12-27-2014 12:19 AM
That is odd - I've just checked my port forwarding rules and the fifth one (my UniFi controller) works fine.
Try SSH'ing into the USG and executing the following command:
mca-ctrl -t dump-cfg
The output of this will show what forwarding rules are actually in place on the USG (search for "WAN_IN" in the text).
12-29-2014 10:47 AM
It shows the ones that are working, but none of the other rules that clearly show in the web interface.
I tried adding them again and used putty to see if anything changed, but nothing is different.
Is there a CLI command that I can use to add the rules instead of the web interface?
12-30-2014 06:25 AM
I'm aware of that. I currently have 3 pages of rules according to the web interface, but the rest don't work and don't show up when I use putty to show the info using your command.
Is it difficult to add a port forwarding rule via the CLI? Can someone give me the command structure and I will give it a try. This is very frustrating not being able to use most of my cameras.
12-30-2014 07:07 AM
Apologies - I misread your post. I read it that you could only see three of them in the UI, hence my response.
Have a look in the knowledge base for articles on the USG - there are some there with details on how to configure things outside of the UI. Note, this isn't through the CLI as this isn't persistent. You need to create a config JSON file on the controller, which contains the output of the dump-cfg command modified to meet your requirements. The JSON is fairly self explanatory for the WAN_IN section, so copy the portion of that which you need.
12-30-2014 07:25 AM
Thanks for the reply.
Unfortunately this is what I was trying to avoid by getting the USG. I am not well versed in the CLI and just wanted a basic easily configured wired router to use with my Unifi APs. The port forwarding is really the only configuration item that I need to use and it doesn't work correctly.
I will take a look at the knowledgebase and try and figure it out or I will revert back to my old router.
12-30-2014 07:37 AM
The thing is, it's only not working on your USG. I have a USG as well, and it's working fine with 7 port forwarding rules.
If you haven't upgraded already to v4.5.2 (in the VoIP forum) I suggest you do that, and reset your USG to factory defaults, then reconfigure. I would do the reset in case you have a corrupted configuration that is blocking the port forwarding from working.
12-30-2014 02:51 PM
OK. I factory defaulted it. It comes back with the name reverted back to the mac address and ready to adopt, so I adopt it. Now, I go in to create the port forwarding rules and they are already there. So much for a factory default. I deleted the rules, rebooted it, and entered all 10 port forward rules again.
The funny thing is that after all of that, the first 3 work and the rest do not. Same as original problem.
I even used an online port checker to verify the ports are not open.
12-31-2014 11:21 AM
Just re-read your post - you need to remember that the configuration is in the controller, not the USG so factory resetting the USG won't remove the port forwarding settings, as they are in the controller.
This is what I'd do:
- download the 4.5.2 version of the controller
- forget the USG in the controller and power off
- uninstall the controller software and delete the Ubiquiti UniFi folder
- install the 4.5.2 version of the controller
- power on the USG and adopt then update the firmware
- configure the USG with your port forwarding settings and test again
12-31-2014 12:25 PM
I've done exactly that and some more.
I actually took it a step further. I defaulted my 2 UAP-Pro access points, forgot the USG and then defaulted it, Uninstalled the Unifi software from my computer and deleted the Unifi folder, rebooted my computer.
Then, instead of using the same USG, I opened up a new one from my warehouse stock (I ordered 4) and started over from scratch.
Now, not only does the port forwarding still not work, but when I open the Unifi 4.5.2 controller software, it flakes out the USG which then cycles between provisioning and disconnected. The Unifi software also goes from running, to showing an error message. Meanwhile, I can't even get on the internet with a hardwired connection to post anything.
12-31-2014 12:59 PM
How can you know that the port forwarding doesn't work if you can't sustain an internet connection?
If you SSH into the USG, what does the log say the unit is doing when it does the provisioning/disconnect loop?
12-31-2014 01:10 PM
Because the internet will work for about 30 seconds between each cycle.
I started over from scratch again (process listed above) and each step of the way I waited to see if I would encounter any problems.
I adopted all 3 devices (2 UAP-Pro and USG)
I renamed each device (alias)
I changed the DHCP range of the router to 192.168.1.100 - 192.168.1.149
At this point everything work normally.
I added 1 port forwarding rule and it hung up and said provisioning for at least 20 minutes, so I deleted the rule and now it seems fine.
It is definitely related to the port forwarding.
I would be more than willing to have someone log into my computer via TeamViewer and take a look.
I use Putty to SSH into the USG and it shows Welcome to EdgeOS, but nothing beyond the cursor waiting for input.
earlier I was watching it during the Loop and it was indicating that it was shutting down to restart or something along those lines.
12-31-2014 01:29 PM
I added my PF rules one by one using no spaces or hyphenation in the names and (knock on wood) everything seems to be working correctly.
I might try and edit one of the names back to what I tried before to see if that was the cause.
12-31-2014 01:35 PM
The apostrophe may be causing the issue if it's not escaped properly in the controller code before being written out to the config file.
If that's the case, that's definitely a bug!