[Seeking help] Ports blocked for whatever the reason

[blanked]

Hello everyone, I know I'm new here but I could use some help and there's nowhere else I can really go, besides other forums.

My problem is that something is blocking my pc and I can't really figure what that is, because I am no expert.

I know how to port forward and I've done it before, I don't know when exactly has something changed but apparently all of my ports are suddenly blocked, and I don't know where the problem is.

I am connected to a SMC WBR14-N router, along with a laptop, and 2 more PCs. (I haven't checked yet if the ports there work but I will edit after the post). The last time I had port forward issues was when my Connection type on router was changed on PPPOE I think, now it's set as DHCP Client.

I use no antivirus program and I have recently formatted my PC, disabling firewall on my PC doesn't help either. I assume there's a problem in my router settings but since I am no expert, I prefer to ask here where the problem could be and what to fix.

Thank you for your kind help in advance.

[+BudMan MVC]

And what does your router plug into? Quite often when users port forwarding issues is because they are behind a double nat.

http://canyouseeme.org is a good place to check if your ports are forwarded. Since doing a test from a machine on the inside is not a valid check and is a nat reflection or loopback and not all routers support that anyway.

[blanked]

Thank you for the reply. Yes I forgot to mention that part. My router is connected to a modem, and I am not sure what settings should modem rule in order to everything work correctly. Modem has PPPoE connection type, UPnP is enabled(as well as on router) and firewall disabled. But I wonder if the firewall is disabled on modem, router should be causing the problem or am I wrong?

Canyouseeme.org worked for me in the past but now it says I am disabled on any port I try.

[+BudMan MVC]

"UPnP is enabled(as well as on router)"

That is not a modem, modems don't have firewalls/UPnP support - what you have there is a gateway, modem/router combo.

Look on your WBR14 for what its WAN(internet) IP is - if its 10.x.x.x, 192.168.x.x or 172.16-31.x.x then its behind a NAT (router) and for port forwarding to something behind the WBR14 you would have to forward said port to the WAN(internet) port IP on your WBR14 on your "modem"

This is a double NAT, ie a public IP changed to a private twice (double) This is not normally a setup that you would want - look to see if your modem can be setup in bridge mode. So that your WBR14 gets a PUBLIC IP on it.

Or you could just use your WBR14 as a accesspoint (wireless to your network) - this is done by turning off the dhcp server on your wbr14, and connecting it to your "modem" via a LAN port on your WBR14 -- give the WBR lan an IP on your "modems" network 192.168.?.? and then you can connect to that IP to setup the wireless.

Other option if you really want to use your WBR to control port forwarding is to put the WBR wan IP into the dmz of your "modem"

Again if it does NAT its not a MODEM.. There is a lot of confusion of terms out there with terms. Here is what they should be called.

Modem - changes media type, say cable to ethernet - pubic IP is given to device connected to it.

Router - in the home market this is a device that takes public IP on wan interface and allows multiple devices to plug into it on the lan side using private IPs and share the 1 public IP with multiple computers on private IPs

Gateway - this is combination of modem and router. Most every single ADSL, DSL device sold today is a gateway device. You only normally see true modems in the cable internet market.

These are how these terms should be used when discussing home internet connections for sure. If you tell me you have a modem, I would assume you have a router behind it or only 1 device connected to it which has a public IP on it. Quite often user is doing double nat because what they call a modem in front of their router is really a gateway ;)

If you tell me you have a router I would assume you have a device in front of it. If you tell me you have a gateway tells me you only have 1 device that converts your internet connect to a private network. Rarely have to worry about double nat.

Hope this helps.. I would suggest either putting your "modem" into bridge mode which means it really is just a modem, then your router would handle any PPPoE type logins, or put it into half bridge mode where it does the PPPoE login but puts a public IP on the device connected to it. Or just use your WBR as an access point. The double nat option is not the preferred choice - you can run into issues with things behind double nat. If all your doing is outbound browsing the internet, reading email it works not too much of an issue - but if your going to want to do port forwarding then yeah double nat can be problematic.

I have see triple nat and even quadrupedal nats out there -- because the user keeps connecting routers to add more ports or more wireless when all they really needed was switch or accesspoint, etc.

[blanked]

Thank you BudMan for clarification. I had before running the same setup as I have now, but controlling everything through WBR14. I am not sure when that changed but here I am now, I didn't find any setting on my SpeedTouch to put it into bridge mode, how do I archieve my previous setup again?

[sc302 Veteran]

Lets start by telling us what model equipment you have on your network, we can then bring up instructions for you and walk you through step by step on what to do. or point you in the direction of instructions already made on how to do what you want. unfortunately every manufacturer has a different gui or different command line set to manage their equipment. For example, what I would step you through on a linksys would not be the same on a netgear, or a westell vs a 3com vs a ariens, vs a actiontec, vs etc....

[+BudMan MVC]

What is the make and model of your "modem" And I can look for instructions for bridge mode.

But look on your WBR - what is its wan IP? 192.168.1.100?? For example - if so on your "modem" put 192.168.1.100 in DMZ, or forward the ports you need say 80 to 192.168.1.100 on "modem" Then on WBR forward 80 to the IP you want, say for example 192.168.2.100

You for sure do not want the same network on wan as lan on the WBR.. So make sure if your "modem" is handing out say 192.168.1 that you change your WBR lan network to be something like 192.168.0 or 192.168.2

That is one option, other option is to control port forwards on your "modem" and then just setup the WBR as accesspoint. This would be the option I would use if I could not put the "modem" into bridge mode.

edit: Well take that back - I would never in a million years stick with what the ISP gave me as a router. I would change out the equipment with a normal modem, or a device I could put in bridge mode. If that was not possible then I would change ISPs so that I could get a public IP on the device I want to use as my edge router. So in a sense no I wouldn't being using WBR as accesspoint. But yes if I wanted to add wireless to my network and what I had was a wireless router, then yes I would use it as an accesspoint and not a router. That is what I currently do ;)

[blanked]

My WBR's IP is 192.168.2.xx and my SpeedTouch's("modem") IP is my dynamic IP.

SpeedTouch Information Product Name: ST780 Software Release: 7.4.35.2

[+BudMan MVC]

Ok I found these, but its a bit dated I did not see the manual for the 7.4 so I would think its the same.. Is yours a WL model? either way instructions for this should be the same

So clearly it can do bridge mode -- I would suggest you call your ISP and have them walk you through putting the device in bridge mode.

[blanked]

That SpeedTouch has very little options and I can't put it into bridge mode manually, I just checked my ISP's forums and looks like I will have to call them. So once they put it in bridge mode, it should work like: my all PCs will be connected to a WBR from where I will be controlling everything, and WBR to SpeedTouch modem.

[+BudMan MVC]

Yes if they put your speedtouch into bridge mode, then you can control your port forwards at your WBR, it will have a public IP on its wan. No double nat involved.

[blanked]

I called my ISP and asked for bridge mode, it should work now but it doesn't, or at least canyouseeme.org does not recognize me. What do I do now?

[+BudMan MVC]

So you now have PUBLIC IP on your wbr wan interface?

if so then either your ISP is blocking the port? Many isps block such things as 80 and 25 for example. If not blocking and you have public on your router, then either your port forward is not working. Some routers don't like UPnP enabled while doing manual port forwards for example. Or you just have it forwarding to the wrong IP of the machine inside, or your inside machine is not listening on the port or has a firewall blocking the port, etc.

First step is the verify you have a public IP on the WAN. What port are you wanting to forward? is this port listening on your inside box? Simple to test with netstat -an command on that box, can you connect to your service your trying to forward through your router/firewall to from another machine on your network using the private IP of the machine?

Do you have something setup to be in the DMZ of the wbr - you can not have a dmz host and then forward a different port to different machine etc. Atleast many routers are like this.

You sure you set up the forward correctly on the WBR, and not some port triggering rule?? I see this quite often as well with users trying to setup port forwards. Also the box your forwarding to is connected to the WBR, you don't have some other nat behind your WBR do you?

[blanked]

My wbr ip is still the same: 192.168.2.1 to access router, DMZ is disabled. I am quite sure I forwarded ports correctly since I've done it before and I know how things should be set to work correctly, port is assigned to my local IP without any filters, and canyouseeme.org can't access it.

[+BudMan MVC]

DUDE --- WHAT IS THE WAN IP?? If you saying its 192.168.2 then your still behind a nat, and your speedtouch is NOT in bridge mode.

is the IP address under your status and WAN show a 10.x.x.x or 192.168.x.x or 172.16-31.x.x then your speedtouch is NOT in bridge mode!!

[blanked]

Sorry for the confusion

IP Address : 192.168.1.64

[+BudMan MVC]

Well thats a PRIVATE IP address now isnt it -- so NO your forwards are NEVER going to work.. Because the NAT device in front of it is not sending the ports to 192.168.1.64, since your WBR never sees the traffic - it kind of hard for it to forward it to your 192.168.2.x box that you want to see this traffic now isn't it!

If your ISP told you your speedtouch is in bridge mode -- they are IDIOTS!!! because clearly its NOT! Or your WBR router WAN would be a PUBLIC IP, ie NOT 192.168 or 10.x or 172.16-31

[blanked]

Well they told me they set it to bridge mode and I had to hard reset my SpeedTouch. Sorry for the headaches BudMan but you've been great help to me so far, I will call again tomorrow and ask what the status is and repeat the process if needed.

[+BudMan MVC]

So maybe you didn't HARD reset it and only reset it?