What to do.................

I now have a request from Draytek for information so that they can login to my router and have a look for themselfs.

Yes let them try by themselves ;)

Not aware of Draytek having accessed my router as yet but after a looooooooooooooooong time staring at the configuration of my router i realised something is / could be wrong!

It's been a long time, well several months perhaps even longer since i had to use SSH remotely, i use it often via the LAN though and i get connected to my internal server on port 22.

In NAT > open ports i have port 22 set up to redirect traffic on port 22 to my internal server and likewise for ports 21 & 80.

Under System Maintenance >> Management > Management Port Setup, ports 21, 22 & 23 are enabled for FTP, SSH & telnet access to the Router.

These clash i believe! as i understand things.

At some point in the past i got away with this without issues, i'm guessing that a firmware upgrade after i did this has created a problem, or i have created the problem and a firmware upgrade failed to prompt me to rectify the problem!?

If i try to change the port numbers under System Maintenance >> Management > Management Port Setup it fails without warning or letting me know it's failed. If i disable or even remove the configuration in NAT > Open Ports and try again i still fail to change settings under System Maintenance >> Management > Management Port Setup.

My gut feeling is that when i try to open port 443 and point it to my server the process fails "Not because theres a problem with the configuration of port 443" but rather a conflict with ports 21,22 or 23.

akwe-xavante wrote:

Under System Maintenance >> Management > Management Port Setup, ports 21, 22 & 23 are enabled for FTP, SSH & telnet access to the Router.

These clash i believe! as i understand things.

Not sure what you mean by those services clashing. For the setup you are trying to create, as long as you don't have 'HTTPS Server' ticked under 'Internet Access Control', have your NAT redirect/open port setup for inbound connections to port 443 as well as your firewall rule setup, you can leave the port numbers for things like FTP, SSH and telnet alone, changing those will only affect local LAN access to those services.

How is your firewall rule setup for allowing port 443? Is your 'source port' set as TCP 1-65535 and destination port set as TCP 443-443?

Did you ever downgrade to firmware v3.8.8.2 as previously suggested?

Did you ever downgrade to firmware v3.8.8.2 as previously suggested?

I didn't downgrade, i decided to wait until Draytek logged into my router and had a poke around for themselfs first.

Whilst waiting for this to happen i occasionly had another look trying to find an answer, trying to find a solution for myself.

Under System Maintenance >> Management > Management Port Setup, ports 21, 22 & 23 are enabled for FTP, SSH & telnet access to the Router.

In NAT > open ports, i had port 22 set up to redirect traffic on port 22 to my internal server and likewise for ports 21 & 80 also.

Ports 21, 22 were configured twice, in Management Port Setup and NAT. They were reserved for remote access to the router AND i opened them (The same Ports) in NAT and pointed them to my server and the router let me do this roughly 18 months / 2yrs ago without warning me of the conflict. Several firmware upgrades later the conflicting settings remained unchallenged by the router.

On trying to open port 443 and point it to my server a warning message was displayed warning me of conflicting settings, i assumed that the conflict was on port 443. It wasn't it was ports 21, 22 and 23.

I closed ports 21, 22 and 23 in NAT, changed port numbers 21,22 and 23 "Under System Maintenance >> Management > Management Port Setup" to different port numbers. I then reopened ports 21, 22, 23, 80 and 443 in NAT and all went well and everything is fine and now working correctly.

Good, glad it's working