I wish to access my Asus aam6000ev ADSL router from the WAN side. It
is using NAT and I have added port forwarding for port 80 to the local
IP address of the router but this is not working.

---

Clarification of Question by 928fan-ga on 17 Nov 2002 15:24 PST

If I open the port it works until the router is reset, then all the
settings are lost. Will happily pay more for some info in this

---

Request for Question Clarification by izzard-ga on 06 Dec 2002 04:28 PST

Might I suggest that if "all the settings are lost" when your router
is reset then you have a fundamental problem with your router?  What
have the reseller/manufacturer told you by way of an explanation for
it forgetting its setup?

---

Clarification of Question by 928fan-ga on 06 Dec 2002 05:26 PST

Sorry, I should have made it clear that only the port forwarding
settings are lost when the router is reset. If I map port 80 to port
80 on the LAN address of the router I can remotely log in to the web
interface of the router by pointing to the WAN IP address. I realise
that anyone else can do this as well but the web configuation is
password protected on the first screen and I am obviously not using
the default user name and password. OK, this is not as secure as SSL
etc but I don't have any servers behind the router on the LAN. As long
as the router is not reset it keeps this port forwarding and I can log
in remotely, add another port forward to let me remotely control one
of the LAN machines, do what I have to do and then close this port,
just leaving the port forwarding to port 80 on the router.

The fact that port forwarding settings are discarded on reset MUST be
a deliberate feature. It just seems a bizarre way of doing it. Is this
normal? I have got no response from Asus on this point.

---

Request for Question Clarification by izzard-ga on 06 Dec 2002 07:07 PST

Okay - what firmware revision does the router have?  From what I have
found so far, this is a known bug with certain versions (i.e.
"forgetting" settings in the IP Filtering system - and therefore
possibly including port forwarding).

Alternatively - have you ever upgraded the firmware on the router
since you acquired it?

---

Clarification of Question by 928fan-ga on 06 Dec 2002 09:37 PST

The router firmware is 71146a1 and no, I havn't updated it.

Okay, well this is one supporting claim as evidence of the bug I was
referring to:

“This is based on my experiences with an ASUS AAM6000EV router,
firmware revision 71146a1...”
“...Do I have to reset the router for IP Filter rules to be applied?
No, they're active once you've submitted them. In fact, don't reset
the router after entering IP Filter rules, since there are bugs in IP
Filter that will render them useless.”

That is from: “ASUS router IP Filter FAQ”
http://www.schneider.eclipse.co.uk/asus/ipfilterfaq.htm#bugs

I haven’t had much joy with the official Asus site, but this next page
seems to list firmware for your model, and suggests there have been at
least two revisions since your particular version was released..

“New Zealand DSL Information”
http://www.nzdsl.co.nz/software/asus/Default.htm

I made sure the ZIP file of the latest release (v 71205a32) could be
downloaded, and it does contain instructions for making the upgrade. 
My suggestion is that you give that a go.  That page doesn’t document
the changes they made, but it’s likely they have fixed the above bug
since I have found it pointed out in few places.  Make sure you have a
backup first, and of course I can’t assure you that this version will
definitely work for you or that it won’t explode your router.  As an
IT professional I ‘always practice safe firmware flashes’ myself!

Another page that has this firmware upgade is Solwise’s downloads
directory ( http://www.solwisefiles.co.uk/adsl.htm ).  They are a UK
reseller for Asus.  The link to the file is “Version 71205A32 of Asus
EV router firmware” ( http://www.solwisefiles.co.uk/files/71205a32.zip
).

I hope this sorts out your problem – you should then be able to set
the port forwarding again and have it stay that way.  Good luck.

If anything is unclear, please do request clarification of the answer
before you rate my response.  Thanks!

---

Request for Answer Clarification by 928fan-ga on 10 Dec 2002 00:31 PST

I think this is going to work. I've got the new firmware and will
install it the next time I'm on site (should be some time this week).
Thanks for your help, I'll let you know how I get on, rate the
question, and pay my dues. Thanks.

---

Clarification of Answer by izzard-ga on 10 Dec 2002 14:12 PST

Good luck!

---

Request for Answer Clarification by 928fan-ga on 12 Dec 2002 00:14 PST

Bad news I'm afraid. I updated the firmware to 71146a32 and, I think,
I got a couple more options in the menus but I didn't look too
closely. However, the port forwarding settings still disappear if I
reset or restart the router. I'm not using any IP Filters at the
moment so I can't comment on any possible changes there. Damn!

---

Clarification of Answer by izzard-ga on 12 Dec 2002 04:26 PST

I am sorry too, believe me :(
I think that really the only option left now is to send the router
back.  It is simply not acceptable for a router to lose its settings
like this.  At least you can tell them you have installed the latest
firmware, and it still does not function to your satisfaction.  If
they insist it is by design (I would be surprised) then persuade them
you want a different model.

- Izzard

The problem was not solved but I appreciate the effort put in to try and solve it.

You could do something like this:

1) Open up an arbitrary port, like 4742 or something to a machine
behind your router.

2) Install a proxy server on this machine on that port. It could
either be a simple proxy server, or a web server running a cgi-based
proxy. (The latter would be better).

Then, from outside of your router, you can just do http://host:4742/
and type in the relative name of your router's web configuration page,
just as you would from within the router'd network.

If this works, let me know and I'll post it as an answer.

Do you have SSH running on any servers behind the firewall? If so, do
you have the SSH port open through the firewall? If you do, you can
use SSH tunneling to open a tunnel from the local machine through the
SSH server to the ADSL router. To the ADSL router, the traffic will
appear to be coming from inside of your firewall.

One big benefit to this is that all of your HTTP traffic to/from the
ADSL router is encrypted between the SSH server and your local
machine. Another benefit is that you haven't opened up access to the
ADSL web interface to the whole world, you just have SSH open (which
you will probably want to have anyways).

If you've got some money to spend, setting up a VPN would be another
solution (the SSH tunneling is really just a poor man's VPN).

The simplest solution to this would be remote administration of a
system on the LAN behind the router to manage the router, unless
there's a way to force the router to open the outside port every time
it resets.

Are you sure that you really want to open access to manage the router
from outside, though? That's almost begging someone to compromise the
router...