Monday, April 2, 2012

Setting up HTTP and FTP servers behind an Asus RT-N56U wireless router

I've been using the same router in my system since - gasp - 2004!  It was a Xincom, and it's big claim to fame back then was it supported dual WAN inputs.

This was a big deal when internet bandwidth was hard to come by.  The easiest way of getting more bandwidth was to sign up with more than one ISP.  I did just that, and bought hardware to match.

However, I dropped the dual internet connections a long time ago, and pretty much ignored the poor thing until it died last night.  It's been a fantastic piece of kit, having outlasted nearly every other piece of hardware I've ever bought.  Including the second Linksys WRT54G that I had for both wireless and backup purposes, which also turned out to be busted.

The failure was weird, too - it got Alzheimers.  Stopped remembering it's own password, as well as all of the other settings, and usually (but not always) forgot to answer the door when you came round to knock.  I suspect the EEPROM/Flash memory finally wore out.


Router benchmarks are hard to come by.  Thank God for the SmallNetBuilder Router Charts.  I would certainly have picked the 'wrong' router if not for these little babies.

("Wrong" being a relative term, of course.  Once the Xincom finally kicked it, I quickly realized that it was probably bottlenecking my whole internet experience.  It did not do LAN routing - I have dedicated switches for that - but I can't deny my internet connection should be faster.)

Anyway, ended up buying the RT-N56U.  Nice unit.  But it has some irritating quirks in the setup.

First is the web server.  It has it's own built-in web server, theoretically to allow you to remotely configure it over the internet.

But all you get in the configuration screen is a poorly worded warning about potential conflicts between an external server and the internal server:

"When your network's firewall is disabled and you set 80 as the HTTP server's port range for your WAN setup, then your http server/web server would be in conflict with RT-N56U's web user interface."

Well, ain't that helpful.

The FTP service has the same issue:

"When you set 20:21 as your FTP server's port range for your WAN setup, then your FTP server would be in conflict with RT-N56U's native FTP server."


Googling this problem only showed a few forum posts that look like they were written in Punjabi, run through Babelfish to Korean, then translated again into English.  Barely comprehensible and damn near useless.

The solution to these problems is nothing like what you expect from the warning messages, and a damn sight easier than it first appears.  But it did take me a while to figure it out.


First, go to Firewall / General and set "Enable Web Access from WAN?" to NO.  This should disable the internal service that attempts to hijack port 80 from you.

Next, go to WAN / Port Forwarding and set up forwarding for port 80:

  • Service Name = anything you like.
  • Port Range = 80
  • Local IP = the static IP of your web server machine
  • Local Port = 80
  • Protocol = TCP
  • Protocol No. = blank / no entry
Click "Add."  Also remember to click "Enable Port Forwarding?" in the middle of the page!  Then click "Apply".

Your web server should now be 'live', provided your DNS or dynamic DNS service is working properly.  If not, fix up your dynamic DNS first.

(Note:  the RT-N56U has "dyndns.org" and not "dnydns.com".  .org is correct, and should work.)


Next up is the FTP server.  Apparently this one is another internal service that is supposed to let you share a big hard drive connected directly to the RT-N56U USB port, without any other fuss.  Unfortunately, the internal service grabs port 21 away from you as well.

To fix, go to USB Application / FTP Share.  You will see three buttons near the top of the screen.

Annoyingly, they will initially appear as grayed out and inactive, but will suddenly come to life once you wave your mouse pointer over them.  This can be really confusing.

Press the left-most button that says "Disable FTP".  The notification area to the right should say "Share via the FTP is disabled".  This should free up port 21.

Again go to WAN / Port Forwarding and set up forwarding for port 21:

  • Service Name = anything you like.
  • Port Range =21
  • Local IP = the static IP of your FTP server
  • Local Port = 21
  • Protocol = TCP
  • Protocol No. = blank / no entry
Click "Add."  Also remember to click "Enable Port Forwarding?" in the middle of the page!  Then click "Apply".  That should fix up your FTP server.

Note that you do not have to touch the router firewall on/off setting for either of these.  The firewall can stay on.

Of course, you still need an external connection to be able to properly test these.  You can at least test the port forwarding using Dyn's Open Port Tool or some other similar service.  It's really quite handy for nailing down router mis-configurations, such as putting in the wrong LAN address or something.

Personally, I use my Android phone to do final tests of my internal systems using the cellular 3G data network.  It works fine and is easily fast enough for a final check or routine test.


I've only had the RT-N56U for a few hours, so far so good.  The benchmarks put it into the top 3 for every test, so I'm hoping it's going to live up to its promise.  It smokes the oft-quoted WNDR3700, which is now falling behind, and should beat the newer WNDR4200 as well.

Who knows if the wireless performance is really better.  But the wired performance is really why I have it, and in wired is wipes the floor with everything else out there.
 
The only thing I wish is that it was metal.  I do not like these cheapo plastic-wrapped consumer devices any more.  In my experience, they tend to run too hot.

This is only really a problem for me - my office is small, not well ventilated, has a lot of sun exposure, and is packed to the gills with several PCs and monitors that can get the interior temperatures up into the 30s.  This has killed many a gadget in here.

I have upgraded to industrial-grade redundant network switches and even an industrial grade USB hub by Moxa - pricy, but so worth it.  I have cooling fans on the switches, and my PCs are all packed with as many vents and fans as I can get in them.  But the monitors and older PCs do pump out some joules, and my monitors, PSUs, UPSs and other equipment all end up dying sooner or later.

From this, I would feel much better if the RT-N56U had a metal back or case.  The metal would dissipate the heat better, and be easier to cool if I needed to.  I can't help but wonder if the Xincom lasted so long because it has a metal case, while the plastic WRT54G died twice in the same amount of time.

Who knows, I may strap a fan onto the back of the Asus to help cool things off a bit.  Even just sitting there it gets warm.  There are vents on the top (good) but none on the front, back, sides or bottom (stupid).

Still, for $170 or so, when it dies I'll just get another one.  Not everything is going to last as long as that Xincom.

11 comments:

  1. This comment has been removed by the author.

    ReplyDelete
  2. Which firmware version are YOU using? This did NOT work for me! Please, contact me at PresidentJackson@Comcast.NET

    ReplyDelete
  3. Running the latest firmware 3.0.0.4.318 - and it seems as though they removed the Firewall / General setting "Enable Web Access from WAN?"
    I've seen another screen shot of the Firewall / General
    Not sure if this is enabled by default? And can't find way to disable?

    ReplyDelete
  4. I'm suprised at the poor quality of the routers available these days. Question/hints? I've got a web server running, but now I've got a webcam which also uses port 80 that I'm trying to access from the outside. Internally I've assigned my web server to 8080 and this webcam to 81. Any idea how I can make my webcam accessible?

    ReplyDelete
  5. Thanks, super useful, solved my problem!

    ReplyDelete
  6. this no longer works BUT if you go to Administration instead of firewall. There you can disable "Enable Web Access from WAN" but to get port 80 to forward you need to change Authentication Meathod to HTTPS only. But be warned that you will need to type https://router.asus.com:8443 and not just the ip like you used to.

    ReplyDelete
  7. Dude, this article was exactly what I needed. Thanks for saving me several hours of pain and heartache.

    ReplyDelete
  8. YOU ARE GOD !
    email me at skunk3r@gmail.com i buy you a beer .-]

    ReplyDelete
  9. thank you <3 awesome giude

    as Kieran M stated : Enable Web Access from WAN moved from firewall to administration .. i wish asus cancer and aids

    ReplyDelete
  10. Hi all,

    I appreciate everyone chiming in to keep this information relevant and helpful. Thanks!

    ReplyDelete