ‎03-10-2013

Re: USG Firewall Issue - USG ports open, custom ports closed...

I'm aware of that.  I currently have 3 pages of rules according to the web interface, but the rest don't work and don't show up when I use putty to show the info using your command.

 

Is it difficult to add a port forwarding rule via the CLI?  Can someone give me the command structure and I will give it a try.  This is very frustrating not being able to use most of my cameras.

Veteran Member
Posts: 4,919
Registered: ‎09-26-2013
Kudos: 1342
Solutions: 351

Re: USG Firewall Issue - USG ports open, custom ports closed...

Apologies - I misread your post.  I read it that you could only see three of them in the UI, hence my response.

 

Have a look in the knowledge base for articles on the USG - there are some there with details on how to configure things outside of the UI.  Note, this isn't through the CLI as this isn't persistent.  You need to create a config JSON file on the controller, which contains the output of the dump-cfg command modified to meet your requirements.  The JSON is fairly self explanatory for the WAN_IN section, so copy the portion of that which you need.

 

Cheers,

Andrew

New Member
Posts: 23
Registered: ‎03-10-2013

Re: USG Firewall Issue - USG ports open, custom ports closed...

Thanks for the reply.

 

Unfortunately this is what I was trying to avoid by getting the USG.  I am not well versed in the CLI and just wanted a basic easily configured wired router to use with my Unifi APs.  The port forwarding is really the only configuration item that I need to use and it doesn't work correctly.

 

I will take a look at the knowledgebase and try and figure it out or I will revert back to my old router. 

 

Thanks.

Veteran Member
Posts: 4,919
Registered: ‎09-26-2013
Kudos: 1342
Solutions: 351

Re: USG Firewall Issue - USG ports open, custom ports closed...

The thing is, it's only not working on your USG.  I have a USG as well, and it's working fine with 7 port forwarding rules.

 

If you haven't upgraded already to v4.5.2 (in the VoIP forum) I suggest you do that, and reset your USG to factory defaults, then reconfigure.  I would do the reset in case you have a corrupted configuration that is blocking the port forwarding from working.

 

Cheers,

Andrew

 

New Member
Posts: 23
Registered: ‎03-10-2013

Re: USG Firewall Issue - USG ports open, custom ports closed...

OK.  I factory defaulted it.  It comes back with the name reverted back to the mac address and ready to adopt, so I adopt it.  Now, I go in to create the port forwarding rules and they are already there.  So much for a factory default.  I deleted the rules, rebooted it, and entered all 10 port forward rules again.

The funny thing is that after all of that, the first 3 work and the rest do not.  Same as original problem.

I even used an online port checker to verify the ports are not open.

 

Veteran Member
Posts: 4,919
Registered: ‎09-26-2013
Kudos: 1342
Solutions: 351

Re: USG Firewall Issue - USG ports open, custom ports closed...

Did you upgrade to the 4.5.2 controller?

 

Veteran Member
Posts: 4,919
Registered: ‎09-26-2013
Kudos: 1342
Solutions: 351

Re: USG Firewall Issue - USG ports open, custom ports closed...

Just re-read your post - you need to remember that the configuration is in the controller, not the USG so factory resetting the USG won't remove the port forwarding settings, as they are in the controller.

 

This is what I'd do:

 

- download the 4.5.2 version of the controller

- forget the USG in the controller and power off

- uninstall the controller software and delete the Ubiquiti UniFi folder

- install the 4.5.2 version of the controller

- power on the USG and adopt then update the firmware

- configure the USG with your port forwarding settings and test again

 

Cheers,

Andrew

New Member
Posts: 23
Registered: ‎03-10-2013

Re: USG Firewall Issue - USG ports open, custom ports closed...

I've done exactly that and some more.

 

I actually took it a step further.  I defaulted my 2 UAP-Pro access points, forgot the USG and then defaulted it, Uninstalled the Unifi software from my computer and deleted the Unifi folder, rebooted my computer.

 

Then, instead of using the same USG, I opened up a new one from my warehouse stock (I ordered 4) and started over from scratch.

Now, not only does the port forwarding still not work, but when I open the Unifi 4.5.2 controller software, it flakes out the USG which then cycles between provisioning and disconnected.  The Unifi software also goes from running, to showing an error message.  Meanwhile, I can't even get on the internet with a hardwired connection to post anything.

Veteran Member
Posts: 4,919
Registered: ‎09-26-2013
Kudos: 1342
Solutions: 351

Re: USG Firewall Issue - USG ports open, custom ports closed...

How can you know that the port forwarding doesn't work if you can't sustain an internet connection?

 

If you SSH into the USG, what does the log say the unit is doing when it does the provisioning/disconnect loop?

 

Cheers,

Andrew

New Member
Posts: 23
Registered: ‎03-10-2013

Re: USG Firewall Issue - USG ports open, custom ports closed...

Because the internet will work for about 30 seconds between each cycle.

 

I started over from scratch again (process listed above) and each step of the way I waited to see if I would encounter any problems.

I adopted all 3 devices (2 UAP-Pro and USG)

I renamed each device (alias)

I changed the DHCP range of the router to 192.168.1.100 - 192.168.1.149

At this point everything work normally.

I added 1 port forwarding rule and it hung up and said provisioning for at least 20 minutes, so I deleted the rule and now it seems fine.

It is definitely related to the port forwarding.

I would be more than willing to have someone log into my computer via TeamViewer and take a look.

I use Putty to SSH into the USG and it shows Welcome to EdgeOS, but nothing beyond the cursor waiting for input.

earlier I was watching it during the Loop and it was indicating that it was shutting down to restart or something along those lines.

Veteran Member
Posts: 4,919
Registered: ‎09-26-2013
Kudos: 1342
Solutions: 351

Re: USG Firewall Issue - USG ports open, custom ports closed...

What firmware version does the USG show in the controller?

 

New Member
Posts: 23
Registered: ‎03-10-2013

Re: USG Firewall Issue - USG ports open, custom ports closed...

4.2.2.4717456

New Member
Posts: 23
Registered: ‎03-10-2013

Re: USG Firewall Issue - USG ports open, custom ports closed...

Could the name of the Port Forward Rule cause any problems?

 

For example, if I named one "Austin's Room Camera"?

New Member
Posts: 23
Registered: ‎03-10-2013

Re: USG Firewall Issue - USG ports open, custom ports closed...

I added my PF rules one by one using no spaces or hyphenation in the names and (knock on wood) everything seems to be working correctly.

 

I might try and edit one of the names back to what I tried before to see if that was the cause.

Veteran Member
Posts: 4,919
Registered: ‎09-26-2013
Kudos: 1342
Solutions: 351

Re: USG Firewall Issue - USG ports open, custom ports closed...

The apostrophe may be causing the issue if it's not escaped properly in the controller code before being written out to the config file.

 

If that's the case, that's definitely a bug!

 

Cheers,

Andrew

New Member
Posts: 23
Registered: ‎03-10-2013

Re: USG Firewall Issue - USG ports open, custom ports closed...

That is absolutely the problem.  I added it back in and it got stuck provisioning.  

Veteran Member
Posts: 4,919
Registered: ‎09-26-2013
Kudos: 1342
Solutions: 351

Re: USG Firewall Issue - USG ports open, custom ports closed...

@UBNT-MikeD - bug in port forwarding code, controller 4.5.2, when description contains an apostrophe?

 

Cheers,

Andrew