I too have had issues with win 7, RDP and  the MI424WR Rev I 40.20.1 Firmware .... My workaround is to use teamviewer http://www.teamviewer.com/en/index.aspx You obviously know more than I about this, I gave up rather quickly

PS are you using RDP 8.0 ??

Update for Windows 7 for x64-based Systems (KB2592687)

Unfortunately, I was simplifing the issue-- it seems to do it no matter what port I try to forward.  I've even tried to open port 8080, 22, etc., and redirect it to port 3389 on the inside, but every scanner in the world still shows the ports as being closed. 

cvisionz wrote:

I have researched the heck out of this and tried everything under the sun to get port forwarding to work on my Actiontec MI424WR Router to work, but no matter what I do, it still won't pass the traffic.  Please note I was previously a Network Engineer by trade, so I do fully understand firewalls, port forwarding, QoS, port triggering, UPNP, etc.  Before I order a new router, I wanted to make one last ditch effort to see if anyone else was having these problems.

For ease of explanation, assume the following:

1.  I am trying to setup Remote Desktop (RDP port 3389) from the Internet

2.  I have set everything to factory default

3.  No other routers or switches are connected, and a direct ethernet connection from my desktop PC to the FIOS router exists.

4.  I am using a standard Windows 7 machine with no third-party firewalls, HIPS, or non-standard antivirus products

5.  I recently had COMCAST with a simple port forwarding rule on their router and everything worked fine.  No changes to the PC or infrastructure (other than new FiOS service) has occured since then.

Troubleshooting done:

1.  Tested that Remote Desktop was working fine on the internal network from different computers connected wirelessly.

2.  Ensured Windows firewall was properly set to accept RDP/3389 connections

3.  Set Port Forwarding for RDP using the built-in application selector for RDP, where you only choose your computer name and the application and click apply.  It automattically adds it to the list.

4.  Clicked apply apply, etc and ensured the status of the new port forwarding rule = ACTIVE.

5.  Tried to remote from external -- timed out.  

6.  From inside the network, different online port scanners showed port 3389 as CLOSED.

7.  Deleted simple rule and created custom rule using the following: 

        -- [Hostname 192.168.1.X]

        -- Source Ports = ANY

        -- Destination Ports = SPECIFY --> 3389

        -- WAN Connection Type = All Broadband Devices

        -- Forward to Port = Same as Incoming Port

        -- Schedule = Always

8.  Clicked apply apply, etc and ensured the status of the new custom port forwarding rule = ACTIVE.

9.  Tried to remote from external -- timed out.  From inside the network, different online port scanners STILL showed port 3389 as CLOSED.

10.  Disabled custom rule and placed Computer in the DMZ.  Apply, apply, etc.  Tried to remote from external -- timed out.  From inside the network, different online port scanners STILL showed port 3389 as CLOSED.

11.  Configured General Firewall Setting to (Low).  Still no works and external port shows closed.

12.  Created custom Port Trigger for application RDP for incoming ports: TCP Any -> 3389.  Still no works and external port shows closed.  Even though it has nothing to do with it, tried setting up for outgoing port trigger TCP 3389.  No works.

13.  Upgraded the firmware on the device.  Rebooted.  Still no works and external port shows closed.

14.  Used UPNP Forwading on PC and checked it was enabled on Router.  Still no works and external port shows closed.

With that all said, is there anything else anyone can think of or tell me about some service that I am not getting because of XYZ reason before I order a replacement router and monkey with setting this all up again??

Thanks in advance,

-cvisionz-

Have you looked at the logs on the router to see if you see the incoming traffic there.

Your rule looks fine, I assume you forwarded tcp AND udp?

should say

TCPany -> 3389

UDPany -> 3389

forward to port same as incoming

schedule always

however I have a 9100em

Personally I change the listener port to something more obscure than 3389.  I have no issue accessing via rdp from the outside to 3 nested levels of routers and subnets.

Two things that need mentioning before this gets closed:

1)  If you are troubleshooting it, the FiOS router security logs (before my ultimate fix) did show the traffic was being allowed and was passed when I tried to hit the ports from an external host, but the client never showed it recieved the packets from the router.  External port scanners still showed the port as closed. In laments, I tried coming in on a particular port, the router saw that it should forward that port and said "good-to-go", but it never actually passed the traffic.

2)  The link for my references were broken.  Try reading the section 2. Secondary DMZ at the following: http://www.dslreports.com/faq/verizonfios/3.0_Networking.  I give major credit to "More Fiber" for putting that FAQ together.

---

@cvisionz wrote:

Unfortunately, I was simplifing the issue-- it seems to do it no matter what port I try to forward.  I've even tried to open port 8080, 22, etc., and redirect it to port 3389 on the inside, but every scanner in the world still shows the ports as being closed. 

---

The port will only show open if you have a listener active on the destination.

---

@cvisionz wrote:

Well... I did finally fix my problem, but it wasn't necessarily what I had envisioned.

After smashing my head against the wall, I did end up getting a replacement router from Verizon-- which the port forwarding still didn't work... but prompted me to solve it in a different way.  It should be noted, there are two distinctly different customer service experiences:  

1) BAD: The second I said the words "router" and "port fowarding not working", the lady said they don't support that sort of thing as it is beyond the scope of their support.  figures....  

2) GOOD: When I told them I did know what I was talking about and it must be the router, the lady gladly said they would replace it, no questions asked. I told her to just ship me a new one, which I recieved next day.  Nice!  

Note: Verizon Support says they only have the newer Actiontec MI424WR (http://tiny.cc/vd79zw) in stock anymore, so if you were trying to get a different model to avoid this problem good luck.

After getting excited and ripping out the old router and putting in the replacement-- port forwarding still didn't work.  But, at least the DMZ portion of the router was working this time...

THE FIX:  Plugged in a third-party router and placed it in the DMZ of the FiOS Actiontec router.  Disabled wireless on FiOS router.  Configured all internal network clients to use third party router for all services.  Left only the TV STB's to use the FiOS router.  Setup port forwarding on MY router, and viola-- magically everything works (to include external sites showing ports were open).  A little more info can be found reading "Secondary DMZ" at the following blog: "http://tiny.cc/ie79zw".  

 

In a nutshell, create your own stand-alone network and use the FiOS router as an Internet Gateway.  Double NAT?  Yes.  Does it work anyway?  Yes.  🙂

Conclusion:  The first router was bad-- if for anything I couldn't get the DMZ to work properly.  More importantly, no matter what anyone tells you, port forwarding does NOT work on all Verizon-branded Actiontec MI424WR routers.  Either Verizon is changing something with it's propriatary firmware that replaces stock Actiontec firmware, or I just happened to have recieved (2) defective routers in a row.  Regardless, I hope someone with the same problem now or in the future finds this post and saves themselves some headaches.

---

Should have asked for a Westell 9100em.  Even though it's a piece of c... port forwarding works fine without the need for use of DMZ

I am so glad I found this article and I am not the only that was having this issue. So annoying. I am good with technology but found this issue making me ask all my sources if I was doing it right - including my neighbor who is a Verizon FiOS something or other. His ports forward fine - but it is because he is using a secondary router on FiOS router.

I suppose I will put my Apple AirPort back on my FiOS router, diable the FiOS wireless and return to using my secondary router, and hopefully forward that way.

Hope this works - got a new baby sitter watching my child tomorrow night. Eyes On HER yo!