Why doesn’t the Keenetic Ultra (model KN-1811) open ports when configuring port forwarding? Problem with port redirection to RDP server: all ports have been checked and match, I have a white IP address, but the ports aren’t opening. Details and screenshots are available upon request.
Port forwarding may not work on Keenetic Ultra KN-1811 for several reasons, even with a white IP address and correct port matching. The main issues include lack of a public IP address on the WAN interface, incorrect NAT configuration, firmware issues, or problems with the RDP server itself.
Table of Contents
- Main reasons for port forwarding not working
- Checking for a public IP address
- Setting up NAT rules and port forwarding
- Firmware and software version issues
- Setting up DMZ host as an alternative solution
- Additional checks and diagnostics
- Conclusion
Main reasons for port forwarding not working
The most common reasons why ports don’t open on Keenetic Ultra KN-1811:
-
Lack of public IP address: The router must have a “white” global IP address on the WAN interface through which the Internet connection is established 1.
-
Service not running: The service or application to which port forwarding is directed must be running for the port to be seen as “open” when checked 2.
-
Incorrect NAT settings: Improper configuration of Network Address Translation (NAT) rules 3.
-
Router operation mode issues: Keenetic must be operating in router mode (switch in position A) 4.
Checking for a public IP address
A critical factor - having a public IP address on the WAN interface. This is a mandatory requirement for port forwarding to work.
In the port forwarding settings in NAT, a “white” global (public) IP address must be present on the WAN interface of the internet center through which the connection to the Internet is established 1.
How to check and fix:
-
Check the IP address:
- Log in to the router’s web interface
- Go to the “Network” → “Internet” section
- Ensure that the connection type is “Dynamic IP address”
- Verify that the WAN interface has a public IP address (does not start with 192.168, 10.x.x.x, or 172.16-172.31.x.x)
-
If the IP is gray (dynamic):
- Contact your internet service provider to request a static IP address
- Consider using a DDNS service to work with dynamic IPs
Setting up NAT rules and port forwarding
Proper port forwarding setup requires attention to detail.
Step-by-step setup for RDP (TCP 3389):
-
In the device’s web configurator:
- Go to the “Security” → “Network Address Translation (NAT)” section
- Create a new port forwarding rule
-
Rule parameters:
- External port: 3389 (or another if needed)
- Internal port: 3389
- Protocol: TCP
- Internal IP: IP address of your RDP server on the local network
- Interface: Primary or secondary internet interface
-
Important note:
In Keenetic settings, you will need to open a specific TCP/UDP port used for incoming connections. In our example, RDP by default uses port number 3389 5.
Firmware and software version issues
Different firmware versions (NDMS) have different configuration interfaces.
NDMS versions 2.11 and earlier:
- The configuration interface differs from newer versions
- Port forwarding rules are created through “Network Address Translation (NAT)” 6
NDMS versions 2.12 and newer:
- The interface has been changed
- Port forwarding setup is located in the “Internet” → “Port forwarding” section
Firmware update:
- Go to the “System” → “Update” section
- Check for the latest firmware version
- Update if a new version is available
Setting up DMZ host as an alternative solution
If forwarding individual ports doesn’t work, you can use DMZ host mode.
Forwarding all ports to a host on the local network (organizing a DMZ host) 7.
How to set up DMZ host:
-
In the web interface:
- Go to the “Security” → “DMZ host” section
- Enable DMZ host mode
- Specify the IP address of your RDP server
- Save the settings
-
Important: DMZ host opens ALL ports on the specified device, reducing security.
Additional checks and diagnostics
If the main settings are correct but ports still don’t open, perform additional checks:
1. Check RDP server functionality:
- Ensure that the Remote Desktop service is running on the server
- Verify that RDP is enabled in system properties
- Make sure the Windows firewall allows connections to port 3389
2. Check via online port scanner:
- Use services like canyouseeme.org or portchecker.co
- Specify your external IP address and port 3389
- Check the result
3. Check router logs:
- In the “System” → “Logs” section, review error messages
- Look for entries related to NAT or port forwarding
4. Test other ports:
- Try forwarding a different port (e.g., 80 for HTTP)
- Check if forwarding works for other services
Conclusion
The main reasons why Keenetic Ultra KN-1811 doesn’t open ports for RDP:
- Lack of public IP address - the most common problem requiring contact with the provider
- Incorrect NAT rule configuration - check all parameters of the port forwarding rule
- RDP server not running - ensure that the Remote Desktop service is working
- Firmware issues - update software to the latest version
- Alternative setup needed - consider using DMZ host
Recommended actions:
- Check for a public IP address
- Reconfigure the port forwarding rule with correct parameters
- Verify RDP server and its service functionality
- If the problem persists, use diagnostic tools to identify the point of failure
If the problem remains, it’s recommended to provide detailed screenshots of settings and check results for more accurate diagnosis.